On Sunday 24 August 2003 2:23 am, Yuval Kogman wrote: (I've moved this over to the discussion list from the database announce list)
> Is there any project to create automated signatures via a database? > > I've recently tried to write a script for fun, which, like sigtool, > creates minimal signatures for viral files. > > There is lots to optimise - pregenerate several files, in a > multithreaded architechture, use biased binary searches (proportional > searches or other), mmap files, etc. Yes, I think a basic versin of such a tool would be useful, however I'm not sure it's worth going to the extent you're talking about here? (However I know that once you start programming something, it can be difficult to avoid making it as effective and efficient as you can, just to do a "good job"!) > My question is - does anybody see a need for this kind of thing? It may > be useful in case of an outbreak, when certain vendors have already > posted updates, but no one from the clam developers is available. Not in those circumstances, no - I think in the event of an outbreak almost any signature will do - it doesn't have to be a particularly efficient one, nor does it need to be produced from an automated tool which can produce lots of signatures for different viruses quickly and easily - after all, in an outbreak, we're usually only talking about one virus, which you get lots of samples of. > Otherwise, i don't see a real reason except for the slow, automated, > historical completion of the clamav virus database. I would certainly like to see (or produce) a tool which can take a batch of viruses, a few other antivirus engines, and create ClamAV signatures for them; the only thing I wonder about is how clever and complex the programming for that really needs to be (threading, mmapping etc). The more we can do to get ClamAV to match up to all the other antivirus systems the better. Just my two penn'orth. Antony. -- How I want a drink, alcoholic of course, after the heavy chapters involving quantum mechanics. - 3.14159265358979 ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
