Hi,
This is really a question for db maintainer, but I think it wouldn't hurt for normal user to know about this too.
I'm parsing viruses.db2 (from daily.cvd with sigtool -u) for an application that I'm working on,
and I found multiple signature for several virus names. For example :
Trojan.Clicker.Small-2 (Clam)=616c7061726164652e636f6d2f6367692f636c69636b3f613d34353730363226733d313426703d3100006861636b736f722e657865005b4d41494e5d3a20426f7420737461727465642e000000004465
Trojan.Clicker.Small-2 (Clam)=58450043464941554449542e455845005550444154452e455845004e555047524144452e455845004d435550444154452e4558450000687474703a2f2f706f6c6f626565722e64652f312e6a706700687474703a2f2f7232363236722e64652f312e6a706700687474703a2f2f6b6f6f6c746f6b796f2e72752f312e6a706700687474703a2f2f6d6d61672e72752f312e6a
they are not in adjacent location, so possibly different maintainer add them.
daily.cvd version 450 has 1597 virus signatures, but only 1569 unique names.
How does clamav handle this? Does a pattern have to match both or one of them is enough?
One is enough
If clamav treats them as different virus signature, wouldn't it be best to come up with unique name
for each signature?
In some cases multiple lines are required for a single signature.
In some other cases a temp name is taken form a similar malware and it's subject to change after better investigation is performed.
Last possibility is, as you've guessed, the second db updater added a non-unique name; not a great issue as both signatures are working. Anyway it will be fixed in one of the next updates.
Thanks for poining out.
Regards, acab
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
