On 1/23/13 5:52 PM, "Kaushik Vaidyanathan" wrote: > I had a couple of basic questions: > a) Of the different signature formats in the cvd file(like mdb, ldb, ndb) > which format does clamav use? Does it pick a format(ldb, mdb, ndb > etc.) depending on the nature of the file under inspection? > It uses all of them, but some are format dependant.
> b) I guess ldb files are tough to create automatically. If thats true, then > is the ldb file as complete as the mdb file? > My impression is that there is little, if any automation involved in the creation of a signature. I believe they are all done manually and then checked thorough an automated process. > c) Which signature database(ldb or ndb or mdb etc.) is best tradeoff > between size of database Vs false positives? > They serve different purposes, so I don't understand what sort of tradeoff you would be interested in, if there are even statistics available to determine the answer. Have you read through the documentation at <http://www.clamav.net/doc/webinars/Webinar-Alain-2009-03-04.pdf> and <http://www.clamav.net/doc/latest/signatures.pdf>? -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
