On 1/28/13 10:41 AM, "Kaushik Vaidyanathan" wrote: > Hi > > Can someone help me understand what each cvd file(main, daily, safebrowsing > and bytecode) capture?
The main and daily files serve essentially the same purpose. When the daily gets to be too large for efficient distribution, it is added to the main and restarted. In the past this has occurred perhaps once a year. The bytecode signatures are more complex, allowing for more refined analysis of file contents. A number of them seem to be targetted against documented CVE's <http://cve.mitre.org/about/faqs.html>. As I understand it, safebrowsing is a database of blacklisted URL's provided by Google <https://developers.google.com/safe-browsing/> > I am interested in understanding how the signature > counts have been increasing over the years. How can I go about coming up > with the total number of signatures clamav would use during its scan? > You can observe the raw number of signatures at any given time by visiting the ClamAV home page <http://www.clamav.net/> but adding them up will not necessarily give you the total number used during a scan. That would depend on what options you have turned on in the clamd.conf file or enabled in the command line for clamscan (e.g. PUA, bytecode, safebrowsing). In the summary of each scan the entry "Known viruses:" tells you how many signatures were loaded when conducting that scan. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
