Thanks Al. That helps a lot in understanding what each .cvd file is and how it gets used.
On Mon, Jan 28, 2013 at 11:53 AM, Al Varnell <alvarn...@mac.com> wrote: > On 1/28/13 10:41 AM, "Kaushik Vaidyanathan" wrote: > > > Hi > > > > Can someone help me understand what each cvd file(main, daily, > safebrowsing > > and bytecode) capture? > > The main and daily files serve essentially the same purpose. When the > daily > gets to be too large for efficient distribution, it is added to the main > and > restarted. In the past this has occurred perhaps once a year. > > The bytecode signatures are more complex, allowing for more refined > analysis > of file contents. A number of them seem to be targetted against documented > CVE's <http://cve.mitre.org/about/faqs.html>. > > As I understand it, safebrowsing is a database of blacklisted URL's > provided > by Google <https://developers.google.com/safe-browsing/> > > > I am interested in understanding how the signature > > counts have been increasing over the years. How can I go about coming up > > with the total number of signatures clamav would use during its scan? > > > You can observe the raw number of signatures at any given time by visiting > the ClamAV home page <http://www.clamav.net/> but adding them up will not > necessarily give you the total number used during a scan. That would > depend > on what options you have turned on in the clamd.conf file or enabled in the > command line for clamscan (e.g. PUA, bytecode, safebrowsing). > > In the summary of each scan the entry "Known viruses:" tells you how many > signatures were loaded when conducting that scan. > > > -Al- > > -- > Al Varnell > Mountain View, CA > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
