Makes sense. Thanks Dave
On Mon, Feb 25, 2013 at 5:00 PM, Al Varnell <alvarn...@mac.com> wrote: > On 2/25/13 4:01 PM, "David Raynor" wrote: > > > On Mon, Feb 25, 2013 at 4:47 PM, Kaushik Vaidyanathan < > > kvaid...@andrew.cmu.edu> wrote: > > > >> Hi > >> > >> I have a basic question. When I run clamscan with --debug option I see > that > >> #AC sigs and #BM sigs reported for the different engines clamscan > spawns. > >> If I add the AC and BM for all engines its somewhere around 110K-120K > >> signatures, > >> > >> However I see the sigtool info report for main.cvd and daily.cvd report > >> close a 1M and 800K signatures respectively. > >> > >> I guess there is a difference in the definition of the word "signature" > but > >> I am unable to figure out what it is. > >> > >> Thank you! > >> _______________________________________________ > >> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >> http://www.clamav.net/support/ml > >> > > > > In short, there are signatures that are not AC type or BM type. So the > > difference in definition you refer to is summed up in this equation: AC > > signatures + BM signatures < ALL signatures > > > > The largest group is full-file hash signatures (from the HDB & MDB-style > > signatures). If you use sigtool to unpack the CVD files, you will see > that > > main.mdb and daily.mdb are the largest files inside each CVD. That is the > > biggest part of the difference. The true "all signatures" count is > printed > > out in the "Known viruses" line of clamscan's output. > > > > Dave R. > > > I was lead to believe the "Known viruses" line of the clamscan output > represents all _loaded_ signatures, which may not include optional > signatures such as PUA. > > > -Al- > > -- > Al Varnell > Mountain View, CA > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
