On Tue, May 09, 2017 at 12:29 AM, crazy thinker wrote: > > Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now?
I only know of one. All the other heuristic approaches use the primary scanner along with signatures designed to detect suspicious patterns in file names or coding. > what > are extensions of db files used by ClamAV Heurisitci Engine? As I told you on Friday... > There's a heuristics engine that uses data from the .pdb and .sfp sections of > the database to detect messages from selected financial institutions that > appear to be phishing attempts. > Can I > Increase Heuristic Scan Engine Count ? I suspect you would have to write your own. -Al- > On 9 May 2017 at 12:21, Al Varnell wrote: > >> I already answered most of these questions before and after reading "My >> Understanding" which is totally wrong, it's obvious you have not read the >> signature.pdf documentation closely enough to understand an of this. >> >> The way you have chosen to classify signatures is completely wrong, which >> means the questions you've asked don't make any sense. All signatures in >> the database are static in that they only change when replaced by a more >> accurate signature. There is nothing dynamic about any of them. >> >> The signature based scanner uses both fixed and variable length signatures. >> >> As I told you before, the heuristics based scanner only checks a limited >> list of financial institutions for phishing attempts. That only represents >> a tiny fraction of what could be considered behavior based malware >> detection. And the database is used to define what financial institutions >> are included as well as the ability to whitelist certain behaviors that are >> known to not be a threat. >> >> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote: >>> >>> Hi ClamAV Developers,Users >>> >>> As per My Understnading , Virus Signatures are Classified into two types >>> >>> 1.Static Virus Signatures(short/fixed length virus signatures) >>> 2.Dynamic Virus Signatures(long length Signatures with Regular >> Expression) >>> >>> So I guess, ClamAV performing both Signature Based Scanning and >> Heuristic >>> Based Scanning for Malware Detection Process >>> >>> Please find below questions that in my mind >>> >>> 1.Does Signature Based Scanner uses only Static Signatures (not Dynamic >>> Signatures) ? >>> 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware >>> Detection? >>> 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic >>> Scanner needs Virus Database? >>> 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning >>> Approach and Excluding Signature Based Scanning Approach? >>> >>> I would like to get help/suggestions from you guys... >>> >>> >>> Kindly waiting for your reply!!!! >>> >>> >>> Thanks, >>> Crazy Thinker, Inc
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
