@AI Varnell Yes, I have plans to rewrite it from scratch.. you willing to join me ?:)
On 9 May 2017 at 13:08, Al Varnell <alvarn...@mac.com> wrote: > On Tue, May 09, 2017 at 12:29 AM, crazy thinker wrote: > > > > Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now? > > I only know of one. > > All the other heuristic approaches use the primary scanner along with > signatures designed to detect suspicious patterns in file names or coding. > > > what > > are extensions of db files used by ClamAV Heurisitci Engine? > > As I told you on Friday... > > There's a heuristics engine that uses data from the .pdb and .sfp > sections of the database to detect messages from selected financial > institutions that appear to be phishing attempts. > > > Can I > > Increase Heuristic Scan Engine Count ? > > I suspect you would have to write your own. > > -Al- > > > On 9 May 2017 at 12:21, Al Varnell wrote: > > > >> I already answered most of these questions before and after reading "My > >> Understanding" which is totally wrong, it's obvious you have not read > the > >> signature.pdf documentation closely enough to understand an of this. > >> > >> The way you have chosen to classify signatures is completely wrong, > which > >> means the questions you've asked don't make any sense. All signatures in > >> the database are static in that they only change when replaced by a more > >> accurate signature. There is nothing dynamic about any of them. > >> > >> The signature based scanner uses both fixed and variable length > signatures. > >> > >> As I told you before, the heuristics based scanner only checks a limited > >> list of financial institutions for phishing attempts. That only > represents > >> a tiny fraction of what could be considered behavior based malware > >> detection. And the database is used to define what financial > institutions > >> are included as well as the ability to whitelist certain behaviors that > are > >> known to not be a threat. > >> > >> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote: > >>> > >>> Hi ClamAV Developers,Users > >>> > >>> As per My Understnading , Virus Signatures are Classified into two > types > >>> > >>> 1.Static Virus Signatures(short/fixed length virus signatures) > >>> 2.Dynamic Virus Signatures(long length Signatures with Regular > >> Expression) > >>> > >>> So I guess, ClamAV performing both Signature Based Scanning and > >> Heuristic > >>> Based Scanning for Malware Detection Process > >>> > >>> Please find below questions that in my mind > >>> > >>> 1.Does Signature Based Scanner uses only Static Signatures (not > Dynamic > >>> Signatures) ? > >>> 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware > >>> Detection? > >>> 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic > >>> Scanner needs Virus Database? > >>> 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning > >>> Approach and Excluding Signature Based Scanning Approach? > >>> > >>> I would like to get help/suggestions from you guys... > >>> > >>> > >>> Kindly waiting for your reply!!!! > >>> > >>> > >>> Thanks, > >>> Crazy Thinker, Inc > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
