@AI Any Comments from your end on my question in previous mail thread
On 11 May 2017 at 15:33, crazy thinker <crazythinke...@gmail.com> wrote: > @AI > May be my question is a stupid one.. i have a still doubt so want to > clarify my self.. Why Heuristics Scanner need Signature Database when > Heruisitcs Scanning Technique detects malware based on behaviour? > > Can't Heuristic Scanner detects Malware detected by Signature Based > Scanner. if Yes, why not we use Heuristic Scanner alone in AV Software? > > On 11 May 2017 at 14:58, Al Varnell <alvarn...@mac.com> wrote: > >> On Thu, May 11, 2017 at 02:11 AM, crazy thinker wrote: >> > >> > Hi ClamAV Developers, Users >> > >> > SaneSecurtiy and SecruiteInfo provides better virus signature database >> > feeds. with help of this, we can Increase the ClamAV Engine Detection >> Rate >> > up to 80%-90%. I had already integrated ClamAV Enine with unofficial >> > database (excluded official database) in experimental way. ClamAV >> > Performance better than earlier now. I want to rewrite the Engine first >> > from scratch and i am looking for some guys who willing join to work >> with >> > me >> >> How is performance better for you? >> >> > when i debugged ClamAV CodeBase, i am interestingly found that ClamAV >> > Creating 14 Engine Instances Internally. out of 14, one only Heuristic >> > Engine >> >> This is really a developer question, but what are the other engines for >> and how can you say for certain that they are non-heuristic? >> >> > ClamAV providing both Signature Baed Scanner and Heuristic Based >> Scanner. >> > As per my understanding, Signature Based Scanner will never involve in >> > false postive/false negative results. >> >> Not at all true. Signatures are being dropped daily due to reports of >> False Positives. >> >> > But Heuristic scanner some times >> > gives false postive/false negative results. >> >> Heuristic determinations are by their nature warnings based on best guess >> that something can be malware. It's then up to the user to check further to >> determine whether they are or not. False positive/negative has little >> meaning here. >> >> > My Question is All AV Vendors are Including both Signature Based >> Scanner >> > and Heuristic Based Scanner in their Software? for an example, Most >> > Poplular AV Vendors like AVAST, KASPER SKY,AVG,NORTON,SYMANTEC do the >> same >> > thing? >> >> This is a ClamAV user forum, so it would be appropriate to ask that >> question elsewhere. >> >> > I had researched on virus scanning tecniques with the help of google >> > engine..i come to know that heuristic scanning techniques provides >> > better results than traditional signature based scanning.. then why >> ClamAV >> > not created Scanner with Heuristic Scanning Technique Alone? >> > or my thought is wrong ah ? >> >> Define "better." I'd have to guess that signature based scanning results >> in an order of magnitude more detections that any current AI technique >> being used by any vendor, but fixed signatures only work when scanning for >> known malware. AI techniques are most useful against so called zero-day >> malware attacks, so both techniques are necessary for complete protection. >> >> -Al- >> >> > Thanks, >> > Crazy Thinker , Inc >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
