Hi Chatsiri, PE section MD5 signatures are more useful than MD5 signatures of the entire file (because it allows the other section of the PE to vary, thus catching more samples with a single signature. Moreover, updating becomes easy this way. Hope you got your answer.
On Thu, Aug 16, 2012 at 5:51 PM, Chatsiri Ratana <insider...@gmail.com>wrote: > On Wed, Aug 15, 2012 at 11:35 PM, David Raynor <dray...@sourcefire.com > >wrote: > > > On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana <insider...@gmail.com > > >wrote: > > > > > Hello Dave R, > > > > > > 1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 > and > > > Hexdump types? > > > 2) What's estimate signature types of virus load to A-C and B-M on > > > ClamAV? I see flags --ac-only for loading signature file to A-C tires, > > But > > > I not sure how to selected virus types load to A-C and B-M algorithms > > when > > > scanning virus in common mode. > > > > > > > > > > > > > > > -- > > > :-------------------------------------------------------- > > > _______________________________________________ > > > http://lurker.clamav.net/list/clamav-devel.html > > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > > 1) Details on signature formats are in the signatures.pdf included in the > > docs folder of the source. > > > Hello Dave R, > > I not found section in detail of why we selected signature virus is MD5 > or SHA1 when using Sigtool get signature from binary files. Signature.pdf > present only method for creating signature virus with MD5. > > Best Regards, > Chatsiri Rattana. > > > > 2) This question is a little confusing. If you are asking about numbers > of > > signatures, the numbers change daily. If you run clamscan in debug mode, > it > > will report the size and contents of the tries with signature counts > > grouped by the filetypes they will scan. There are counts for both BM and > > AC. > > > > Hope this helps, > > > > Dave R. > > > > -- > > --- > > Dave Raynor > > Sourcefire Vulnerability Research Team > > dray...@sourcefire.com > > _______________________________________________ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > -- > :-------------------------------------------------------- > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > -- Vishrut Sharma Security Researcher Vice Chair, Membership Growth and Sustainability Committee, IEEE CS India Council --------------------------------- Member of ACM, IEEE, IEEE Computer Society, DSCI --------------------------------- URL: *http://member.acm.org/~vishrut1* <http://member.acm.org/~vishrut1> _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
