I'd go towards an ndb type signature first. On Thu, Aug 16, 2012 at 10:37 PM, Chatsiri Ratana <insider...@gmail.com>wrote:
> On Thu, Aug 16, 2012 at 8:01 PM, Vishrut Sharma <v.vish...@gmail.com> > wrote: > > > Hi Chatsiri, > > PE section MD5 signatures are more useful than MD5 signatures of the > entire > > file (because it allows the other section of the PE to vary, thus > catching > > more > > samples with a single signature. Moreover, updating becomes easy this > way. > > Hope you got your answer. > > > Hello Vishrut Sharma, > > If not PE type in system, Such as javascript(malicious code) and > another file types. Should we use SHA1, SHA256 and Hexdump? > > Best Regards, > Chatsiri Rattana. > > > > > > On Thu, Aug 16, 2012 at 5:51 PM, Chatsiri Ratana <insider...@gmail.com > > >wrote: > > > > > On Wed, Aug 15, 2012 at 11:35 PM, David Raynor <dray...@sourcefire.com > > > >wrote: > > > > > > > On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana < > insider...@gmail.com > > > > >wrote: > > > > > > > > > Hello Dave R, > > > > > > > > > > 1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 > > > and > > > > > Hexdump types? > > > > > 2) What's estimate signature types of virus load to A-C and B-M > > on > > > > > ClamAV? I see flags --ac-only for loading signature file to A-C > > tires, > > > > But > > > > > I not sure how to selected virus types load to A-C and B-M > algorithms > > > > when > > > > > scanning virus in common mode. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > :-------------------------------------------------------- > > > > > _______________________________________________ > > > > > http://lurker.clamav.net/list/clamav-devel.html > > > > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > > > > > > > > 1) Details on signature formats are in the signatures.pdf included in > > the > > > > docs folder of the source. > > > > > > > Hello Dave R, > > > > > > I not found section in detail of why we selected signature virus is > > MD5 > > > or SHA1 when using Sigtool get signature from binary files. > Signature.pdf > > > present only method for creating signature virus with MD5. > > > > > > Best Regards, > > > Chatsiri Rattana. > > > > > > > > > > 2) This question is a little confusing. If you are asking about > numbers > > > of > > > > signatures, the numbers change daily. If you run clamscan in debug > > mode, > > > it > > > > will report the size and contents of the tries with signature counts > > > > grouped by the filetypes they will scan. There are counts for both BM > > and > > > > AC. > > > > > > > > Hope this helps, > > > > > > > > Dave R. > > > > > > > > -- > > > > --- > > > > Dave Raynor > > > > Sourcefire Vulnerability Research Team > > > > dray...@sourcefire.com > > > > _______________________________________________ > > > > http://lurker.clamav.net/list/clamav-devel.html > > > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > > > > > > > > > > > -- > > > :-------------------------------------------------------- > > > _______________________________________________ > > > http://lurker.clamav.net/list/clamav-devel.html > > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > > > > > > -- > > Vishrut Sharma > > Security Researcher > > Vice Chair, Membership Growth > > and Sustainability Committee, IEEE CS India Council > > --------------------------------- > > Member of ACM, IEEE, > > IEEE Computer Society, DSCI > > --------------------------------- > > URL: *http://member.acm.org/~vishrut1* <http://member.acm.org/~vishrut1> > > _______________________________________________ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > -- > :-------------------------------------------------------- > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
