On Thu, 2004-10-21 at 14:48, Bogusław Brandys wrote: > Hello, > > Could someone explain why there are sometimes a few signatures for one > malware ? Does it mean that malware has small change and that are MD5 > signatures ?
Well, it depends what the signature is for. > Today was for example submission of > > HTML.Phishing.Auction-1 > HTML.Phishing.Auction-2 > HTML.Phishing.Bank-5 > HTML.Phishing.Bank-6 > These are different signatures (non MD5 in this case) for different instances of phishing emails. So I wouldn't really call that malware. You'll see a lot of sigs like Dialer-135, just because there are a large number of these types of malware, and it's a pain to invent names for them all :-) Occasionally you'll see sigs like Worm.Bagle.AG.2, which may be a second signature to match a different instance of the same malware. -trog
signature.asc
Description: This is a digitally signed message part
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
