Dear Member List,
I have faced with an antivirus project which uses Clam signatures. For checking
if a new suspicious file is virus or benign (signature matching phase), it acts
as follows.
If the file is PE Then
Compare it with .hdb & .mdb signatures
If it hasn't yet detected as virus Then
Compare it with .db & .ndb signatures
The writer is sure that this procedure is correct, but as I know .hdb
signatures aren't limited to PE files and therefore this signature matching
procedure decreases the accuracy considerably.
I would be very grateful if you help me.
Best Regards
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
