Hi Edwin,
Thanks for your reply. I am doing a Masters degree for which the research
is analyzing & investigating malware. I am interested in evaluating algorithms
used in anti-virus software, but just investigating whether this is a
possibility at the moment. The research projects goal is to define a problem
domain, a scenario in which the problem to be investigated exists. Within this
problem domain, a research question is posed. This is the question that the
project will seek to answer.
I enabled DevAVOnly and only the AC signatures appear to be loaded when
the config file is reread but when I do a scan of some files the debug
information appears to suggest that BM signatures are loaded for GENERIC and
PE. What should DevACDepth be set to? How is prefiltering disabled?
If AC is used for signatures containing wildcards and BM is used for
signatures without wildcards is it possible to scan using just one type of
signature and test the performance of each algorithm that way?
Regards,
Jerry
> Date: Mon, 11 Jul 2011 10:28:30 +0300
> From: edwinto...@gmail.com
> To: clamav-devel@lists.clamav.net
> Subject: Re: [Clamav-devel] ClamAV Algorithms
>
> On 2011-07-11 01:00, Jerry 270 wrote:
> >
> > Hi,
> >
> > I am a newbie to ClamAV so require help please. I am doing a research
> > project and would like to evaluate the BM and AC algorithms used by ClamAV.
> > Is there anyway to get ClamAV to use either BM or AC on their own so
> > scanning speed tests can be conducted for each algorithm separately? I
> > have read on this list that you can't get BM to run on its own.
> >
> > What is the best way to compare the two algorithms and can someone give
> > me more information on how ClamAV uses or chooses between BM and AC please?
> >
>
> There are some AC/BM discussion in the archive, see for example:
> http://lurker.clamav.net/message/20100426.103047.eb6fd9d0.en.html
> http://lurker.clamav.net/message/20100427.131931.b705e603.en.html
> http://lurker.clamav.net/message/20081204.212941.c9fa45c2.en.html
>
> You can use DevACOnly to use only the AC algorithm for everything (there is
> no equivalent for BM),
>
> Other than that you can use tools such as 'oprofile', or 'perf record / perf
> report' to see how much time
> is spent in functions from matcher-ac.c and how much time in those from
> matcher-bm.c.
>
> Also note that there is the prefiltering step too, if you want to measure
> just the AC/BM performance, you should disable that
> (although you'll loose performance by doing so).
>
> What are your research project's goals?
>
> Best regards,
> --Edwin
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
