We have learnt that code emulation will be added in Clamav 0.98. We know that code emulation when used in conjunction with scanning is good at detecting viruses. At the same time it is very resource intensive also and results in the slowdown of computers. How is ClamAV planning to take care of this problem?
Also, the link at http://blog.clamav.net/2011/11/bytecode-signatures-for-polymorphic.html explains how clamav handles polymorphic viruses. Our understanding is that static heuristic analysis of the virus code is being made use of in order to detect the viruses. Is our understanding correct? Also, is there any way to improve upon the current scanning methoods used by ClamAV (Aho- Corasick and Boyer-Moore multipattern matching algos). Can the signature database be arranged in some other way (and not by file type during scanning) in order to further improve the scanning performance? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml