Re: [Clamav-devel] [clamav-users] Question about .cvd files

2017-04-13 Thread crazy thinker 
if Y System have AV, Virus Could have been caught :P

@Gary

Anyhow All anti-virus vendors  following same statergry just like keeping
all kinds of malware(Linux,unix,unix like os) in single virus database
filr.. any idea on this?

On 13 April 2017 at 11:43, Gary R. Schmidt  wrote:

> On 13/04/2017 15:56, crazy thinker wrote:
>
>> Hi All,
>>
>> I would like to install ClamAV for Windows Desktop Operating System. I
>> know
>> that ClamAV Official Database (.cvd files) contains all kinds of malware
>> in
>> terms of platform specific (Linux,UNIX,Unix Like) in single
>> file(s)(daily.cvd ,main.cvd)  and i heard that unix malware can't effect
>> windows machine  or vice versa. so i would like to separate the windows
>> malware signatures from ClamAV Official database and add them in custom
>> virus database to optimize the  virus database size and to improve windows
>> malware detetcion faster.
>>
>> if my thouhgts and  understanding is wrong, please correct me
>>
>> Any help and suggestions would be appreciated on this
>>
>> You are wrong to want to do this.
>
> Consider the following scenario:
> =
> A file, which is infected with a Y-system-specific virus, arrives on your
> machine, and passes all the checks because you have removed its
> fingerprints from the scanner.
>
> You then copy that file onto a USB stick and give it to a friend who runs
> a Y-system, and they put it in their machine...
>
> Shortly after this, their bank-account is drained, their identity is
> stolen, and it is your fault.
> =
>
> We scan files for any and all sorts of virii, because we don't know where
> the files may end up.
>
> Cheers.
> GaryB-)
> ___
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] [clamav-users] Question about .cvd files

2017-04-13 Thread Gary R. Schmidt 

On 13/04/2017 15:56, crazy thinker wrote:

Hi All,

I would like to install ClamAV for Windows Desktop Operating System. I know
that ClamAV Official Database (.cvd files) contains all kinds of malware in
terms of platform specific (Linux,UNIX,Unix Like) in single
file(s)(daily.cvd ,main.cvd)  and i heard that unix malware can't effect
windows machine  or vice versa. so i would like to separate the windows
malware signatures from ClamAV Official database and add them in custom
virus database to optimize the  virus database size and to improve windows
malware detetcion faster.

if my thouhgts and  understanding is wrong, please correct me

Any help and suggestions would be appreciated on this


You are wrong to want to do this.

Consider the following scenario:
=
A file, which is infected with a Y-system-specific virus, arrives on 
your machine, and passes all the checks because you have removed its 
fingerprints from the scanner.


You then copy that file onto a USB stick and give it to a friend who 
runs a Y-system, and they put it in their machine...


Shortly after this, their bank-account is drained, their identity is 
stolen, and it is your fault.

=

We scan files for any and all sorts of virii, because we don't know 
where the files may end up.


Cheers.
GaryB-)
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] [clamav-users] Question about .cvd files

2017-04-12 Thread crazy thinker 
Hi All,

I would like to install ClamAV for Windows Desktop Operating System. I know
that ClamAV Official Database (.cvd files) contains all kinds of malware in
terms of platform specific (Linux,UNIX,Unix Like) in single
file(s)(daily.cvd ,main.cvd)  and i heard that unix malware can't effect
windows machine  or vice versa. so i would like to separate the windows
malware signatures from ClamAV Official database and add them in custom
virus database to optimize the  virus database size and to improve windows
malware detetcion faster.

if my thouhgts and  understanding is wrong, please correct me

Any help and suggestions would be appreciated on this





On 13 April 2017 at 05:52, Dennis Peterson  wrote:

> The ClamAV product is designed to be used for real time detection with
> mail transport agents and to respond on detection. These mail transport
> agents are capable of delivering malware that will run on any architecture.
> In a perfect world everyone that runs an MTA would test outbound mail for
> malware and block before sending. But that doesn't happen and so we use
> ClamAV for inbound mail for self-protection. Since email service providers
> cannot predict what architecture their users are using they use tools that
> try to protect every architecture and the signatures provide that support.
>
> dp
>
>
> On 4/12/17 9:13 AM, crazy thinker wrote:
>
>> Hi ClamAV  Developer, users
>>
>> I have below Questions on ClamAV Virus Database
>>
>> 1.what information bytecode.cvd contatins?  and how it is useful in
>> malware
>> detection?
>>
>> 2.Why not ClamAV release virus databse in terms of platform specific like
>> Windows,Linux,Mac OS X,Androind,BSD etc? is there any logic behind this?
>>
>>   3.How to  separate malware  signatures  based on target operating system
>> to optimize database size?
>>
>> Could Anyone of you please help me in this.
>> ___
>> clamav-users mailing list
>> clamav-us...@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> ___
> clamav-users mailing list
> clamav-us...@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

Re: [Clamav-devel] [clamav-users] Question about .cvd files

2017-04-12 Thread Joel Esler (jesler) 
1.  bytecode.cvd contains AV signatures written in our bytecode language.  This 
allows us to have very advanced processing of files for detection.
2.  Malware may not be specific to one OS.  Or malware may be copied from OS to 
OS.
3.  I don’t think you’d wan to do this, based upon what I just said in #2.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Apr 12, 2017, at 12:13 PM, crazy thinker 
> wrote:

Hi ClamAV  Developer, users

I have below Questions on ClamAV Virus Database

1.what information bytecode.cvd contatins?  and how it is useful in malware
detection?

2.Why not ClamAV release virus databse in terms of platform specific like
Windows,Linux,Mac OS X,Androind,BSD etc? is there any logic behind this?

3.How to  separate malware  signatures  based on target operating system
to optimize database size?

Could Anyone of you please help me in this.
___
clamav-users mailing list
clamav-us...@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml