Re: [clamav-users] some questions about malware statistics
> On Dec 23, 2013, at 10:58, "黄海涛" wrote: > > 1.http://www.clamav.net/rss/clamsigs-top10.rss, what's statistical duration? > one month? Not sure. This was left over from the old ClamAV team and we haven't redone it yet. Yes, we have plans to. > 2.can I get all rankings but not top 10. > 3.can I get a statistics of latest one year(or latest six months) but not > last 7 days. > 4.can I get a list of statistics for every day(where I can get the history > rankings but not only today) ? Again, we are planning on completely overhauling the stats system. > 5.why I can't find some signatures from daily.cld or main.cld which is in > rankings (clamsigs-top10.rss), > for example: > Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net, > Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.ne, > Heuristics.Phishing.Email.SpoofedDomain, > BC.Heuristic.Trojan.SusPacked.BF-6.A. I think someone else answered this. > > > 6.can you tell me what is the relationship between Win.Trojan.Agent-595936 > and Win.Trojan.Agent? > main.cld contain 390906 signatures whose virus name contain > "Win.Trojan.Agent", what is the relationship of them? > in addition, trojan.agent,trojan.downloader,trojan.spy,win.trojan.fakeav ... The number is sequential. That means that there are that many viruses named that exact name in the system. > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] some questions about malware statistics
On Mon, Dec 23, 2013 at 07:26 AM, 黄海涛 wrote: > 5.why I can't find some signatures from daily.cld or main.cld which is in > rankings (clamsigs-top10.rss), > for example: > Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net, > Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.ne, > Heuristics.Phishing.Email.SpoofedDomain, > BC.Heuristic.Trojan.SusPacked.BF-6.A. By definition, heuristic detections are not signature based. They are determined by analyzing certain formats for something suspicious using a special heuristics engine. You should not find any "safebrowsing" signatures in main.c*d or daily.c*d as they aren't' supplied by ClamAV® You should not find any "BC" signatures in main.c*d or daily.c*d as they are in bytecode.c*d -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] some questions about malware statistics
1.http://www.clamav.net/rss/clamsigs-top10.rss, what's statistical duration? one month? 2.can I get all rankings but not top 10. 3.can I get a statistics of latest one year(or latest six months) but not last 7 days. 4.can I get a list of statistics for every day(where I can get the history rankings but not only today) ? 5.why I can't find some signatures from daily.cld or main.cld which is in rankings (clamsigs-top10.rss), for example: Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net, Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.ne, Heuristics.Phishing.Email.SpoofedDomain, BC.Heuristic.Trojan.SusPacked.BF-6.A. 6.can you tell me what is the relationship between Win.Trojan.Agent-595936 and Win.Trojan.Agent? main.cld contain 390906 signatures whose virus name contain "Win.Trojan.Agent", what is the relationship of them? in addition, trojan.agent,trojan.downloader,trojan.spy,win.trojan.fakeav ... ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml