[Clamav-devel] Question about threads

Hi ClamAV Developers, ClamAV Users what will happen if I configure more than 2 threads(for say example , I keep MaxThreads attribute value 10 in clamd.conf) on Dual Core Processor Systems. How exactly ClamAV (clamd) will work in this kind of scenarios? Kindly waiting for knowledgable info

[Clamav-devel] Question about Heuristic Scanning and Signature Based Scanning

Hi ClamAV Developers,Users As per My Understnading , Virus Signatures are Classified into two types 1.Static Virus Signatures(short/fixed length virus signatures) 2.Dynamic Virus Signatures(long length Signatures with Regular Expression) So I guess, ClamAV performing both Signature Based

[Clamav-devel] Question about LibClamAV Library

Hi ClamAV Developers, I have compiled the ClamAV source code on Mac OS X and investigating libclamav.dylib and libclamav.7.dylib internal files information for my curiousity.. Surprisingly i got below info when i ran grep with some pattern *admin-macbookPro-2:clamav-devel-0.99.2

Re: [Clamav-devel] Question about LibClamAV

Hi ClamAV Developers, Users Sorry.. i missed proper info in my previous mail thread.. please find correct info below I have compiled the ClamAV source code on Mac OS X and investigating libclamav.dylib and libclamav.7.dylib internal files information for my curiousity.. Surprisingly i got

[Clamav-devel] Question about LibClamAV

Hi ClamAV Developers, Users I have compiled the ClamAV source code on Mac OS X and investigating libclamav.dylib and libclamav.7.dylib internal files information for my curiousity.. Surprisingly i got below info when i ran grep with some pattern *admin-macbookPro-2:clamav-devel-0.99.2

[Clamav-devel] Question about .cvd files

Hi ClamAV Developer, users I have below Questions on ClamAV Virus Database 1.what information bytecode.cvd contatins? and how it is useful in malware detection? 2.Why not ClamAV release virus databse in terms of platform specific like Windows,Linux,Mac OS X,Androind,BSD etc? is there any

Re: [Clamav-devel] Question have an about LibClamAV.dll

, April 11, 2017 12:31 AM To: ClamAV Development <clamav-devel@lists.clamav.net> Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll Thanks for your quick response. I believe that, I can start from this point. Sent using Boxer On Apr 11, 2017 12:23 AM, Brandon Perry <bpe

Re: [Clamav-devel] Question have an about LibClamAV.dll

the value to "cl_scandesc" Native method. Am I right?. > > Yes, I believe that’s correct. > >> >> >> Regards, >> Suresh Shanmugam. >> >> -Original Message- >> From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] O

Re: [Clamav-devel] Question have an about LibClamAV.dll

nmugam. >> >> -Original Message- >> From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] On Behalf >> Of Brandon Perry >> Sent: Monday, April 10, 2017 9:12 PM >> To: ClamAV Development <clamav-devel@lists.clamav.net> >&

Re: [Clamav-devel] Question have an about LibClamAV.dll

10, 2017 9:12 PM > To: ClamAV Development <clamav-devel@lists.clamav.net> > Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll > > >> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent) >> <suresh.shanmu...@conduent.com> wrote: >> >&

Re: [Clamav-devel] Question have an about LibClamAV.dll

lf > Of Brandon Perry > Sent: Monday, April 10, 2017 9:12 PM > To: ClamAV Development <clamav-devel@lists.clamav.net> > Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll > > >> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent) >> <suresh.shanm

Re: [Clamav-devel] Question have an about LibClamAV.dll

- From: clamav-devel [mailto:clamav-devel-boun...@lists.clamav.net] On Behalf Of Brandon Perry Sent: Monday, April 10, 2017 9:12 PM To: ClamAV Development <clamav-devel@lists.clamav.net> Subject: Re: [Clamav-devel] Question have an about LibClamAV.dll > On Apr 10, 2017, at 9:00 AM

Re: [Clamav-devel] Question have an about LibClamAV.dll

> On Apr 10, 2017, at 9:00 AM, Shanmugam, Suresh (Conduent) > wrote: > > Hi Developers, > > I've an query about doing the scan using byte[] help of LibClamAV.dll(win32). > If anyone know the methods to pass the byte[] provide the details?. > > Note: > I able

[Clamav-devel] Question have an about LibClamAV.dll

Hi Developers, I've an query about doing the scan using byte[] help of LibClamAV.dll(win32). If anyone know the methods to pass the byte[] provide the details?. Note: I able to do the scan a physical path file. But not able to do with byte[]. Please help me. Regards, Suresh Shanmugam.

[Clamav-devel] Question about detection of malware types

Hi ClamAV User, Developer I like ClamAV tool and have below question does ClamAV able to detect below malware types? *1.adware* *2.spyware* *3.virus* *4.torjan* *5.worm* *6.rootkit* *7.backdoors* *8.keyloggers* *9.rouge security software* *10.ransomware* *11.browser hijacker*

[Clamav-devel] Question about Repairing infected files

Hi All, It is known that ClamAV uses Pattern Matching to Catch infected files. In this case,Can We use Pattern Removal Statergy to repair infected files. could anyone of you help me to get steps that follow for repairing infected files ___

[Clamav-devel] Question about mpool_malloc() error on 0.97.8

We have a question about mpool_malloc() error of version 0.97.8, as follows. We know this error is caused by small value of fragsz[](defined libclamav/mpool.c). Is this understanding correct? Is there any reason why it doesnot stop unusually (abnormally), when the error was happened. (It seems

[Clamav-devel] Question about ClamAV Engine

Hi all, I am doing research on anti-virus engines. for my research , i downloaded clamav source code and built from source. when i debugged source code,i came to know that ClamAV internally 14 Engine instances for pefrom Scanning files against virus db files Could any one of you know, why

[Clamav-devel] Question about Virus DB

Hi all, I have a doubt regarding virus db files. why ClamAV team providing common database for paltforms like windows linux and mac os x. why not they provide virus database files based on platform specific. is there any specific reason behind this? i am very curious about know it. Thanks,

[Clamav-devel] Question on Bloom fliter

Hi all, I am browsing clam av source code and i think currently clam av using bloom fliter data-structure in pre-filtering step. could some one help me to understand internal logic of signature stoarge in depth what information bloom fliter contains about virus signature? and does full

Re: [Clamav-devel] Question about matcher-bm.c

On Wed, Aug 15, 2012 at 11:35 PM, David Raynor dray...@sourcefire.comwrote: On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana insider...@gmail.com wrote: Hello Dave R, 1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 and Hexdump types? 2) What's estimate

Re: [Clamav-devel] Question about matcher-bm.c

Hi Chatsiri, PE section MD5 signatures are more useful than MD5 signatures of the entire file (because it allows the other section of the PE to vary, thus catching more samples with a single signature. Moreover, updating becomes easy this way. Hope you got your answer. On Thu, Aug 16, 2012 at

Re: [Clamav-devel] Question about matcher-bm.c

On Thu, Aug 16, 2012 at 8:01 PM, Vishrut Sharma v.vish...@gmail.com wrote: Hi Chatsiri, PE section MD5 signatures are more useful than MD5 signatures of the entire file (because it allows the other section of the PE to vary, thus catching more samples with a single signature. Moreover,

Re: [Clamav-devel] Question about matcher-bm.c

On Wed, Jul 4, 2012 at 4:25 AM, David Raynor dray...@sourcefire.com wrote: On Mon, Jul 2, 2012 at 5:07 PM, Alexandre Dias lexx...@gmail.com wrote: Hello, I'm studying multi-pattern matching and I was browsing the source code for ClamAV's implementation of a multi-pattern matcher

Re: [Clamav-devel] Question about matcher-bm.c

On Wed, Aug 15, 2012 at 6:58 AM, Chatsiri Ratana insider...@gmail.comwrote: Hello Dave R, 1) How to ClamAV categories virus signature in SHA1, SHA256, MD5 and Hexdump types? 2) What's estimate signature types of virus load to A-C and B-M on ClamAV? I see flags --ac-only for loading

Re: [Clamav-devel] Question about matcher-bm.c

On Mon, Jul 2, 2012 at 5:07 PM, Alexandre Dias lexx...@gmail.com wrote: Hello, I'm studying multi-pattern matching and I was browsing the source code for ClamAV's implementation of a multi-pattern matcher (Wu-Maber based) algorithm. I've got a question regarding the block and minimum size

[Clamav-devel] Question about matcher-bm.c

Hello, I'm studying multi-pattern matching and I was browsing the source code for ClamAV's implementation of a multi-pattern matcher (Wu-Maber based) algorithm. I've got a question regarding the block and minimum size values. At the moment, both the block size and the minimum pattern length are

Re: [Clamav-devel] Question about wildcards ?? and {n} in signatures

On Wed Mar 07 2012 01:21:25 GMT+0100 (CET) Alexandre Dias lexx...@gmail.com wrote: Hello, I am doing my Msc thesis work in pattern matching, and I am using ClamAV's signature database. I've got a question about two specific wildcards that are stated in the signatures.pdf file (titled

Re: [Clamav-devel] question about the database in clamav

On Thu, 26 Aug 2010 19:33:44 -0700 (PDT) outstandingcandy outstandingca...@gmail.com wrote: Hi all! Does anybody know what is the following signature mean (especially the last two sections)? VBS.Redlof-1:3:*:666f73b2079706f735b695d3d79:0:26 See signatures.pdf, the last two are minimum

[Clamav-devel] question about the database in clamav

Hi all! Does anybody know what is the following signature mean (especially the last two sections)? VBS.Redlof-1:3:*:666f73b2079706f735b695d3d79:0:26 2010-08-27 outstandingcandy - 定时提醒您处理邮件、高效办公不费心，请用网易闪电邮（fm.163.com）！

Re: [Clamav-devel] [QUESTION] How does clamAV updates the signature database on-the-fly?

On 7/28/2010 6:18 PM, thyago wrote: I'm researching ways of updating a signature database on-the-fly, so the way clamAV does it, can really help me out... I mean, what structures are there? how is it implemented? Is there a data structure used to store the signatures on memory? If so, how

Re: [Clamav-devel] [QUESTION] How does clamAV updates the signature database on-the-fly?

/** * @file /magma/providers/external/clamav.c * * @brief Interface for the ClamAV library. * * $Author: Ladar Levison $ * $Date: 2010/08/13 10:32:38 $ * $Revision: ecaee526d4ba88a141c5b889dd023b13c05c2654 $ // Scan the message. The OLE code has a bug in it that causes

Re: [Clamav-devel] [QUESTION] How does clamAV updates the signature database on-the-fly?

On 8/14/2010 3:19 AM, Török Edwin wrote: // Scan the message. The OLE code has a bug in it that causes segfaults. What bug ?? That comment was related to a bug I found in Feb/2008 and v0.92.1, but has long since been patched. See this email thread for details:

Re: [Clamav-devel] [QUESTION] How does clamAV updates the signature database on-the-fly?

On 8/14/2010 5:30 AM, Török Edwin wrote: Heuristics.Phishing.* will not stop the scan, and report only if nothing else is found. Other engine detections could be changed to behave the same way. Signature based detections however always stop on first match, and that is not configurable. If you

[Clamav-devel] [QUESTION] How does clamAV updates the signature database on-the-fly?

I'm researching ways of updating a signature database on-the-fly, so the way clamAV does it, can really help me out... I mean, what structures are there? how is it implemented? Is there a data structure used to store the signatures on memory? If so, how exactly is it updated? what type of data

Re: [Clamav-devel] Question

Hi Edwin, On Apr 27, 2010, at 7:19 AM, Török Edwin wrote: On 04/26/2010 10:20 PM, Mohammed Al-Saleh wrote: Hi Edwin, Thanks for your reply. I need to know the cases where ClamAV has performance bottlenecks or issues. The best way to do that is by measuring it. Read the last part of

Re: [Clamav-devel] Question

On 05/18/2010 09:09 PM, Mohammed Al-Saleh wrote: Hi Edwin, On Apr 27, 2010, at 7:19 AM, Török Edwin wrote: On 04/26/2010 10:20 PM, Mohammed Al-Saleh wrote: Hi Edwin, Thanks for your reply. I need to know the cases where ClamAV has performance bottlenecks or issues. The best way to do

Re: [Clamav-devel] Question

On 04/24/2010 11:39 PM, Mohammed Al-Saleh wrote: Does ClamAV use Aho-Corasick algorithm to match files against static signatures and Boyer-Moore against signatures that have *'s and ??'s ? No it is not as simple as that, and it is usually the other way around. read the cli_parse_add()

[Clamav-devel] Question

Does ClamAV use Aho-Corasick algorithm to match files against static signatures and Boyer-Moore against signatures that have *'s and ??'s ? Thanks much, ~Moe ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our

Re: [Clamav-devel] Question about STREAM scanning

--- Calin A. Culianu [EMAIL PROTECTED] wrote: On Mon, 14 Mar 2005, John Giammarche wrote: Hello everyone and thanks for reading my message. I want to use clamd to scan files that are uploaded to a Java Servlet. So far, I've connected to clamd and clamd answered the PORT that I

Re: [Clamav-devel] Question about STREAM scanning

--- John Giammarche [EMAIL PROTECTED] wrote: --- Calin A. Culianu [EMAIL PROTECTED] wrote: On Mon, 14 Mar 2005, John Giammarche wrote: Hello everyone and thanks for reading my message. I want to use clamd to scan files that are uploaded to a Java Servlet. So far, I've

Re: [Clamav-devel] Question about STREAM scanning

--- Calin A. Culianu [EMAIL PROTECTED] wrote: On Tue, 15 Mar 2005, John Giammarche wrote: Well, then I have another problem. I have a file that is known to be infected with a virus. It's the ps executable from a server, inside a .tar.bz2. Scanned in the console, the

RE: [Clamav-devel] Question about STREAM scanning

-8871 x4322 - 480-215-5218 (Cell) Original Message Subject: [Clamav-devel] Question about STREAM scanning From: John Giammarche [EMAIL PROTECTED] Date: Mon, March 14, 2005 2:15 pm To: ClamAV Development clamav-devel@lists.clamav.net Hello everyone and thanks

Re: [Clamav-devel] Question about STREAM scanning

On Mon, 14 Mar 2005, John Giammarche wrote: Hello everyone and thanks for reading my message. I want to use clamd to scan files that are uploaded to a Java Servlet. So far, I've connected to clamd and clamd answered the PORT that I should connect to send the file. So far so good. When I connect to

[Clamav-devel] Question about clam.exe sample signature

Hi, Is clam.exe test signature a MD5 one ? How many MD5 signatures are in database ? Is this kind of signatures become be useless if memory scan would be implemented ? Just wondering Boguslaw Brandys ___

[Clamav-devel] Question about GMP support in clamav

Hi, Could somebody (probably from developers team) tell me if GMP library is used in clamav only for CVD file verification or it's wrong assumption ? Is it used in scanning or MD5 signatures support also? I found only that is used in cli_versig function, but I 'd like to be sure.Working with

Re: [Clamav-devel] Question about GMP support in clamav

On Thu, 04 Nov 2004 12:12:19 +0100 Bogus³aw Brandys [EMAIL PROTECTED] wrote: Hi, Could somebody (probably from developers team) tell me if GMP library is used in clamav only for CVD file verification or it's wrong Yes, it is. assumption ? Is it used in scanning or MD5 signatures support

Re: [Clamav-devel] Question about GMP support in clamav

Tomasz Kojm wrote: On Thu, 04 Nov 2004 12:12:19 +0100 Bogusaw Brandys [EMAIL PROTECTED] wrote: Hi, Could somebody (probably from developers team) tell me if GMP library is used in clamav only for CVD file verification or it's wrong Yes, it is. assumption ? Is it used in scanning or MD5

Re: [Clamav-devel] Question about GMP support in clamav

Bogusaw Brandys schrieb: No so big, becouse I can use DLL file generated under mingw+Msys using freshclam sources :-) Anyway libclamav should be ported to MSVC , becouse there is no other choice for file system driver development to implement on-access scanner for Windows NT/XP. Why? The DDK

Re: [Clamav-devel] Question about GMP support in clamav

On Thu, 04 Nov 2004 14:28:05 +0100 Bogus³aw Brandys [EMAIL PROTECTED] wrote: A lack of GMP support would be a BIG BUG. No so big, becouse I can use DLL file generated under mingw+Msys using I must re-state it: a lack of digital signature verification would be a terrible shortcoming. --