I am trying to understand how the anti-virus software create/manage the virus signatures.
This article gives me some idea how the signature is created. When a new virus is found, you can run a 'decoy' program to collect as much as possible variance of the virus, and then compare them to get the candidate signatures. In order to avoid 'false positive', the candidate signature may run against a large volume of the good data to obtain unique signature for the virus.
Here is another blog regarding how to create the clamav signatures. A detail explain to eicar virus test file.
A nice web site regarding the virus analysis.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment