十六进制病毒签名数据库 [英] Hexadecimal virus signatures database

问题描述

在过去几个星期，我正在开发一个简单的病毒扫描程序。它的工作伟大，但我的问题是，任何人知道我可以得到一个数据库（单个文件），包含8000或更多的病毒签名与他们的名字，可能的风险计（高，低，未知）？

解决方案

尝试 ClamAV 数据库。这也包括一些更复杂的签名，但有些只是字节序列。

CVD文件格式是一个带有头块的压缩tar文件;请参阅此处的标题信息，或此PDF 了解详细信息。

它应该能够用

解压缩它。

  dd if = file.cvd bs = 512 skip = 1 | tar zxvf  -  
  

这将解压缩到各种文件的集合;对于具有简单十六进制签名的文件，这些文件将在扩展名为 .db 的文件中找到。并非所有这些签名都是纯的十六进制，其中许多都包含诸如 ?? 用于允许任何字节在这里， * 用于允许在这里允许最多4k个中间字节的允许任何数量的中间字节，（ - 4096） p>

Over the past couple of weeks, I was in the process of developing a simple virus scanner. It works great but my question is does anybody know where I can get a database (a single file) that contains 8000 or more virus signatures WITH their names, and possibly risk meter (high, low, unknown)?

解决方案

Try the ClamAV database. This also includes some more complex signatures, but some are just byte sequences.

The CVD file format is a compressed tar file with a header block attached; see here for header information, or this PDF for the real details.

As I understand it, you should be able to decompress it with

dd if=file.cvd bs=512 skip=1 | tar zxvf -

This will unpack to a collection of various files; for files that have simple hex signatures, these will be found in a file with the extension .db. Not all of these signatures are pure hex -- many of them contain wildcards such as ?? for "allow any byte here", * for "allow any number of intervening bytes here", (-4096) for "allow up to 4k of intervening bytes here", and so forth.

这篇关于十六进制病毒签名数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！