I was looking at the size of all the EM###_32.DAT files and found them to be just about 22MB in size. Furthermore, it seems 2MB EM009_32 is used for SysInspector.

~20 MB for the full AV DB? how does ESET do it? Other major antivirus vendors seem to be passing 50-60MB!

I'm not looking for specific codde explaining how, but a general explanation would be nice (ie we use 'generalized method' and 'xxxyyy compression').

AV vendors use different techniques for detecting malware. One may use much less signatures to cover much more threats than AVs with large databases. This also reduces memory consumption as the whole db must be loaded in memory on the AV program's startup.

I see your title is ESET moderator. I appreciate the response, but is there any official answer to some techniques used? I am curious to the inner workings of the NOD32 system.

I've been stuck with corporate Symantec and McAfee and they work fine in business, but for all my home/small business users I've been pointing to ESET. One of my clients asked me this same question... what makes NOD so different... as today, all of the major AV researchers and programmers should have the $ and resources to improve their product into 'next generation' tech.

It's advanced heuristics that emulates the code and thus enables the researchers to create effective generic signatures which can cover thousands of similar variants.