Virus signatures database???

OK just a quick question - I'm still testing Nod32, so anyone could tell me in which file the virus signatures are stored? I'd like to start Nod32 without it

 

You can select a option to scan only using the Heuristic, but it isn't necessary to delete the signature file.

 

Negative. I WANT to use the scanner without the database being physically present, thus I have to delete the database (temporarily of course - by moving it elsewhere).

Which file contains the database? And can the scanner be started without it??

 

The scanner will not start for me without the database file being present in the directory.

 

Darn - that's odd. VERY odd...
Why need the database if only the 'heuristics' and 'advanced heuristics' option are enabled, (ie. the 'signatures' option disabled) ?

I'm sure there MUST be a way to launch thescanner without the database.

But anyways, WHAT IS THE DATABASE FILE?

 

There is no way to start a scanner without database (resource would be more appropriate) file beeing present. The reason is simple. There is only one file with scanner resources - engine, scanstring, all they are stored in one file. You do not have the file, you do not have the music...
The only way is to launch NOD32, go to the settings and uncheck scanstings option... My advice is to list all scanned files in scanlog and add advanced heur...
You can also use command line switches.
The file name is nod32.000.

Regards

 

OK mrtwoman thanx 4 the reply.

But I need to be 100% sure:
can U confirm FOR SURE that the nod32.000 contains not only the virus signatures, but the ENTIRE scanner itself (scanning engine, heuristics, "trans-heuristics", etc...)?

I'm (re)asking that because I thought that at least the scanner & heuristics methods were in a smaller, seperate file, and that nod32.000 was only a database, nothing more - for what are the nod32.00x (with x >= 1) files for ?

 

As far as I know, the .000 gets updated to include the latest updates (incremental updates), and the .002 is for archive support, and the .003 is for the advanced heuristics.. I don't know what (if any) other information is kept in the .000 (the standard heuristics?). Though, if you deselect signature scanning in the interface (or via parameter), signatures will NOT be used while scanning. Some antivirus programs might require you to delete their signature files in order to test the heuristics, with NOD32, just deselect it in the options.

Best regards,
Anders

 

You said it: and this is the ONLY way of knowing for 100% sure that the heuristics are not buggy. Which is why I intend to find out how to do the same with this AV.

See, I ran an interesting test:

Step 1: With nod32.000:

I changed the setup in IMON to cover the heuristics & advanced heuristics ONLY (no signatures) and mailed myself with a known trojan (part of the signatures database) - upon receipt, IMON popped in signaling an "unknown_heur_virus" or something, suggesting that it could detect it without the signatures.

Step 2: Without nod32.000:

I repeated EXACTLY the same test, only this time I moved nod32.000 to the recycled bin, then started the nod kernel & kui - of course, it signaled an error about not being able to load AMON, but IMON was up and running just fine, which means that IMON does not need nod32.000 to work properly, at least with signatures disabled. So with IMON's heuristics and Aheuristics enabled, I mailed myself again - same mail with enclosed trojan - and Lo! upon receipt, THERE WAS NO WARNING from IMON, even though I had left the nod32.002 and nod32.003 (Advanced Heuristics) intact! The only difference with Step 1 was that the signatures (and possibly the standard heuristics, which don't detect this Trojan anyways) had been left out!!!


So you see, you will understand why I'm more curious than ever now on finding out how to test the Heuristics & Adv. Heuristics without the signatures being physically present, as some other AVs require the user to do. Perhaps you could get the info from the Tech support.

Once I get the info I won't pester anyone anymore with this issue. I promise, I'll be nice