Question about signature database details

Discussion in 'NOD32 version 2 Forum' started by pykko, Nov 11, 2005.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I've seen that since version 1.1280 on Virus signatures database page after some viruses there is a number...

    e.g. :Win32/Spy.Banbra.DT (2), Win32/Spy.Bancos.U (2), Win32/Spy.Banker (3), Win32/Spy.Banker.ACT (2),....

    What are these numbers:2,3 in brackets represent ?

    Thx!
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    thx, webyourbusiness. I haven't noticed your thread. ;)
     
  4. Happy Bytes

    Happy Bytes Guest

    you said there in this thread:

    These are actual different things.
    A Worm, Trojan or whatever can have multiply parts.
    So you have to add for each part a signature.

    Example: BagleDownloader. Executable ( the dropper ) is one part and Downloader (the DLL file) is another part. So 2 Signatures needed to detect one threat.

    D, I, S are version numbers. This can include also subsignatures for each version of different version parts :rolleyes:
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ahaa, good to know. Thanks :D
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank HB, appreciated.

    Cheers :D
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    nice, HB! That made me understood the whole thing. :p
     
Thread Status:
Not open for further replies.