Question about signature database details

Discussion in 'NOD32 version 2 Forum' started by pykko, Nov 11, 2005.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I've seen that since version 1.1280 on Virus signatures database page after some viruses there is a number...

    e.g. :Win32/Spy.Banbra.DT (2), Win32/Spy.Bancos.U (2), Win32/Spy.Banker (3), Win32/Spy.Banker.ACT (2),....

    What are these numbers:2,3 in brackets represent ?

    Thx!
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    thx, webyourbusiness. I haven't noticed your thread. ;)
     
  4. Happy Bytes

    Happy Bytes Guest

    you said there in this thread:

    These are actual different things.
    A Worm, Trojan or whatever can have multiply parts.
    So you have to add for each part a signature.

    Example: BagleDownloader. Executable ( the dropper ) is one part and Downloader (the DLL file) is another part. So 2 Signatures needed to detect one threat.

    D, I, S are version numbers. This can include also subsignatures for each version of different version parts :rolleyes:
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Ahaa, good to know. Thanks :D
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank HB, appreciated.

    Cheers :D
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    nice, HB! That made me understood the whole thing. :p
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.