- Feb 5, 2016
- 163
What database engine AV companies uses for their malware database. "sqlite, Access, Excell 
, csv, realm" or something else ?
, csv, realm" or something else ?
AV DB Engine
- Thread starter Mr.NoName
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Feb 25, 2017
- 2,585
In my view, I think it is difficult to know the exact answer to this, more likely a Mysql, PostgreSQL or some database that focuses on Security without hindering performance.What database engine AV companies uses for their malware database. "sqlite, Access, Excell
- Sep 2, 2021
- 2,586
Yes, the community is good
Either people haven't seen it, or they don't know.
We are humans, not a robot... --'
Except for our great Robot @RoboMan, father of all robots, destroyer of all chains, slayer of all dragons...
- Sep 2, 2021
- 2,586
- Jan 16, 2017
- 1,469
@struppigel might be the best one around to ask since he works for G Data.
- Dec 30, 2012
- 4,809
I'm sure someone will answer your query in time
- Apr 9, 2020
- 667
What exactly do you mean with malware database?What database engine AV companies uses for their malware database. "sqlite, Access, Excell
Are you referring to malware signatures or blocklists in the engine?
Or is this a question about backend systems?
And why is this important?
- Feb 5, 2016
- 163
That is the interesting what is this magical database
- Feb 5, 2016
- 163
Virus stand alone database that is loaded into the usher system when he install let's say G-Data. Because as i know you can't depend only on cloud engine.... You need to have database inside the product with regular signature updates.
- Apr 11, 2020
- 305
What an interesting topic! Hope to learn more from this topic
- Apr 9, 2020
- 667
So you are referring to the signature database on the client with the patterns, hashes, and scripts that are checked by the scanning engine?
Those are usually custom-made formats to optimize performance and RAM usage and also to avoid making it obvious for malware devs how the signatures look like.
Edit: If you want to see an open source example, check out Yara and its compiled signature database.
- Feb 5, 2016
- 163
Yes i know yara and i am working with it. the interesting part is the to store this rules or hashes in db... After runing a few test's with app that i build with SQLITE in memory db and about 30 million hashes i get fast reading and writing but the cpu performace was even higher than read write time
... About 25 to 50% of Amd ryzen 16 thread's cpu. So my question is if you can give us some advice how to make our own format just to see if there is going to be a difference between Sqlite and costume made format.
- Apr 9, 2020
- 667
I am a malware analyst. In my daily work I program mostly just short scripts for malware deobfuscation and I have not much to do with engine development. So this is not something I am experienced in.Yes i know yara and i am working with it. the interesting part is the to store this rules or hashes in db... After runing a few test's with app that i build with SQLITE in memory db and about 30 million hashes i get fast reading and writing but the cpu performace was even higher than read write time
- Dec 23, 2014
- 8,510
You probably asked the wrong question. It is not especially important what format has the database as a file on disk. A more important question is how the data from this file looks in the memory (RAM) and how the AV access the data from this memory. Interesting information about how AVs can manage such data can be found somewhere on the web, for example: US8745743B2 - Anti-virus trusted files database - Google Patents
- Sep 2, 2021
- 2,586
- Apr 24, 2016
- 7,259
Similar threads
