Q&A AV DB Engine

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
160
You probably asked the wrong question. It is not especially important what format has the database as a file on disk. A more important question is how the data from this file looks in the memory (RAM) and how the AV access the data from this memory. Interesting information about how AVs can manage such data can be found somewhere on the web, for example: US8745743B2 - Anti-virus trusted files database - Google Patents
Interesting.... Why we all not make something out like i see that in this community there are many people with huge exp in DevOps, Malware reversing and even Big Data. This is not the first time i am saying this but we could stack over. And work on building for start a free product. It dosent matter if it's going to be free or something else. We could people all around the world to fight malware. Or even better make honepot or any kaind of malware detection sytem and help other Av's to work and detect better.
 

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,810
... And work on building for start a free product. It dosent matter if it's going to be free or something else. We could people all around the world to fight malware.
Look closely at MT threads. Some people here do this for several years (information, applications, malware samples, postinfection help, etc).(y)
 

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
160
I know. You should start such a project, but this will also require a lot of resources and time.(y)
That's why we need all of you! If one persion is working on this project about 10 years with old tech. But if 30 persons work for 1 hour a day. it's less than 2 years or even sooner. I'm open to work. if someone have the time or idea of joining PM me.
 
  • Like
Reactions: Andy Ful

Mr.NoName

Level 4
Thread author
Verified
Feb 5, 2016
160
Tried to look at some open-source antivirus engines. The famous one, clam av, probably has what you want.
Clam av is old tech and not that efficient. I'm talking about behavioral monitoring, heurisric, yara and ML.Test it if you want now cisco is maintaining it ClamAVNet