- Aug 8, 2013
- 2,818
Some people may notice that BAV "loves" to copy ESET & Kasperskys' Detection Name.
In fact, on the one hand, you' re right, the name are so similar and sometimes are the same.
But on the other hand, it' s just copy ESET and Kasperskys' Detection Name, not their virus database[Copy others' VDB may be illegal
, and we have to do reserve engineering to analyse the structure of others' VDB, it costs lots of time, and it' s not worthy and moral]
About "Cloud Security", a simple description of how it works is:"Calc hash of file -> Check it in Cloud Database[a hash with a virus-name] -> Return result"
The Cloud Database relys on virus-analyse-machine & virus collection, how can we get a large number of virus? Human contributes few percents, most are from machine(by using Spider, virus-exchange, etc)
1.virus-exchange
Example:https://www.opswat.com/partners/metascan-engine-suppliers
"Once your scanning engine is included in Metascan Online, you will be eligible to receive virus samples to help your engine discover potential false positives and false negatives."
VirusTotal, VirScan, etc... are the same.
Also, virus-exchange can happen on two(or more) av-vendors.
2.a virus-name
When we get a large number of virus, after analyse(human or machine), if it was analysed by a human, we would get a accurate virus-name[Most of the time][In fact, BAV Team is a small team, 100+ (less than 200) members], but when it was analysed by machine, it' s not easy to get a accurate virus-name.
As I mentioned before, we can get virus samples from Online-Scan-Site, we can also get others' result. So, we can use others' name as our detection name, but it' s just a name(with a hash or [something I mentioned later]).
Using others' detection name is not a long-term solution, so we have developed some techs(In order to save manpowers, haha~)
[something I mentioned later]
Micro-Signature, it' s similar to hash but not the same. Sometimes you changed the file's hash, but BAV still can detect it by using Cloud Engine. It can save time and manpowers, but has few FPs.
That' s all.
BTW: Due to strategy changes, if you are newly installed BAV 5.3.2.100074, you may not use BAV's Sandbox normally, please try to uninstall and reinstall 5.2 version, and this bug will be fixed ASAP(Maybe you have to reinstall a newer beta version), sorry for the inconvenience.
In fact, on the one hand, you' re right, the name are so similar and sometimes are the same.
But on the other hand, it' s just copy ESET and Kasperskys' Detection Name, not their virus database[Copy others' VDB may be illegal
, and we have to do reserve engineering to analyse the structure of others' VDB, it costs lots of time, and it' s not worthy and moral]About "Cloud Security", a simple description of how it works is:"Calc hash of file -> Check it in Cloud Database[a hash with a virus-name] -> Return result"
The Cloud Database relys on virus-analyse-machine & virus collection, how can we get a large number of virus? Human contributes few percents, most are from machine(by using Spider, virus-exchange, etc)
1.virus-exchange
Example:https://www.opswat.com/partners/metascan-engine-suppliers
"Once your scanning engine is included in Metascan Online, you will be eligible to receive virus samples to help your engine discover potential false positives and false negatives."
VirusTotal, VirScan, etc... are the same.
Also, virus-exchange can happen on two(or more) av-vendors.
2.a virus-name
When we get a large number of virus, after analyse(human or machine), if it was analysed by a human, we would get a accurate virus-name[Most of the time][In fact, BAV Team is a small team, 100+ (less than 200) members], but when it was analysed by machine, it' s not easy to get a accurate virus-name.
As I mentioned before, we can get virus samples from Online-Scan-Site, we can also get others' result. So, we can use others' name as our detection name, but it' s just a name(with a hash or [something I mentioned later]).
Using others' detection name is not a long-term solution, so we have developed some techs(In order to save manpowers, haha~)
[something I mentioned later]
Micro-Signature, it' s similar to hash but not the same. Sometimes you changed the file's hash, but BAV still can detect it by using Cloud Engine. It can save time and manpowers, but has few FPs.
That' s all.
BTW: Due to strategy changes, if you are newly installed BAV 5.3.2.100074, you may not use BAV's Sandbox normally, please try to uninstall and reinstall 5.2 version, and this bug will be fixed ASAP(Maybe you have to reinstall a newer beta version), sorry for the inconvenience.
Last edited:
