Where do I find or create database of malware signatures and whilelisted applications for my av

Jack Ford

New Member
Thread author
Aug 1, 2017
1
Where do I find or create database of whilelisted applications, vendors or publishers AWL for my antivirus.

I'm developing a antivirus based on clam av, but has too limited database.
I need more data to make it robust.
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
Interesting.
Why are you developing an AV? Is it for a college project or something?
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Yeah, as Brod asks, why are you wanting to make your own?
When you're talking about too limited database, are you indicating their whitelist or their signatures engine? If it's the signature engine, you can find that quite a few AV vendors have been using Bitdefender engine (Zonealarm uses Kaspersky). Though it will need a good budget, that's one of the best ways to start.

Regarding lists of trusted vendors/applications, different AV vendors have been formulating their list in various ways from what is much known.
Some started with a small list of famous vendors that could be easily trusted and then went on adding new vendors as they discovered. Some AV vendors gather data about more and more vendors/their digital certificates from their worldwide clients running programs of such vendors.
Comodo issues SSL certificates to clients you know. Also different software developers can get their signatures added to the Comodo Security products so that those can be trusted after verification. There might be better sources too. I'm not sure if they directly get this data from other institutions, that needs trust and collaboration.
All this is how some renowned AV vendors add to their trusted list. The whitelisting approach they adopt is mainly through the huge database of files they have due to their reach. Those files could be analysed by their analysts, their automated ML analysers or via crowd (user) preferences or a mix of these.

To answer your needs, I'm not sure how 'you' can 'directly get such a list'. Many aspiring devs usually incorporate their in-house engines and some external engines and start primarily with signatures and BB only. Some gather hash/file data from sites like VirusTotal, also incorporate the VT API for multi-engine results. A simple way to know how to get these trusted files/vendors list via contacting such devs who've already done this.
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
I rather: Don't start programming your own Anti-Virus. I have a much better idea: You could develope a programm that supports a Anti-Virus like Appguard, AppCheck or so. I have many ideas for that type of programs but I don't wanna to tell that to the world :p Collecting signatures and implementing them is difficult.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I rather: Don't start programming your own Anti-Virus. I have a much better idea: You could develope a programm that supports a Anti-Virus like Appguard, AppCheck or so.
+1 unless the OP is working on a college project. Still he can go for better alternatives if he finds it cool and do security research / attempt to develop non-mainstream program that can be useful complementation.
Collecting signatures and implementing them is difficult.
Using other engines and VT API is easier. However if one is serious about developing an AV, tremendous efforts in research and development, maintenance, and support resolutions will be needed. Many vendors are far established to be even challenged.
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
+1 unless the OP is working on a college project. Still he can go for better alternatives and do security research or attempt to develop non-mainstream apps that can be useful complementations.

Using other engines and VT API is easier. However if one is serious about developing an AV, tremendous efforts in research and development, maintenance, and support resolutions will be needed. Many vendors are far established to be even challenged.

Collecting signatures on your own is difficult. If you have the money then you can buy of course the access to VirusTotal's API.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top