Focus on Virus
RE: Extracting signature snippets from AV databases May 08 2006 09:56PM
Bill Stout (bill stout greenborder com) (2 replies)
Hi Jose,

I'm familiar with EICAR. However I'd like to trigger signatures across
the board.

Ultimately I'd like to run a real malware test, but that can only be
done in an isolated lab, and that requires a continuous investment of
time and money to insure the collection is up to date.

http://www.av-test.org/ is another possibility, but I have no contacts
there, and it's somewhat isolated proof (can't touch the environment,
and it's a run-once deal).

Bill Stout

-----Original Message-----
From: Jose Nazario [mailto:jose (at) monkey (dot) org [email concealed]]
Sent: Monday, May 08, 2006 2:42 PM
To: Bill Stout
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Extracting signature snippets from AV databases

On Mon, 8 May 2006, Bill Stout wrote:

> Has this been done already? Are specific signatures a 'secret sauce'?

EICAR. http://www.eicar.org/anti_virus_test_file.htm
SPYCAR. http://www.spycar.org/Welcome%20to%20Spycar.html

hope that helps.

________
jose nazario, ph.d. jose (at) monkey (dot) org [email concealed]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/

[ reply ]
Re: Extracting signature snippets from AV databases May 09 2006 07:58PM
Yuri Slobodyanyuk (yurisk inbox ru) (1 replies)
Re: Extracting signature snippets from AV databases May 09 2006 10:53PM
Nick FitzGerald (nick virus-l demon co uk)
Re: Extracting signature snippets from AV databases May 09 2006 03:04PM
Kenneth Bechtel (kbechtel teamanti-virus org)


 

Privacy Statement
Copyright 2010, SecurityFocus