dallas7 Posted February 24, 2011 Report Share Posted February 24, 2011 The hidden geek inside of you will enjoy this from the edge of the ImmuClam Galaxy: How do you know which engine detected the file?* if the virusname starts with "W32." then it is a cloud detection * if it starts with "W32.SPERO.", it is a cloud detection from the SPERO heuristic engine * if it starts with "W32.ETHOS.", it is a cloud detection from the ETHOS heuristic engine * if it starts with "W32.Clam.", it is a file that was detected by ClamAV on the cloud * if it starts with "Clam.", it is a local ClamAV detection * if it starts with "Clam." and ends with ".UNOFFICIAL", then it is your custom signature There's a ton of neat stuff over there: http://blog.clamav.net/ And that includes some rather detailed and interesting info on how Immunet does its thing. @Immunet: •Is there a similar report string for BitDefender? •Is my understanding correct in that the local ClamAV database is in the scan loop ONLY if offline? Thank you! Link to comment Share on other sites More sharing options...
dallas7 Posted March 6, 2011 Author Report Share Posted March 6, 2011 Thanks. Got somewhat cleared up. How about this again: •Is there a similar report string for BitDefender? Link to comment Share on other sites More sharing options...
Guest mokito Posted March 7, 2011 Report Share Posted March 7, 2011 that should be a tetra detection in case of bitdefender engine Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.