Author Topic: Comodo AV Database update page  (Read 810683 times)

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4589
Re: Comodo AV Database update page
« Reply #2070 on: October 02, 2017, 06:48:58 PM »
If you think wisely, old signatures are taking space on my drive. Old signatures must be in cloud and the most recent, newest malware signatures must be in database. Malwarebytes does this, Avast does this.. they keep last 3 months of samples signatures in their db.
All these 50million signatures running in my RAM.. openin folders with full of .exe files takes time day by day... signatures are growing... Never ending story.. What will happen in 2025 ? 150million signatures as local database, it will be 1GB file  >:-D

We need more generic signatures and powerful heuristics... these are my opinions but Comodo can continue with old techniques..
You're confusing between file signature based on a pattern of bytes (a byte-signature) within a file and a file signature based on its hash (hash-signature).  Read this blog post for  a good overview.

In CIS case, the cloud scanner/cloud AV, is solely on the hash of the file being executed/opened. Whereas the local db contains more than just the hash that makes up the AV signature. So if you get ride of those old local sigs then it would make it easy to bypass detection by changing the file just enough to change its hash, but would still contain the byte-sequence that the local db would have detected had the sig not been removed.

Offline Dennis2

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 9594
Re: Comodo AV Database update page
« Reply #2071 on: October 03, 2017, 04:06:03 AM »
You're confusing between file signature based on a pattern of bytes (a byte-signature) within a file and a file signature based on its hash (hash-signature).  Read this blog post for  a good overview.

In CIS case, the cloud scanner/cloud AV, is solely on the hash of the file being executed/opened. Whereas the local db contains more than just the hash that makes up the AV signature. So if you get ride of those old local sigs then it would make it easy to bypass detection by changing the file just enough to change its hash, but would still contain the byte-sequence that the local db would have detected had the sig not been removed.
So removing old sigs. from the database and expect cloud detection to work the same way does not follow.

Dennis
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System: Centos 7.5 x64, APF, HTTPS Everywhere, ABP, NoScript
 Fedora 28 x64, APF, HTTPS Everywhere, ABP

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo AV Database update page
« Reply #2072 on: October 03, 2017, 03:18:18 PM »
Side bar,

Did anyone notice Cisco released an open source pattern based malware signature maker?

http://www.securityweek.com/cisco-releases-open-source-malware-signature-generator

Might be worth looking into integrating into Comodo??
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline klaken

  • Comodo Family Member
  • ***
  • Posts: 55
Re: Comodo AV Database update page
« Reply #2073 on: February 20, 2018, 08:53:09 AM »
Comodo needs an automatic system for generic signatures.

What happens if the user can choose the size of the signatures?
former:
config AV cis> Signatures

none: Only cloud (like ccav).
light: cloud + generic signatures in local.( I would like it to be by default)
moderate: cloud + generic + malware signatures 1 or 2 months.
complete: All signatures + cloud.
« Last Edit: February 20, 2018, 08:54:45 AM by klaken »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25840
Re: Comodo AV Database update page
« Reply #2074 on: February 20, 2018, 10:43:09 AM »
Comodo already has an automated system for generic signatures.

Offline Felipe Oliveira

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 485
  • Brazilian / Medicine Student / Love Technology
Re: Comodo AV Database update page
« Reply #2075 on: April 08, 2018, 04:18:55 PM »
I totally agree with you, the up-to-date signatures should be kept, and old ones would be removed (just tested on the cloud and re-initiated if needed). We'll start a process soon to clean this up.
Latest Database Version:   28829
Release Date (all times GMT):   8-Apr-2018 10:59:21
Number of Definitions Added Today:   59026
Total Definitions:   54666496

Already in 54 milions.. 6 months already gone.

When are you plan to start the "cleaning" of old signatures for the cloud, ir order to decrease the database size?
Could you create something that automatically throws a malware that has not been detected for years in the COMODO statistics into the cloud? I do not know, something like that.

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 196
Re: Comodo AV Database update page
« Reply #2076 on: April 09, 2018, 12:29:32 AM »
Latest Database Version:   28829
Release Date (all times GMT):   8-Apr-2018 10:59:21
Number of Definitions Added Today:   59026
Total Definitions:   54666496

Already in 54 milions.. 6 months already gone.

When are you plan to start the "cleaning" of old signatures for the cloud, ir order to decrease the database size?
Could you create something that automatically throws a malware that has not been detected for years in the COMODO statistics into the cloud? I do not know, something like that.

Felipe, you're correct that it's been a long time. And thank you for bringing this to attention. We focused on multiple items during the past few months. We have made good progress on some of them and as a result we see better results with our customers as well as having good scores on independent testing programs (i.e av-test selected CIS as Top-product in the latest result).

Still, reducing the base size is critical for us, and I expect to see this happening very soon.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5661
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo AV Database update page
« Reply #2077 on: May 23, 2018, 07:17:40 PM »
Latest Database Version: 29063
Release Date (all times GMT): 23-May-2018 08:29:50
Number of Definitions Added Today: 19239
Total Definitions: 55769724

I remember the old-good days and I realized I missed [at]spywar :'(

Beginning of the year 2013, we hit 15 Millions of signatures

Here we go 15M signs

Latest Database Version: 14973
Release Date (all times GMT): 19-Jan-2013 10:59:26
Number of Definitions Added Today: 31401
Total Definitions: 15009536

End of the year 2013, We hit 26 Millions (almost x2 times more signatures) It was 183MB on drive.
Latest Database Version: 17373
Release Date (all times GMT): 2-Dec-2013 06:59:55
Number of Definitions Added Today: 27441
Total Definitions: 26239383

going up going up ...

Melih promised about the decrease but ...
it will continue to decrease......


Comodo always listens to its users.

Today, in May 2018. We have almost 56 Millions signatures. It costs approx. 375MB place on drive for CIS users.
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5661
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo AV Database update page
« Reply #2078 on: February 02, 2020, 09:21:34 AM »
Hello everyone, too much time and no see. Today I login to my account in forum and I saw CCAV was discontinued. I am very sad because of that decision. I hate to feel that our efforts in it useless now.

Anyway,

Quote
Latest Database Version:   32036
Release Date (all times GMT):   2-Feb-2020 03:58:26
Number of Definitions Added Today:   77.831
Total Definitions:   69.068.563

Today, in Feb 2019. We have almost 70 Millions signatures. It costs approx. 452MB place on drive for CIS users.

Best Regards,
yigido
« Last Edit: February 02, 2020, 09:25:19 AM by yigido »
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek