Over 1.1 Million Signatures and Comodo's Database continues to grow rapidly!

As per this post:

1,013,164 signatures since Jan 18th
1,110,674 signatures since Jan 21st
1,140,630 signatures since Jan 23rd
1,197,747 signatures since Jan 27th
1,294,070 signatures since Feb 4th

There would be more now obviously. But this just goes to show… How fast the malware database is growing, and at this rate… what can we all expect in 3 months or so? One big fat database!

I think this is the fastest Ive seen. over 100,000 samples added in 3 days is pretty impressive… Don’t you guys reckon? Well done Comodo, And a HUGE Congratulations to all the users who sent an amazing amount of samples to them! :slight_smile: Awesome stuff!



What are the main sources of signatures? CIMA? Files submitted from My Pending files? Incidental donations of malware collectors? Just nosy… (:NRD)

in 1 year the have over 5 million signatures and this will be without different variants of 1 piece of malware, with this amount they will be in the top 3! hmmm… :THNK

many users are helping with submissions, we have places like virustotal are sending us samples, we have our own ways of collecting and some collobration with other security companies.

Please keep the malware coming… the more we see, the less they can harm :wink:


is this why the updates have been taking longer lately? ;D


There are more to come!!
This is amazing!!!

Wow! 100,000 in a matter of days. That’s amazing! :BNC

How many of these signatures are currently included with CIS (both 3.5 and beta2 AV Db2)?

Thanks Josh. Interesting to see how it evolves.

Melih, any plans to send CIS to testers like AV-Comparatives and VB100% ?

I’m quite wondering this too, I think CIS will handle everything pretty well these days :■■■■

Most of the test require heuristics in the products. So perhaps after the new beta comes out we can start sending it to the tests :slight_smile:


Agree with Xan sending it without heuristic would be suicidal!

But will be nice to see how well it scores! (:NRD) (:NRD)



But then again, packer detection would only make loads of false positives…

a lot of FP’s have been corrected in the last beta and I’m sure they will even work further to make sure these come as close to 0 as possible…


Hm… Every ■■■■■-patcher is defined as malware-patcher. Is it really malware? Of cause, no! FP? Probably, so.

From the previous post: as close to 0 as possible… DREAM!!!

P.S. please, don’t say ■■■■■ is malware…

Even though cracks are illegal, they aren’t malware and every antivirus thats detecting it and not willing to fix the false positive is bad in my eyes. If their excuse is the fact that they are cracks, well thats a bad one. Anyone could just add it to exclusions. What’s worse is that some are indeed infected or just a replica of real malware and so users can’t know for sure. And we all know we’ll never prevent users from downloading cracks, keygens and patches…

A generic signature based AV will rate most patches as susp or flag it as malware because they have a line or multiple lines of code similar as a malware family. that is way most AVs rate patches as Trojan.Generic or something like that. For the AV they are malware as they open and inject code to another file.

This is very true. Especially when you just bought a game and want to get a nocd or nodvd patch for it. This is very common. I remember using Avira a while back and it detected about 5 games I had with this nocd ■■■■■ or patch. I had to check these executables to virustotal to feel safe that they were FP. When I used Avast, I never had these types of FP’s.