cancel
Showing results for 
Search instead for 
Did you mean: 
hemantk
Level 12
Report Inappropriate Content
Message 1 of 8

Signatures Included in DAT

Hello Everyone.

How to find what virus/malwares/trojan...signatures are included in DAT file

7 Replies

Re: Signatures Included in DAT

Hemant Koli wrote:

Hello Everyone.

How to find what virus/malwares/trojan...signatures are included in DAT file

Hi Hemant,

Try: http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=us

Good luck,

Ron Metzger

hemantk
Level 12
Report Inappropriate Content
Message 3 of 8

Re: Signatures Included in DAT

Hello rmetzger,

Thanks for reply........

I have refered the link, but it shows only new detections..

I want to know what all signatures(new & old) are included in a DAT.

Re: Signatures Included in DAT

Hi Hemant,

Yes, I realized that with my reply.

However, I am not sure of any reputable security company that lists 'All' detections within there signature files. This would open them up to having their processes opened up to the malware writers targeting the very things that the software is designed to protect.

Allowing for some old signatures to be removed from the detection process gives better performance. But informing the outside world that this was done, would lead to malware writers to re-using the now removed detections again. This would lead to never removing a detection and even worse performance, or gutting the protection we users expect.

Good luck,

Ron Metzger

hemantk
Level 12
Report Inappropriate Content
Message 5 of 8

Re: Signatures Included in DAT

Hello rmetzger.

Good One..........

I was just want to know that DNSChanger signatures are Included in DAT???...........

Re: Signatures Included in DAT

Hi Hemant,

Try: http://www.mcafee.com/us/mcafee-labs/threat-intelligence.aspx

Select checkbox for 'Malware Name' and enter DNSChanger for the search.

This should lead to many (1000s) of hits and you may want to narrow the search further.

Each hit should lead to instructions on removal and DAT version inclusion.

Hopefully this helps.

Ron Metzger

hemantk
Level 12
Report Inappropriate Content
Message 7 of 8

Re: Signatures Included in DAT

Hello rmetzger,

This is not helpfull for me because this will only show the DAT numbers when the singnature was added to DAT when the detection discovered.

But i want to know that, does DNSChanger definitions are included in current DAT??>......

Re: Signatures Included in DAT

Hi Hemant,

From my previous post: "Allowing for some old signatures to be removed from the detection process gives better performance. But informing the outside world that this was done, would lead to malware writers to re-using the now removed detections again. This would lead to never removing a detection and even worse performance, or gutting the protection we users expect."

You are asking for information I do not want made Public.

Given the 'age' of DNSchanger, I would be hard pressed to believe that it has been removed. Rather, what new variant has been added, would be my question.

If you are working on a system that has suspected files, I would suggest submitting these files to virustotal.com for verifying whether it is detected, or not.

If you are trying to determine, in general, if a particular malware is detected without having a sample, I would suggest talking to your McAfee Service Rep. for verbal confirmation of the info you need.

A side note: if there are 1000s of hit in the database for a malware, with dates relatively near, my guess is that it has Not been removed from the DAT files.

Ron Metzger