7 Replies Latest reply on Jun 16, 2012 12:45 PM by rmetzger
      • 1. Re: Signatures Included in DAT
        rmetzger

        Hemant Koli wrote:

         

        Hello Everyone.

         

        How to find what virus/malwares/trojan...signatures are included in DAT file

        Hi Hemant,

         

        Try: http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=us

         

        Good luck,

        Ron Metzger

        • 2. Re: Signatures Included in DAT
          Hemant Koli

          Hello rmetzger,

           

          Thanks for reply........

           

          I have refered the link, but it shows only new detections..

          I want to know what all signatures(new & old) are included in a DAT.

          • 3. Re: Signatures Included in DAT
            rmetzger

            Hi Hemant,

             

            Yes, I realized that with my reply.

             

            However, I am not sure of any reputable security company that lists 'All' detections within there signature files. This would open them up to having their processes opened up to the malware writers targeting the very things that the software is designed to protect.

             

            Allowing for some old signatures to be removed from the detection process gives better performance. But informing the outside world that this was done, would lead to malware writers to re-using the now removed detections again. This would lead to never removing a detection and even worse performance, or gutting the protection we users expect.

             

            Good luck,

            Ron Metzger

            1 of 1 people found this helpful
            • 4. Re: Signatures Included in DAT
              Hemant Koli

              Hello rmetzger.

               

              Good One..........

               

              I was just want to know that DNSChanger signatures are Included in DAT???...........

              • 5. Re: Signatures Included in DAT
                rmetzger

                Hi Hemant,

                 

                Try: http://www.mcafee.com/us/mcafee-labs/threat-intelligence.aspx

                 

                Select checkbox for 'Malware Name' and enter DNSChanger for the search.

                 

                This should lead to many (1000s) of hits and you may want to narrow the search further.

                 

                Each hit should lead to instructions on removal and DAT version inclusion.

                 

                Hopefully this helps.

                 

                Ron Metzger

                • 6. Re: Signatures Included in DAT
                  Hemant Koli

                  Hello rmetzger,

                   

                  This is not helpfull for me because this will only show the DAT numbers when the singnature was added to DAT when the detection discovered.

                  But i want to know that, does DNSChanger definitions are included in current DAT??>......

                  • 7. Re: Signatures Included in DAT
                    rmetzger

                    Hi Hemant,

                     

                    From my previous post: "Allowing for some old signatures to be removed from the detection process gives better performance. But informing the outside world that this was done, would lead to malware writers to re-using the now removed detections again. This would lead to never removing a detection and even worse performance, or gutting the protection we users expect."

                     

                    You are asking for information I do not want made Public.

                     

                    Given the 'age' of DNSchanger, I would be hard pressed to believe that it has been removed. Rather, what new variant has been added, would be my question.

                     

                    If you are working on a system that has suspected files, I would suggest submitting these files to virustotal.com for verifying whether it is detected, or not.

                     

                    If you are trying to determine, in general, if a particular malware is detected without having a sample, I would suggest talking to your McAfee Service Rep. for verbal confirmation of the info you need.

                     

                    A side note: if there are 1000s of hit in the database for a malware, with dates relatively near, my guess is that it has Not been removed from the DAT files.

                     

                    Ron Metzger