Re: Sigs Order
Mohammed Al-Saleh <moealsaleh <at> gmail.com>
2010-06-06 12:19:06 GMT
Thanks for your kind replies.
I think the order of viruses matters when you add them to the BM linked
lists (in cli_bm_addpatt function).
The code tries to avoid hash collision in the first phase. So, one signature
could cause another to have a different place in the linked lists.
2010/6/6 Török Edwin <edwin <at> clamav.net>
> On 06/06/2010 11:00 AM, Mohammed Al-Saleh wrote:
> > Hi,
> > Are new viruses always added to the end of the database files (in both
> > main.* and daily.*)?
> > From few samples, I see that new viruses are appended to the DB files,
> but I
> > need to get confirmed that this always (or not necessarily) happens.
> For daily.cvd most of the time yes, since this way the .cdiff updates
> are smaller.
> However if a signature is removed and a new one is added, then the new
> signature will replace the old one (i.e. it will be at the same line as
> the old one was, not at the end).
> So there is not guarantee where new signatures will end up, but the
> order of signatures doesn't matter anyway.