TT Livescan Database Update 9-23-09

Discussion in 'Anti-Virus' started by idbeholda, Sep 24, 2009.

  1. idbeholda

    idbeholda Guest

    The online database now contains 4613270 definitions for malware.

    http://www.tot-ltd.org/TT-Livescan.rar

    Enjoy.
     
    idbeholda, Sep 24, 2009
    #1
    1. Advertisements

  2. That's an impressive number, especially if you add the commas.

    4,613,270

    Whew - but what does it mean?

    Does "malware" share a one-to-one correspondence with malware
    "definitions"?

    ....or are there instances where one definition can "detect" more than
    one "malware" or is there certain malware that more than one
    "definition" will suffice to detect? Are all those definitions for
    "identification", for "detection", or a mix of both?
     
    FromTheRafters, Sep 24, 2009
    #2
    1. Advertisements

  3. idbeholda

    idbeholda Guest

    Depends on how you want to look at it. 4163270 is in correspondence
    with the number of md5 hashes, or "definitions".
     
    idbeholda, Sep 24, 2009
    #3
  4. Depends on how you want to look at it. 4163270 is in correspondence
    with the number of md5 hashes, or "definitions".

    So detection is based entirely on md5 hashes of known malicious files?
     
    FromTheRafters, Sep 24, 2009
    #4
  5. From: "T.H" <>



    | To FTR and the other regular posters in these newsgroups...

    | What does the community say as to this TT Livescan application? I have
    | not seen Leythos, Lipman, or others who are held in high regard remark
    | on this utility. Is it a worthwhile addition to tools such as
    | Malwarebytes' and SAS?

    | What do the folks think?

    | Thanks.

    | My referenced individual list is not exhaustive...just a few people who
    | post regular quality comments. I will also mention Malke gets high marks...

    I have NOT tested it but, at the same time, I will not reject it (at this time).
     
    David H. Lipman, Sep 24, 2009
    #5
  6. idbeholda

    Toxic Guest

    But Dave's so ubiquitous here,
    as if presence connotes expertise,
    Yet you seem to be suggesting otherwise?
     
    Toxic, Sep 25, 2009
    #6
  7. idbeholda

    idbeholda Guest

    Yes, the primary method of detection and identification is based on
    md5 hashes. I gather the md5 hashes primarily from google's malware
    blacklist, clamav.net's database, along with countless other sites
    that openly publish and distribute their lists for all to make use
    of. As of right now, the database is approximately 223MB in size,
    with each category from 0000 to FFFF spread across 65536 files, each
    ranging anywhere from 2-8KB in size. When a drive is mapped, it only
    grabs the sections of the database it needs to check. Unfortunately,
    the server that this is hosted on does have an upper limit in the
    number of files allowed in a given directory.

    The private, unreleased version that I have installed for my own use
    is approximately 13GB in size, but can scan almost any system
    (regardless of how much data is installed) in less than 3.5 minutes,
    as opposed to the 10-15 minutes or less scantimes that TT Livescan
    offers at the moment. Until I can find a provider that allows a
    limitless number of files in a given directory, this aforementioned
    private version will not likely see the light of day anytime soon.

    There is also optional user defined heuristics scanning (yes, you can
    design and include your own heuristics). In addition, if you know the
    commandlines to other scanners you have installed, you can also
    implement them as plugins. There is also an option for parental
    control scanning based which can also be customized, and you can even
    design your own skin for the scanner as well.

    With low internet latency (hence why I do not recommend this
    application for those who use satellite internet), TT Livescan can
    process up to 50GB of data per minute. As of yesterday, with the
    newest database update, the total number of md5 hashes now stands at
    4627060, and once I get the data pulled from my temporarily defunct
    laptop, and both versions of the database cross referenced, that total
    will stand at nearly 5 million hashes used to implement detection of
    malware.

    The next planned major release of new database implementations
    (sometime within the next 6 months, spare time allowed) will include a
    heuristics file approximately 600k in size that will offer comparable
    detection rates to the database itself. In addition to that, I plan
    to also release a whitelist database used for integrity checking of
    the operating system currently installed, thus adding an additional
    layer of detection and defense.

    If there are any further questions that anyone has, feel free to drop
    me a line. You all know my email address.
     
    idbeholda, Sep 25, 2009
    #7
  8. Yes, the primary method of detection and identification is based on
    md5 hashes. I gather the md5 hashes primarily from google's malware
    blacklist, clamav.net's database, along with countless other sites
    that openly publish and distribute their lists for all to make use
    of. As of right now, the database is approximately 223MB in size,
    with each category from 0000 to FFFF spread across 65536 files, each
    ranging anywhere from 2-8KB in size. When a drive is mapped, it only
    grabs the sections of the database it needs to check. Unfortunately,
    the server that this is hosted on does have an upper limit in the
    number of files allowed in a given directory.

    The private, unreleased version that I have installed for my own use
    is approximately 13GB in size, but can scan almost any system
    (regardless of how much data is installed) in less than 3.5 minutes,
    as opposed to the 10-15 minutes or less scantimes that TT Livescan
    offers at the moment. Until I can find a provider that allows a
    limitless number of files in a given directory, this aforementioned
    private version will not likely see the light of day anytime soon.

    There is also optional user defined heuristics scanning (yes, you can
    design and include your own heuristics). In addition, if you know the
    commandlines to other scanners you have installed, you can also
    implement them as plugins. There is also an option for parental
    control scanning based which can also be customized, and you can even
    design your own skin for the scanner as well.

    With low internet latency (hence why I do not recommend this
    application for those who use satellite internet), TT Livescan can
    process up to 50GB of data per minute. As of yesterday, with the
    newest database update, the total number of md5 hashes now stands at
    4627060, and once I get the data pulled from my temporarily defunct
    laptop, and both versions of the database cross referenced, that total
    will stand at nearly 5 million hashes used to implement detection of
    malware.

    The next planned major release of new database implementations
    (sometime within the next 6 months, spare time allowed) will include a
    heuristics file approximately 600k in size that will offer comparable
    detection rates to the database itself. In addition to that, I plan
    to also release a whitelist database used for integrity checking of
    the operating system currently installed, thus adding an additional
    layer of detection and defense.

    If there are any further questions that anyone has, feel free to drop
    me a line. You all know my email address.

    ***
    Thank you for the explanation.

    ....and good luck with your ongoing project - it sounds very interesting.
     
    FromTheRafters, Sep 28, 2009
    #8
  9. That's why I was asking questions. From the answers I got I feel the
    program is at least a legitimate attempt to help people fight malware.
    The number of "definitions" may well be a good measure of how many
    malware programs it addresses of the type it is designed to address, and
    according to the OP it allows you to 'plug in' additional scanning of
    your choice (a nice touch).

    Still, context scanning has its benefits. Especially in the specific
    identification of malware.
     
    FromTheRafters, Sep 28, 2009
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.