Over the past couple of weeks, I was in the process of developing a simple virus scanner. It works great but my question is does anybody know where I can get a database (a s
Try the ClamAV database. This also includes some more complex signatures, but some are just byte sequences.
The CVD file format is a compressed tar file with a header block attached; see here for header information, or this PDF for the real details.
As I understand it, you should be able to decompress it with
dd if=file.cvd bs=512 skip=1 | tar zxvf -
This will unpack to a collection of various files; for files that have simple hex signatures, these will be found in a file with the extension .db
. Not all of these signatures are pure hex -- many of them contain wildcards such as ??
for "allow any byte here", *
for "allow any number of intervening bytes here", (-4096)
for "allow up to 4k of intervening bytes here", and so forth.