What is Virusign ?
Is a service that automatically collects malware samples and provide controlled access to the files. it is intended for researchers that need to analyze these files and update antivirus software.
Please see our about page.
How can I help the project ?
You can help by sending new malware samples, sending sugestions or donating.
How can I create ClamAV signatures ?
You can find detailed instructions here.
How can I send a new signature to the official ClamAV signatures database ?
ClamAV accepts signatures created by the community into the official signatures database since 2014, details here.
There is a web form exclusively for sending community signatures, available here.
More details about community signatures can be found on the Community-sigs mailing list here.
What are the antiviruses used for scanning the files ?
The scanning with these antiviruses is not intended for doing comparisons, but to check if any given file is detected by one of them, giving an indication that some file could be a malware.
|AV1||ClamAV||clamscan --no-summary --detect-pua|
|AV3||Avast||scan -b -f -u -l 100|
|AV4||AVG||avgscan --arc --pwdw --heur --pup --pup2 --macrow --ignerrors|
|AV5||F-PROT||fpscan --verbose=1 --scanlevel=4 --heurlevel=4 --archive=99 --adware --report|
|AV6||Sophos||savscan -ndi -ns -nb -all -rec -nremove -sc -f -tnef -actmime -mime -oe -pua -suspicious -archive|
About the files available for download, is everything malware ?
Most of the files are collected automatically, some may not be malicious, and when confirmed to be clean will be subjected to remotion.
Can I get more then 100 results per page ?
You can choose to get either 100 or 1,000 results per page from home.php. You just have to modify the value of the r parameter from 100 to 1000.
What is the search syntax ?
Please see "Query string syntax" here.
Fields available for searching: name date file_id trid_id crc32 md5 sha1 sha256 ssdeep imphash impfuzzy clamav ikarus avast avg fprot sophos escan.
How can I find similar files using imphash or ssdeep hashlists ?
Example command to count the number of occurrences for each imphash :
cut -d, -f1 imphash_hashlist | sort | uniq -c | sort -rn | less
You can add a header (ssdeep,1.1--blocksize:hash:hash,filename) to the ssdeep hashlist, and run the ssdeep command line on it.
Example command to compare the files on the ssdeep hashlist against each other (may take days to complete) :
ssdeep -s -c -x ssdeep_hashlist > results.csv
Any more questions ?
Please get in touch.