Signature

Unique identifier of a malicious file

A signature is a small piece of data which uniquely identifies an individual item of malware, allowing anti-malware software to spot it when scanning files.

Most anti-malware products include a database of such signatures representing all malware known to the program. These databases are updated regularly with the identification strings for new items added by the product's developers. Whenever a product scans a new file, it is checked against the database to determine if it matches any known item.

Signatures can be made more flexible to allow for generic detection of similar items of malware. Too much flexibility can lead the signature to match other files, leading to false positives.

Glossary


	Similar entries Emulation Family Generic detection Sandbox(ing) Unpacking Variant Virtualisation See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,239 registered users.

Fighting malware and spam

Signature

See also