ClamAV (en)
Search Algorithms Powering AntiVirus 2 - Boyer–Moore (BM) & Wu-Manber (WM)
Using ClamAV as a reference, this article summarizes the Boyer–Moore (BM) and Wu-Manber (WM) algorithms that support AntiVirus pattern matching.
ReadInformation Retrieval Algorithms Behind AntiVirus, Part 1 - The Aho–Corasick Algorithm
Using ClamAV as a reference, this article summarizes the Aho–Corasick algorithm, an information retrieval algorithm that underpins AntiVirus software.
ReadNotes on How clamscan Works Before It Performs a File Scan (unfinished)
These are notes on how clamscan works before it performs a file scan (unfinished).
ReadNotes on Tracing the ClamAV Scan Process Until the Eicar Test File Is Detected
Notes on tracing the scan behavior in ClamAV from invocation to detection of the Eicar test file.
ReadClamAV On-Access Scanning with fanotify - Learning AntiVirus on Linux Through OSS -
This article briefly explains fanotify, the kernel framework used for real-time file scanning (On-Access scanning) by AntiVirus software for Linux.
ReadHow to Enable Debug Tracing for Bytecode Signatures in libclamav
This article summarizes how to enable debug tracing for bytecode signatures in libclamav.
ReadHITCON CTF 2024 Writeup — AntiVirus (Rev)
HITCON CTF 2024 Writeup — Reverse-engineering a ClamAV bytecode signature file
ReadLearning ClamAV Signature Creation and Analysis Through CTF
A summary of ClamAV signature syntax and analysis methods using the SECCON 2022 Devil Hunter challenge as a theme.
ReadSummary of Building ClamAV from Source Code and Setting Up OnAccessScan
Summary of the steps to build ClamAV from source code and set up OnAccessScan.
Read