Advantages and disadvantages of anti-virus cloud engine

        Take a look at the advantages of cloud engine:

1. respond quickly, because as long as the virus is determined, the basic rule out the possibility of false positives, can be upgraded immediately.

2. Internet have the advantage. The advantages and disadvantages

3. ......

traditional engine is basically the reverse of the former, then is there a balance between the two engines can do?

we know, is to extract a signature "buffer offset + Check" framework. For example, the md5 value is "full text buffer 0 offset + md5 check". If we fix this buffer and use a faster verification method, then we can achieve the "fixed buffer size X offset + check" mode, in the expansion step "buffer offset + check + ... + buffer offset +Check" can form a hash algorithm to effectively control false positives.

"plain text buffer +" flow features may be extracted virus scanning, multi-mode matching algorithm; may be "offset + buffer + buffer offset codes + ...... + parity."

buffer data is the most critical, it may be extracted to form a unique identification document feature data area can be achieved. For example, "Panda burning incense", the fixed buffer has a data structure to store the PE icon, fuzzy recognition of the "Panda icon" can report suspected viruses.

In a certain sense, the traditional engine and cloud engine does not contradict the essence is the same, but the ways to achieve different Bale. The system-oriented free anti-virus mode of the Internet is the combination of the two, and the cloud can be implemented without md5. Let's look at the feature code in clamav, there are hash features, there are md5,, engine features will be diversified, anti-virus engine will also diversify, and the anti-virus engine facing the Internet is naturally the closest The branch of the user.

less conventional engines is really behind it?

answer is no, at least for now, for many reasons, look at the limitations of cloud engine:

1. After killing off the network can not.

2.md5 check killing rate, where the killing rate is to change any byte in the file underkill.

3. unable to detoxify.

4. not shelling. Of course, even if the shelling is different, the value of the extracted file and the original file md5 are different due to different shelling procedures, resulting in md5 value redundancy.

5. narcotics slow. We know that IO consume about 70% of the time, the entire file is read slower