We are developing a new antivirus solution and need a help in creating database of antivirus signatures based on incoming malware samples. We need to develop a signature format in the way, so single signature will be able to detect multiple versions of the same malware. It should not be as simple as MD5 of full file content, because MD5 signature of file is able to match only single file.
- Preferably calculation of file signature should not require reading of the whole file content. This is to achieve good performance impact
- Generation of malware signatures must be automated, because we have 200K samples arriving daily
- Signatures should be generated even for Worm samples - good files patched with few tens of bytes of malware code