Home/ Questions/Q 8649031
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T13:27:32+00:00

I haven’t found information about this anywhere. Is there a minimal required length for

  • 0

I haven’t found information about this anywhere. Is there a minimal required length for virus signatures? I’ve read in book by Peter Szor that for 16-bit applications 16 bytes is enough even to avoid false positives. Is there equvilent minimum for 32 and 64-bit applications too?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    May be my experience useful to you:

    I generated hex-code signatures using n-gram, opcodes and using menonic. And I used more than 2000 viruses to min signatures. The min length was 16 byte and max size was 68 bytes. Also, for signatures was created for both malware and benign. The approach was Heuristic and Data-Mining.
    The length of Benign signature was less than malware. And i though, it was because Benign are written in high-level language so compiler generated code and more similarity reduce the length of Benign signatures. Where as Malware are written in comparatively Low level (Assembly) or in inline-Assembly (embedded-assembly within high-level language) so produces lengthy signature comparably.

    Also long signatures are useful in detail analysis in offline scanning.

    • 0