FORMALITY - ClamAV unofficial signature databases

Protection Against Malware and Phishing: The Importance of Different ClamAV File Formats for FORMALITY Deutschland Customers

FORMALITY Deutschland has developed a holistic approach to protecting its customers from malware and phishing attacks that are spread via email attachments or links. This includes creating its own .ign2, YARA, .ndb and .hsb files for ClamAV.

But what do these different file formats mean, and how do our customers benefit from them?

.ign2 files:

The .ign2 files are part of ClamAV’s ignition functionality and are used to mark trusted files that should be excluded from scanning. By creating our own .ign2 files, we can ensure that important and trusted files are not mistakenly detected as threats, which increases the efficiency and reliability of scanning and reduces the load for our customers.

YARA rules:

YARA is a powerful tool for detecting and classifying malware based on patterns and behavior. By creating our own YARA rules, we can identify specific indicators of malware and phishing that may not be captured by traditional signatures. This enables more precise and comprehensive detection of threats and provides our customers with an additional layer of protection.

.ndb files (Normal Database):

Our .ndb files contain specific signatures for known malware, including malicious programs that are frequently sent as email attachments or links in phishing emails. These signatures are regularly updated by our security expert to provide our customers with reliable protection against known threats. By using .ndb files, we can detect and block malware at an early stage before it can cause any damage.

.hsb files (Heuristic Scan Precedence):

The .hsb files enhance our malware detection with ClamAV through heuristic analysis methods that can identify potentially dangerous activities even when no specific signature is available. This is particularly important for detecting phishing attacks, where attackers constantly use new tactics and techniques to deceive users. By using .hsb files, we can detect suspicious email attachments and links that indicate phishing and protect our customers from fraudulent attempts.

Benefits for our customers:

By using a broad range of file formats and techniques, we can offer our customers comprehensive protection against malware and phishing attacks. They can rely on their mailboxes being continuously monitored and suspicious content being effectively blocked to ensure their security and privacy. Our proactive security measures enable our customers to focus on their business activities without having to worry about potential threats.

FORMALITY Deutschland remains committed to implementing the latest and most effective security measures to protect its customers. Our custom-developed files and techniques are an essential part of this commitment.