-=> Mocking Paul Walker to Kurt Wismer <=-
   
 KW> listing the variant information does not make it an exact
 KW> identification, tbav could simply have different scan strings for
 KW> different variants... 
 PW> So .. what would you call exact id then, if not identifying variants 
 PW> exactly? ;) 
you know what a scan string is, right? it's a short string that is used
to identify the virus... 10, 20, maybe 30 bytes...
exact identification uses *all* the bytes in the virus and makes sure
they're in the right place (an appending infector at the begining of a
file just ain't the real thing)... now if i'm not mistaken, the real
world requires that the virus database be reasonably small, so you're
thinking how do they fit every byte of every virus in the database - to
which i say "checksums"...
these can actually be called virus signatures, whereas scan strings do
not necessarily uniquely and exactly identify a virus, these do (with
the exception of cryptographic collision in the real world
application)...
... it's obvious just by reading that it's time to thin the herd...
--- Platinum Xpress/Win/Wildcat5! v2.0
---------------