Have you ever wondered how anti-virus signatures are created?
In his article An Intro to Creating Anti-Virus Signatures the author describes three types of signature detections:
- hash signatures
- byte signatures
- heuristics
Though the article focusses primarily on Microsoft portable executable files like .exe, .dll and .sys, it would be possible to analyze pdf
, .ppt
files if one would do that.
The article is well detailed and a good start to understand how anti-virus/anti-malware signatures are built.



