Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!usc!brutus.cs.uiuc.edu!jarthur!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: CHESS@YKTVMV.BITNET (David.M..Chess)
Newsgroups: comp.virus
Subject: Identification strings
Message-ID: <0002.9002131641.AA18689@ge.sei.cmu.edu>
Date: 12 Feb 90 00:00:00 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 22
Approved: krvw@sei.cmu.edu

Fridrik S.:

>  How about:
>
>         Identification string: A sequence of bytes, used by anti-virus
>         programs to check if a program is infected.
>
>         Signature string: A sequence of bytes, used by the virus to check
>         if a program is infected.
>
> Comments ?

Well, by an unhappy coincidence, we tend to use the terms more or less
the other way around, around here.  We call the thing that a virus
checks for the "self-identification", and we call the things that our
scanner scans for "signatures".  (The self-identification, by the way,
isn't always a string of bytes; it can be a bit-pattern in the
timestamp, or just about anything else!)  Note sure what to suggest to
solve the problem; perhaps people can just stop to spell out what they
mean when there's danger of ambiguity?

DC