Background: produceAbortListSignatures (cxx/VirusAnalysis.cxx#L96) uses listProduceUniqueSubstr (cxx/ClassResultList.hxx#L76) to produce the shortest signature of each infection which does not overlap with honest executables (does not give false positives).
Rationale: To mimic human immune responses, can do per-compute randomness as: use std::random to choose a few signatures, remove some of the first/last of those signatures to allow false positives (plus mo re detections of new infections which would otherwise have false negatives.) This requires a new bool (such as ResultListSignature.triggersFalsePositives) which causes signatureAnalysis to not return virusAnalysisAbort but rather return virusAnalysisRequiresReview (asks the user what to do.)
The randomness can also include:
staticAnalysis which triggers false positives (plus ask the user what to do);
random versions of the chroot for sandboxAnalysis.
Lots to do. If you want this: respond that you wish more resources go to this, or contribute.
Background:
produceAbortListSignatures(cxx/VirusAnalysis.cxx#L96) useslistProduceUniqueSubstr(cxx/ClassResultList.hxx#L76) to produce the shortest signature of each infection which does not overlap with honest executables (does not give false positives). Rationale: To mimic human immune responses, can do per-compute randomness as: use std::random to choose a few signatures, remove some of the first/last of those signatures to allow false positives (plus mo re detections of new infections which would otherwise have false negatives.) This requires a newbool(such asResultListSignature.triggersFalsePositives) which causessignatureAnalysisto notreturn virusAnalysisAbortbut ratherreturn virusAnalysisRequiresReview(asks the user what to do.) The randomness can also include:staticAnalysiswhich triggers false positives (plus ask the user what to do); random versions of thechrootforsandboxAnalysis.Lots to do. If you want this: respond that you wish more resources go to this, or contribute.