New Virus Definition File references from Avira

The German manufacturer of anti-virus software Avira has been at the forefront of the most frequently downloaded freeware security applications, also in Poland. In his new products for this year, he implemented new signatures for virus detection under the name VDF - Virus Definition File.

Let's start from the beginning and explain what the virus signatures are.

Surely everyone is familiar with the function of scanning files or local disks. Previously, the detection of viruses was possible only thanks to local signals on the user's hard disk. Currently, scans are a more complicated procedure and can be carried out simultaneously with:

  • heuristic analysis (static or dynamic) with appropriate hazard classification on the fly,
  • excluding objects that have not been modified since the last scan without changing the scan parameters,
  • with checking the NTFS file system identifiers and previously scanned objects,
  • checking only the first N (eg 32) bytes of the file and comparing them with the pattern in the cloud,
  • and many more depending on the manufacturer and technology used

Returning to the standard signatures - the program scanner analyzes and checks if the file contains a virus. Like all programs, viruses consist of a code, and its special string of producers register and add to the signatures, or virus database. The signature itself consists of a sequence of characters e.g.

X5O! P% @ AP [4 \ PZX54 (P ^) 7CC) 7} $ EICAR-STANDARD-antivirus-TEST-FILE! $ H + H *

This is the basic and safe EICAR method. After copying this line to a text file and saving it as a file with almost any extension (or naming the file with this string), the antivirus program will recognize this file as a virus because this test code is stored in its signature database. If the program does not detect a false threat (and this may happen), do not worry about it. You should be aware that the manufacturer in his program could mark the EICAR test as safe, or by default the program does not scan non-infectable extensions, so the anti-virus will not raise the alarm.

Avira improved its standard signatures and introduced a number of technological changes and assigned them the name VDF - Virus Detection File, which will allow to increase the number of virus defenses, optimize their download speed, as a result it contributes to:

  • faster system startup,
  • reducing the size of the signature defence,
  • lower consumption of resources by the anti-virus application

Depending on the manufacturer, the technologies used to collect the signatures may be different.

New threats appear daily, which is why anti-virus programs must be informed about them on a regular basis. Information about malware detected by Avira is stored in VDF files on protected end devices. VDF stands for Virus Definition File. The VDF files are created by the Avira antivirus laboratory and are available in almost all solutions of the German manufacturer. The VDF files are updated regularly several times a day.

Currently, the concept of VDF signatures is still in the process of shaping and modernization in order to address more space for information about viruses, to optimize the consumption of resources on protected computers and to speed up the update process. In the future, the new generation of virus definition files will be able to update faster and with smaller size.

The nVDF and xVDF signatures

The previous generation of VDF signatures had the prefix "nVDF" in the name and contained 32 file containers that were in the static table. This means that some of the stored VDF data were often downloaded unnecessarily during the upgrade process. However, the nVDF files were not perfect. To further optimize the resources used, reduce and speed up the amount of information retrieved, the nVDF - xVDF extension has been introduced: e (x) tended Virus Definition File. XVDF technology is Avira's response to the ever-growing number of threats. XVDF signatures increase the speed of response to threat detection and consume less resources on the computer.




source: Avira, own

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.