The binary pattern of the machine code of a particular virus. Antivirus programs compare their database of virus signatures with the files on the hard disk and removable media (including the boot sectors of the disks) as well as within RAM. The antivirus vendor updates the signatures frequently and makes them available to customers via the Web. See antivirus program.
Sequence of bytes in the machine code of the virus. One way that anti-virus programs identify the presence of a virus in an executable file, a boot record, or memory is to use short identifiers, called signatures. A “good signature” is one that is found in every object infected by the virus, but it is unlikely to be found if the virus is not present. In other words, the likelihood of having both false negatives and false positives must be minimized. Kephart, J. and Arnold, W. Automatic Extraction of Computer Virus Signatures. [Online, 1994.] IBM Research Website. http://www.research.ibm.com/antivirus/ SciPapers/Kephart/VB94/vb94.html.