| File | Description |
|---|---|
| phpmussel.cedb | phpMussel complex extended signatures. Contains signatures based on extended metadata generated by phpMussel. Signatures in this signature file target a wide range of miscellaneous threats covering a wide range of formats and vectors, including Android malware, chameleon attacks, forkbombs, web-based ransomware, malicious browser extensions, equation malware, etc. Generally recommended for most phpMussel setups, and has a very low false positive risk. |
| phpmussel.db | phpMussel standard signatures. Signatures in this signature file work directly with file content (i.e., with zero or limited pre-processing). Covers a wide range of formats. Generally recommended for most phpMussel setups, and has a low false positive risk. |
| phpmussel_regex.db | phpMussel standard regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel.fdb | phpMussel filename signatures. Signatures in this signature file deal solely and specifically with the names of the files being scanned (e.g., the names of uploaded files as per supplied by the client attempting the upload). It probably won't catch too much, but the memory footprint and performance cost is extremely small, it has a very low false positive risk, and could potentially reduce the memory footprint of other signature files when it catches things by making it unnecessary to scan the caught files further in some cases. Generally recommended for most phpMussel setups. |
| phpmussel.hdb | phpMussel hash signatures. Whenever a file is scanned by phpMussel, a hash for that file is generated, and then checked against hash signatures to match against any potential specific, already known malicious files. Almost entirely useless against more modern, polymorphic viruses and malware, but relatively useful against older, non-polymorphic viruses and malware. The memory footprint and performance cost is relatively small, and it has a very low false positive risk. Generally recommended for most phpMussel setups. |
| phpmussel.htdb | phpMussel HTML signatures. Signatures in this signature file work with HTML-normalised file content. If there's any possibility that HTML content could be uploaded to your website, or that your phpMussel setup could be used to scan HTML content, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_regex.htdb | phpMussel HTML regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel.mdb | phpMussel PE sectional signatures. Signatures in this signature file work with the hashes that are generated by phpMussel when it scans PE files (i.e., Windows "portable executable" files), representing the various sections inside those PE files. If there's any possibility that your phpMussel setup could be used to scan PE files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. (Of course, in general, I would advise against allowing PE files to be uploaded to your website anyway, due to the significantly higher risk factor associated with this type of file, regardless of precautions and safeguards used). |
| phpmussel.medb | phpMussel PE metadata signatures. Signatures in this signature file work with the hashes that are generated by phpMussel when it scans PE files (i.e., Windows "portable executable" files), representing various metadata related to those PE files. If there's any possibility that your phpMussel setup could be used to scan PE files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. (Of course, in general, I would advise against allowing PE files to be uploaded to your website anyway, due to the significantly higher risk factor associated with this type of file, regardless of precautions and safeguards used). |
| phpmussel.ndb | phpMussel normalised signatures. Signatures in this signature file work with ANSI-normalised file content (in the context of phpMussel, "ANSI-normalised" means lowercased, and with all non-ANSI characters and all characters outside of 21-7e stripped out). Covers a wide range of formats. Generally recommended for most phpMussel setups, and has a low false positive risk. |
| phpmussel_regex.ndb | phpMussel normalised regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel.udb | phpMussel URL scanner signatures. Whenever a file is scanned by phpMussel, phpMussel will attempt to detect any URLs contained inside the file, and then match those URLs, their domain part, and their query part against lists of URLs, domains, and queries known to be malicious or dangerous. Existence of such malicious or dangerous URLs, domains, or queries would likely in itself be undesirable for most people, but may also indicate that the file containing them could potentially be malicious or dangerous too (although not necessarily proving that the file is definitively malicious or dangerous beyond all doubt). The memory footprint and performance cost is relatively small, and it has a very low false positive risk. Generally recommended for most phpMussel setups. |
| phpmussel_elf.db | phpMussel ELF signatures. Signatures in this signature file work solely and specifically with executable Linux files (or "ELF" files). If there's any possibility that your phpMussel setup could be used to scan ELF files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_email.db | phpMussel email signatures. Signatures in this signature file work solely and specifically with saved email files. If there's any possibility that your phpMussel setup could be used to scan saved email files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_email_regex.db | phpMussel email regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel_exe.db | phpMussel PE signatures. Signatures in this signature file work solely and specifically with portable executable files (or "PE" files; e.g., Windows EXEs, DLLs, etc). If there's any possibility that your phpMussel setup could be used to scan PE files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. (Of course, in general, I would advise against allowing PE files to be uploaded to your website anyway, due to the significantly higher risk factor associated with this type of file, regardless of precautions and safeguards used). |
| phpmussel_exe_regex.db | phpMussel PE regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel_graphics.db | phpMussel graphics signatures. Signatures in this signature file work with files belonging to various graphics formats. If there's any possibility that your phpMussel setup could be used to scan images or any other type of graphics file, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_graphics_regex.db | phpMussel graphics regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel_ole.db | phpMussel OLE signatures. Whenever a file is scanned by phpMussel, phpMussel will attempt to detect any OLE objects contained inside the file. Signatures in this signature file work with those OLE objects. Microsoft Word documents are a good example of files that can sometimes contain OLE objects (there are numerous other types of files that can also contain OLE objects though). If there's any possibility that your phpMussel setup could be used to scan files capable of containing OLE objects, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. It should be noted however, that phpMussel's ability to detect OLE objects hasn't yet quite been perfected, and so there may be numerous occasions phpMussel fails to detect the OLE objects contained in some types of files, or when files are crafted in a particular way (it is planned however, to improve phpMussel's ability to detect OLE objects in the future). |
| phpmussel_ole_regex.db | phpMussel OLE regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
| phpmussel_pdf.db | phpMussel PDF signatures. Signatures in this signature file work solely and specifically with PDF files. If there's any possibility that your phpMussel setup could be used to scan PDF files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_swf.db | phpMussel SWF signatures. Signatures in this signature file work solely and specifically with SWF files (i.e., Shockwave/Flash files). If there's any possibility that your phpMussel setup could be used to scan SWF files, then you should, in most cases, use this signature file. If not though, it most likely won't be particularly useful for you and should be ignored. |
| phpmussel_swf_regex.db | phpMussel SWF regex signatures. Same as the above, except that the signatures in this signature file can contain regular expressions (whereas signatures from the above can't). |
Last Updated: 26 March 2022 (2022.03.26).