I don't think it's going to be possible to answer this one as such. The product is developed as: Software + Engine + Virus Data.
This version of the software is then released and for up to 3 months, is updated with .ide files to keep it up to date in terms of detection. The cloud based lookups also supplement this detection.
Traditionally one .ide file represented one threat. Pushing a single .ide file through the system from Sophos Labs to client is no small feat and with the sheer amount of malware appearing, ide files started to detect multiple threats not only to keep up with the numbers but to avoid pushing many ides through the system. The ide files grew in size but provided more detection.
On the next version of the software, when the Virus Data is rebuilt, the detection added by the previous .ide files is moved into the main virus data files (*.vdb). The cycle continues in this way.
The virus families you mention are quite old. OSX/Jahlav-C for example, the protection available since: 21 Aug 2009 20:11:33 (GMT) and was last Updated on: 27 Aug 2009 03:39:30 (GMT). So the detection for this variant is likely to be in a vdb somewhere.
you might be able to correlate a recent threat with a recently released ide but that's about it.
Sophos Labs would probably be able to tell you for a specific virus including variant, when initially released, what was the name if the .ide but how useful is this information? Some threats go straight into the main virus data at a monthly release and never make it to an ide. So it may we be that the first time it was seen was in a vdb, detection for that threat could then be updated in an ide so it all gets a bit complex.
I don't think it's going to be possible to answer this one as such. The product is developed as: Software + Engine + Virus Data.
This version of the software is then released and for up to 3 months, is updated with .ide files to keep it up to date in terms of detection. The cloud based lookups also supplement this detection.
Traditionally one .ide file represented one threat. Pushing a single .ide file through the system from Sophos Labs to client is no small feat and with the sheer amount of malware appearing, ide files started to detect multiple threats not only to keep up with the numbers but to avoid pushing many ides through the system. The ide files grew in size but provided more detection.
On the next version of the software, when the Virus Data is rebuilt, the detection added by the previous .ide files is moved into the main virus data files (*.vdb). The cycle continues in this way.
The virus families you mention are quite old. OSX/Jahlav-C for example, the protection available since: 21 Aug 2009 20:11:33 (GMT) and was last Updated on: 27 Aug 2009 03:39:30 (GMT). So the detection for this variant is likely to be in a vdb somewhere.
you might be able to correlate a recent threat with a recently released ide but that's about it.
Sophos Labs would probably be able to tell you for a specific virus including variant, when initially released, what was the name if the .ide but how useful is this information? Some threats go straight into the main virus data at a monthly release and never make it to an ide. So it may we be that the first time it was seen was in a vdb, detection for that threat could then be updated in an ide so it all gets a bit complex.
