virus – How do audiovisual publishers select malware signatures?

From what I know, both methods are used.

Signatures can be generated by automated programs that are populated with malicious samples, and then extract strings, data, attributes, and so on. can be used to automatically create a signature.

In addition, researchers often scan new unknown samples for unique strings, data, and attributes that can be used to create a signature. You can not really automatically release a signature for a whole new variety of malware if you have no idea what it is. However, because most malware shares similar characteristics, automated processes can be used to detect new samples.

You might want to take a look at Intezer, that's exactly what you do.

I'm sure many antivirus companies also offer similar "internal" products.

As for your other question, signatures usually go through quality control before being published in production, especially if there are new signatures created from scratch. Although from time to time, it is possible that a bad signature is pushed via an update and that it causes the deletion of a legitimate file (ie: system files). ). This has happened before, it still happens today and will probably happen again in the future.