[clamav-users] Why are the ClamAV team so slow at creating signatures ?

Paul Smith paul at pscs.co.uk
Mon Oct 6 09:57:34 EDT 2014


On 06/10/2014 14:37, Tim Smith wrote:
>> are you really trying to compare response times from PAID sollutions to the free/community maintened ones ????
> Of course not, the paid solutions will always be better.
>
> But three days to get some definitions pushed out for a zero-day is a
> bit on the slow side, you must agree !
>
It's only on the slow side if you expect it to be quicker... Personally, 
I'm glad this is available at all from a free solution.

As other people have said, you can make YOUR Clam AV installation detect 
the virus pretty much instantly - which is much quicker than any paid 
solution.
(eg http://www.clamav.net/doc/latest/signatures.pdf)

Analysing a virus & updating signatures is not a quick & trivial job, 
and they'll get lots of samples submitted (I've heard figures of a 
million a day). Many will be duplicates, but many will also be innocuous 
files where someone has been paranoid, or even where files are 
maliciously submitted, so I expect that files that are submitted have to 
be checked somehow to make sure they really are malicious files, and a 
useful signature has to be generated and tested. I'm fairly sure you'd 
be (rightly) miffed if an update was released which suddenly generated 
lots of false positives because corners had been cut.

If you think it needs to be quicker, then maybe you could volunteer your 
time to help with the analysis (I'm not sure how you'd go about this) or 
send a financial donation to help with the process. Obviously the paid 
AV solutions will have more resources to do this task than a community 
maintained one will have, so you'd expect the paid ones to be 
considerably quicker.



-


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe



More information about the clamav-users mailing list