[clamav-users] Why are the ClamAV team so slow at creating signatures ?
paul at pscs.co.uk
Mon Oct 6 09:57:34 EDT 2014
On 06/10/2014 14:37, Tim Smith wrote:
>> are you really trying to compare response times from PAID sollutions to the free/community maintened ones ????
> Of course not, the paid solutions will always be better.
> But three days to get some definitions pushed out for a zero-day is a
> bit on the slow side, you must agree !
It's only on the slow side if you expect it to be quicker... Personally,
I'm glad this is available at all from a free solution.
As other people have said, you can make YOUR Clam AV installation detect
the virus pretty much instantly - which is much quicker than any paid
Analysing a virus & updating signatures is not a quick & trivial job,
and they'll get lots of samples submitted (I've heard figures of a
million a day). Many will be duplicates, but many will also be innocuous
files where someone has been paranoid, or even where files are
maliciously submitted, so I expect that files that are submitted have to
be checked somehow to make sure they really are malicious files, and a
useful signature has to be generated and tested. I'm fairly sure you'd
be (rightly) miffed if an update was released which suddenly generated
lots of false positives because corners had been cut.
If you think it needs to be quicker, then maybe you could volunteer your
time to help with the analysis (I'm not sure how you'd go about this) or
send a financial donation to help with the process. Obviously the paid
AV solutions will have more resources to do this task than a community
maintained one will have, so you'd expect the paid ones to be
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
More information about the clamav-users