[clamav-users] Virus-Datebase-Updates?

Walter H. walter.h at mathemainzel.info
Mon Jan 18 04:12:30 EST 2016


On Mon, January 18, 2016 09:38, Dennis Peterson wrote:

> To expect an individual vendor to be as effective as the pool is idiocy.
fail, because one system relies only on one vendor
> If it were possible the pool would be unnecessary.
fail, because this should only be a opinion of 3rd party and not a
consulting mechanism at a regular basis, because of antivirus failure ...

> Because VirusTotal consults all of them they have greater opportunity of
> returning a hit than any single vendor and that artificially makes them
> look more effective.
depend on how you interpret this:
https://www.virustotal.com/en/file/9bca9c9581182d3d6ed015179a12f68c94fa21b11cb3ef98a16265cd70fd7032/analysis/1453098213/
in case you interpret this to be a threat found by one vendor you are right;
if you think, that this could be also a false positive by one vendor you
are wrong;

> There will ALWAYS be a disparity among antivirus vendors
> regarding signatures for a particular threat.
right, and this says something about the quality of a antivirus vendor;

> Malware will always arrive faster than a response can be launched and
> these threats don't land in the queue of all the vendors at the same
> time.
this is right, but weeks or months after the first occurence of specific
malware every antivirus vendor should detect this;





More information about the clamav-users mailing list