[clamav-users] Signature update schedule, and requirements for adding Signatures

C.D. Cochrane cdc at post.com
Tue May 17 10:20:08 EDT 2016


My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.  I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature.  There is no way to keep up with that.  ClamAV got more than a million virus samples per day, last time I inquired.
...Chris 
 
>
>Sent: Tuesday, May 17, 2016 at 8:02 AM
>From: "Michael D. L." <clamav at cosis.dk>
>To: clamav-users at lists.clamav.net
>Subject: [clamav-users] Signature update schedule, and requirements for adding Signatures
>Hi,
>
>Hope it's the right list I'm posting to :)
>
>Why is the Signature Database only updated every 4 hours? Every 15
>minutes would make more sense, since Spammers move very fast pushing out
>new version of Trojans and alike.
>
>I've reported several Signatures/Files (via. the website), but they
>never make it to the database. When reporting, I also included the
>result from www.virustotal.com[http://www.virustotal.com]
>
>Best Regards
>Michael
>



More information about the clamav-users mailing list