[clamav-users] Signature update schedule, and requirements for adding Signatures

Joel Esler (jesler) jesler at cisco.com
Tue May 17 19:52:37 EDT 2016


Correct.  Now that we are back to pushing updates every 4 hours, whereas most AV companies only push once or twice a day.


--
Joel Esler
Manager, Talos Group




On May 17, 2016, at 10:20 AM, C.D. Cochrane <cdc at post.com<mailto:cdc at post.com>> wrote:

My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.  I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature.  There is no way to keep up with that.  ClamAV got more than a million virus samples per day, last time I inquired.
...Chris


Sent: Tuesday, May 17, 2016 at 8:02 AM
From: "Michael D. L." <clamav at cosis.dk<mailto:clamav at cosis.dk>>
To: clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
Subject: [clamav-users] Signature update schedule, and requirements for adding Signatures
Hi,

Hope it's the right list I'm posting to :)

Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.

I've reported several Signatures/Files (via. the website), but they
never make it to the database. When reporting, I also included the
result from www.virustotal.com<http://www.virustotal.com>[http://www.virustotal.com]

Best Regards
Michael

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list