[clamav-users] Signature update schedule, and requirements for adding Signatures

Joel Esler (jesler) jesler at cisco.com
Tue May 17 19:52:37 EDT 2016

Correct.  Now that we are back to pushing updates every 4 hours, whereas most AV companies only push once or twice a day.

Joel Esler
Manager, Talos Group

On May 17, 2016, at 10:20 AM, C.D. Cochrane <cdc at post.com<mailto:cdc at post.com>> wrote:

My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.  I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature.  There is no way to keep up with that.  ClamAV got more than a million virus samples per day, last time I inquired.

Sent: Tuesday, May 17, 2016 at 8:02 AM
From: "Michael D. L." <clamav at cosis.dk<mailto:clamav at cosis.dk>>
To: clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
Subject: [clamav-users] Signature update schedule, and requirements for adding Signatures

Hope it's the right list I'm posting to :)

Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.

I've reported several Signatures/Files (via. the website), but they
never make it to the database. When reporting, I also included the
result from www.virustotal.com<http://www.virustotal.com>[http://www.virustotal.com]

Best Regards

Help us build a comprehensive ClamAV guide:


More information about the clamav-users mailing list