[clamav-users] ClamAV+exim: scanner finds not a single malware

Dennis Peterson dennispe at inetnw.com
Mon May 23 13:49:17 EDT 2016

Everything about ClamAV is open source and free. Including the signatures. There 
is nothing stopping any of us from filling the gaps in signatures.


On 5/23/16 9:45 AM, Groach wrote:
> On 23/05/2016 14:44, C.D. Cochrane wrote:
>>> Hi Michael,
>>> I made a similar inquiry last week (Signature update schedule, and
>>> requirements for adding Signatures) - this was the responses:
>>>>> My 2 cents would be that rapid traditional signature updates are not a 
>>>>> viable solution to this long term problem.
>>>>> I'm pretty sure the current generation >>>of Locky, Dridex, Nemucod, etc. 
>>>>> ransomware is generated using millions
>>>>> of tiny mutations so that almost every email attachment has a unique 
>>>>> signature. >>>There is no way to keep up with
>>>>> that. ClamAV got more than a million virus samples per day, last time I 
>>>>> inquired.
>>>>> ...Chris
>>> Best Regards
>>> Michael
> As for they claim above about Dridex etc being too numerous to handle, Sane 
> Security seems to be doing just a fine job of it. (So its just a lame response).
> Yep.   An antivirus solution that to their own admission will not be giving 
> out signatures to real threats as there are too many, and shouldnt be used as 
> a realtime threat protection to real threats and should only be used to 
> supplement a more superior and effective AV solution.
> So, tell me again, what is the point of it?
> If I am already investing/relying on a more effective solution for Zero-day 
> threats and realtime scanning to stop being hit, why do I need Clam?  (If the 
> more effective solution is going to get it the n for sure Clam isnt. Like 
> asking your one-legged Grandad to help push the car that is currently being 
> towed by a toe truck).
> Of course, you may have chosen to not have another solution, and to ONLY use 
> the Clam default signatures.  Then you can rely on it:
> a, once the threat has already hit your system and done its damage and
> b, to advise you that you have been hit so you can then use another solution 
> to recover/cure your (now infected) system (hopefully!)
> Yeah.  I Hope people that are struggling to get through the problems of 
> getting it to install/compile and download the updates and yet not use 3rd 
> party signatures actually realise what ultimately they are going to achieve.
> Nada.
> May they be lucky in life.
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list