[clamav-users] ClamAV+exim: scanner finds not a single malware

C.D. Cochrane cdc at post.com
Mon May 23 13:52:19 EDT 2016

>> My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.
>> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions
>> of tiny mutations so that almost every email attachment has a unique signature. There is no way to keep up with
>> that. ClamAV got more than a million virus samples per day, last time I inquired.
>> ...Chris
> As for they claim above about Dridex etc being too numerous to handle,
> Sane Security seems to be doing just a fine job of it. (So its just a
> lame response).

I'm not sure what heuristic Sane Security uses. My original point was that a traditional signature (sigtool?)
on the current generation of malware seems to be a non-scalable idea. One million new sigs per day is not
realistic. ClamAV must evolve if it is going to remain useful. There has to be a better scheme to ID new
malware than sigtool.  

Otherwise, groach is right.  ClamAV is just a redundant way to scan for virus files from 2008 or see if your
latest files can generate FPs.

More information about the clamav-users mailing list