[clamav-users] signature processing order

Arnaud Jacques / SecuriteInfo.com webmaster at securiteinfo.com
Tue May 24 17:29:04 EDT 2016

Hello Al,

> Because the signatures may not be identical and could be looking for two
> different things so that a variant of the original malware that could be
> caught by one sig will be overlooked by the other.

This can not happened with Securiteinfo.com sigs. We remove signatures when 
Clamav official detect malwares, based on hundred of samples.

That's the only way to keep the number of signatures the lowest possible.

If 3rd party providers don't do that, they are condemned to have more and more 
signatures everyday, until it breaks low memory systems.

Best regards,

Arnaud Jacques

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

More information about the clamav-users mailing list