[clamav-users] ClamAV UnOfficial Database
Joel Esler (jesler)
jesler at cisco.com
Thu May 4 23:39:27 UTC 2017
We have some ideas here Benny, but nothing in the pipeline today.
If we incorporated SaneSecurity’s sigs (we need permission to do so from Steve), then we could ingest them, and de-dupe any hash-based sigs that we have that other types of sigs alert on (we do this today for our own internal sigs) The hash based sigs are a method for us to automatically get sigs out right now instead of later. As we all have other things we are doing.
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On May 4, 2017, at 5:57 PM, Benny Pedersen <me at junc.eu<mailto:me at junc.eu>> wrote:
Henrik K skrev den 2017-05-04 23:30:
So we traded memory for equal disk. No surprise there, those bazillion
hashes need their space. I guess someone should just serve them up in cloud
somewhere like... Immunet? ^_^
and scan times is still the same ?, while load time is considred very fast since it now dont need to unzip main.cvd ? :)
wish for freshclam, save cvd files in unpacked state so it does not need to unpack on load
freeshclam can update cvd files and pack it with zlib, but it sigtool can unpack it to being not zlipped saved, hmm
zlip packed data is only usefull for mirror updateing to save data transfer imho on diff updatees it does not get much saved
oh well :=)
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list