[clamav-users] No good deed goes unpunished, or, why CVD files don't work
clamav at jubileegroup.co.uk
Thu Dec 20 13:37:22 EST 2018
Attempting to bring some sort of perspective to all this...
The number of updates per day (or hour or minute), and the currency or
otherwise of the updated data are not, I think, the things that matter.
Isn't what matters most the probability that some malicious payload
will get past your scanner?
So, what's the difference in this probability if one updates daily, or
hourly, or even every minute? Not terribly easy to estimate, but I'd
suggest that for real-world payloads (as opposed to random selections
from some population of known payloads), and for ClamAV, we're looking
at a range of a few percent in a probability of no less than several
tens of percent.
I'm not saying that this exercise is pointless, but I am wondering if
there might be better uses for the effort.
More information about the clamav-users