[clamav-users] Continuous increase of startup time (is daily.cld broken?)

Steve Basford steveb_clamav at sanesecurity.com
Mon Oct 7 12:04:50 EDT 2019

On 7 October 2019 15:25:41 "J.R. via clamav-users" 
<clamav-users at lists.clamav.net> wrote:

> I don't know how the viruses are tracked, but maybe to reduce size (if
> applicable) some of the more ancient viruses that only affect EOL
> operating systems (or programs that should have long since been
> patched) could be spun-off into a separate definition file (that could
> be optionally disabled)? Seems like it would be quite a waste of
> resources for most if there were like a million definitions that only
> affected Windows XP or Office 2003 or something like that...

If you also take a peek at hashes:

Number of hashes:

36,49,543 main.hdb

23,657,708 daily.hdb

248,06,499 main.hsb

905,00,729 daily.hsb

file Size:

36,49,543 main.hdb

23,657,708 daily.hdb

24,806,499 main.hsb

905,00,729 daily.hsb


grep "130ae8f338cc705a26fa5fa635d8673a" daily.hsb



First Seen In The Wild ---> 2016-06-03 20:34:00

Last Submission ---> 2016-06-03 20:37:03

Document Name: Rotech AG_Faktur dot doc

So, is the above hash still relevant or should it moved into archived.hsb, 
which by default doesn't load ?

Perhaps, daily.* are hashes up to a year old, main.* for hashes two years 
old and everything else into archive.*

Or jsut drop document hashes over a year old ??

It's a difficult one to suit all uses of ClamAV I guess.

Twitter: @sanesecurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20191007/2f813012/attachment.html>

More information about the clamav-users mailing list