[clamav-users] Continuous increase of startup time (is daily.cld broken?)

J.R. themadbeaker at gmail.com
Mon Oct 7 13:38:46 EDT 2019


> Steve Basford:
> So, is the above hash still relevant or should it moved into archived.hsb,
> which by default doesn't load ?

I would *guess* the ClamAV team would have a *little* more detailed of
a back-end system tracking viruses (though I could be wrong)...

> G.W. Haywood:
> Well I only run Linux systems and I'd _still_ want to scan for Windows
> and Office 2003 malware.  Call it social responsibility.  Just because
> my systems are immune to something malicious doesn't mean I'll want to
> ignore it when it arrives.  If my systems accepted such a thing from a
> correspondent who has a vulnerable system, and then gave it to another
> correspondent with yet another vulnerable system then I'd say that I'd
> been irresponsible if I could have stopped it in its tracks with a bit
> of effort and very little extra resource usage.

That's why I said "optionally disable" as in "enabled by default"...
and Office 2003 was just a random example (as it is 16 years old)...
Would you still feel necessary to scan for DOS viruses? Windows 3.1?
95? 98? 2K? It's sad that some people still today think Windows XP
should be supported (even though EXTENDED support ended in 2014), when
that OS has no business being connected to the internet with all the
out-of-date software on it.

When there's almost 1 MILLION new pieces of malware/viruses created
every DAY, there's a point of diminishing returns if the signature
database was going to contain everything since the dawn of
computing... Granted there aren't nearly that many new signatures
added to clamav, but the explosive growth in MODERN threats just goes
to show the direction things are going...

A logical approach would be to keep definitions in the "main.cvd" as
long as the product is currently supported... After it is declared EOL
and no longer supported by its creator, then move said definitions
into the (default enabled, but optionally disabled) "archived.cvd" or
whatever and give them an extended year before being removed out of
that. For the super-paranoid then maybe create a "historical.cvd" that
can hold all the old bloat and could would be default-disabled but
optionally-enabled.


More information about the clamav-users mailing list