[clamav-users] Continuous increase of startup time (is daily.cld broken?)

G.W. Haywood clamav at jubileegroup.co.uk
Mon Oct 7 16:05:21 EDT 2019

Hi there,

On Mon, 7 Oct 2019, J.R. via clamav-users wrote:
> G.W. Haywood wrote:
>> Well I only run Linux systems and I'd _still_ want to scan for Windows
>> and Office 2003 malware.  Call it social responsibility.  ...
> ... scan for DOS viruses? Windows 3.1?  95? 98? 2K?

mail6:/var/lib/clamav/databases$ grep -a DOS *ld | wc -l

> It's sad that some people still today think Windows XP should be
> supported (even though EXTENDED support ended in 2014), when that OS
> has no business being connected to the internet with all the
> out-of-date software on it.

Think a bit more about it.  I've had clients who bought Windows 2000
servers and then had software built on top of it for their businesses
and in some cases their engineering processes.  Some clients have CNC
machines driven by XP!  They made a business plan, which was that the
package should pay for itself over a period of time, with a relatively
small outlay, further on down the road, to update the package when the
inevitable next Windows comes out.  Then their software supplier goes
bankrupt.  They've spent a couple of hundred grand on something which
will not work with the latest and greatest OS and there is absolutely
_no_ way to update it.  They know the problems, but there really isn't
any option for them but to battle on.  And yes, I warned them all, but
the alternatives were a lot more expensive - so at the time it really
just came down to gazing into a crystal ball.

> When there's almost 1 MILLION new pieces of malware/viruses created
> every DAY, there's a point of diminishing returns ...

I'm not sure what the numbers are, but it's very clear that it's a
numbers game, and that the Good Guys are very much in the minority.
The moral of that has to be don't play those numbers, you will lose.
I personally put a lot more store in blocking connections by country,
ASN and DNSBL for example than I do in scanning for malicious content,
but that isn't always workable for everyone.

> A logical approach would be to keep definitions in the "main.cvd" as
> long as the product is currently supported...

I think I just saw a flock of pigs flying by... :/



More information about the clamav-users mailing list