[clamav-users] Continuous increase of startup time (is daily.cld broken?)

Joel Esler (jesler) jesler at cisco.com
Mon Oct 7 16:16:11 EDT 2019


Gotta keep detection around for “old” stuff. First of all, who defines old?

Second of all, when ClamAV is tested in third party analysis, we aren’t tested against “just new stuff”

Sent from my  iPad

> On Oct 7, 2019, at 16:11, G.W. Haywood via clamav-users <clamav-users at lists.clamav.net> wrote:
> 
> Hi there,
> 
>> On Mon, 7 Oct 2019, J.R. via clamav-users wrote:
>> G.W. Haywood wrote:
>>> Well I only run Linux systems and I'd _still_ want to scan for Windows
>>> and Office 2003 malware.  Call it social responsibility.  ...
>> 
>> ... scan for DOS viruses? Windows 3.1?  95? 98? 2K?
> 
> mail6:/var/lib/clamav/databases$ grep -a DOS *ld | wc -l
> 214
> 
>> It's sad that some people still today think Windows XP should be
>> supported (even though EXTENDED support ended in 2014), when that OS
>> has no business being connected to the internet with all the
>> out-of-date software on it.
> 
> Think a bit more about it.  I've had clients who bought Windows 2000
> servers and then had software built on top of it for their businesses
> and in some cases their engineering processes.  Some clients have CNC
> machines driven by XP!  They made a business plan, which was that the
> package should pay for itself over a period of time, with a relatively
> small outlay, further on down the road, to update the package when the
> inevitable next Windows comes out.  Then their software supplier goes
> bankrupt.  They've spent a couple of hundred grand on something which
> will not work with the latest and greatest OS and there is absolutely
> _no_ way to update it.  They know the problems, but there really isn't
> any option for them but to battle on.  And yes, I warned them all, but
> the alternatives were a lot more expensive - so at the time it really
> just came down to gazing into a crystal ball.
> 
>> When there's almost 1 MILLION new pieces of malware/viruses created
>> every DAY, there's a point of diminishing returns ...
> 
> I'm not sure what the numbers are, but it's very clear that it's a
> numbers game, and that the Good Guys are very much in the minority.
> The moral of that has to be don't play those numbers, you will lose.
> I personally put a lot more store in blocking connections by country,
> ASN and DNSBL for example than I do in scanning for malicious content,
> but that isn't always workable for everyone.
> 
>> A logical approach would be to keep definitions in the "main.cvd" as
>> long as the product is currently supported...
> 
> I think I just saw a flock of pigs flying by... :/
> 
> -- 
> 
> 73,
> Ged.
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1872 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20191007/228947a9/attachment.bin>


More information about the clamav-users mailing list