[clamav-users] Continuous increase of startup time (is daily.cld broken?)

Mark Fortescue mark.lists at thurning-instruments.co.uk
Thu Oct 10 13:22:12 EDT 2019


You are forgetting things like embedded systems in hospitals that can't 
reasonably be updated.

The NHS got stung by this with XP and Microsoft had to produce a post 
EOL fix.

Outside of the computer industry, software and hardware move forward at 
a snails pace. Many systems still use Windows 2K and DOS. Many systems 
can't reasonably be updated as the company that made them no-longer 
exists. The primary reason for change is that something breaks and the 
equipment has to be scrapped not that the embedded software is not 
supportable, 'out of date' and at risk from malicious software.

On 07/10/19 18:38, J.R. via clamav-users wrote:
>> Steve Basford:
>> So, is the above hash still relevant or should it moved into archived.hsb,
>> which by default doesn't load ?
> I would *guess* the ClamAV team would have a *little* more detailed of
> a back-end system tracking viruses (though I could be wrong)...
>> G.W. Haywood:
>> Well I only run Linux systems and I'd _still_ want to scan for Windows
>> and Office 2003 malware.  Call it social responsibility.  Just because
>> my systems are immune to something malicious doesn't mean I'll want to
>> ignore it when it arrives.  If my systems accepted such a thing from a
>> correspondent who has a vulnerable system, and then gave it to another
>> correspondent with yet another vulnerable system then I'd say that I'd
>> been irresponsible if I could have stopped it in its tracks with a bit
>> of effort and very little extra resource usage.
> That's why I said "optionally disable" as in "enabled by default"...
> and Office 2003 was just a random example (as it is 16 years old)...
> Would you still feel necessary to scan for DOS viruses? Windows 3.1?
> 95? 98? 2K? It's sad that some people still today think Windows XP
> should be supported (even though EXTENDED support ended in 2014), when
> that OS has no business being connected to the internet with all the
> out-of-date software on it.
> When there's almost 1 MILLION new pieces of malware/viruses created
> every DAY, there's a point of diminishing returns if the signature
> database was going to contain everything since the dawn of
> computing... Granted there aren't nearly that many new signatures
> added to clamav, but the explosive growth in MODERN threats just goes
> to show the direction things are going...
> A logical approach would be to keep definitions in the "main.cvd" as
> long as the product is currently supported... After it is declared EOL
> and no longer supported by its creator, then move said definitions
> into the (default enabled, but optionally disabled) "archived.cvd" or
> whatever and give them an extended year before being removed out of
> that. For the super-paranoid then maybe create a "historical.cvd" that
> can hold all the old bloat and could would be default-disabled but
> optionally-enabled.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list