Discussion:
[clamav-users] Signature update schedule, and requirements for adding Signatures
(too old to reply)
Michael D. L.
2016-05-17 12:02:43 UTC
Permalink
Hi,

Hope it's the right list I'm posting to :)

Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.

I've reported several Signatures/Files (via. the website), but they
never make it to the database. When reporting, I also included the
result from www.virustotal.com

Best Regards
Michael

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
C.D. Cochrane
2016-05-17 14:20:08 UTC
Permalink
My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature. There is no way to keep up with that. ClamAV got more than a million virus samples per day, last time I inquired.
...Chris 
 
Sent: Tuesday, May 17, 2016 at 8:02 AM
Subject: [clamav-users] Signature update schedule, and requirements for adding Signatures
Hi,
Hope it's the right list I'm posting to :)
Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.
I've reported several Signatures/Files (via. the website), but they
never make it to the database. When reporting, I also included the
result from www.virustotal.com[http://www.virustotal.com]
Best Regards
Michael
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.n
Charles Swiger
2016-05-17 17:14:02 UTC
Permalink
Post by Michael D. L.
Hi,
Hope it's the right list I'm posting to :)
Why is the Signature Database only updated every 4 hours? Every 15 minutes would make more sense, since Spammers move very fast pushing out new version of Trojans and alike.
Over the long term, ClamAV has averaged about two virus definition updates per day. If they start averaging more than 6 updates per day, then supporting more frequent signature changes might make sense....

Regards,
--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Joel Esler (jesler)
2016-05-17 23:52:37 UTC
Permalink
Correct. Now that we are back to pushing updates every 4 hours, whereas most AV companies only push once or twice a day.


--
Joel Esler
Manager, Talos Group




On May 17, 2016, at 10:20 AM, C.D. Cochrane <***@post.com<mailto:***@post.com>> wrote:

My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature. There is no way to keep up with that. ClamAV got more than a million virus samples per day, last time I inquired.
...Chris


Sent: Tuesday, May 17, 2016 at 8:02 AM
From: "Michael D. L." <***@cosis.dk<mailto:***@cosis.dk>>
To: clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
Subject: [clamav-users] Signature update schedule, and requirements for adding Signatures
Hi,

Hope it's the right list I'm posting to :)

Why is the Signature Database only updated every 4 hours? Every 15
minutes would make more sense, since Spammers move very fast pushing out
new version of Trojans and alike.

I've reported several Signatures/Files (via. the website), but they
never make it to the database. When reporting, I also included the
result from www.virustotal.com<http://www.virustotal.com>[http://www.virustotal.com]

Best Regards
Michael

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Loading...