[sanesecurity] Re: Long DB refresh times

• From: TR Shaw <tshaw@xxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Wed, 25 Apr 2012 09:36:02 -0400

On Apr 25, 2012, at 8:07 AM, Gerard Seibert wrote:

> On Tue, 24 Apr 2012 18:11:00 -0400
> TR Shaw articulated:
> 
>> On Apr 24, 2012, at 4:41 PM, Richard Doyle wrote:
>> 
>>> On 04/24/2012 09:29 AM, Richard Doyle wrote:
>>>> On 04/24/2012 09:13 AM, micah anderson wrote:
>>>>>> 
>>>>>> Has anyone else seen these kinds of delays? Is there any way to
>>>>>> get these databases to load faster or to allow ClamAV to continue
>>>>>> scanning when the database is being reloaded?
>>>>> 
>>>>> I was noticing this as well, and it seemed like it was something
>>>>> that has only recently started to happen. I suspected a bug or
>>>>> something, but perhaps we reached some tipping point.
>>>> 
>>>> Me too. I'm moving to once-a-day updates.
>> 
>> Once a day updates defeats the purpose to detect early threats.  We
>> need to get this solved and IMHO I think that it is a bug ClamAV.
> 
> I have used several commercial packages that download their signature
> files between once and 4 times per day. They have operated at the same
> level of efficiency as ClamAV. If ClamAV really needs to update its
> database on an hourly schedule, perhaps its "recognition heuristic"
> algorithm is defective. The only other possible conclusion is that the
> ClamAV team is considerable slower at releasing specific virus
> definitions; i.e. a virus discovered on Monday does not get a signature
> released until Friday. This is just a guess though. Has the ClamAV team
> ever released data as to their turn around time on virus discovery and
> the publishing of a specific signature signature for said virus?
> 
> 
> 

Gerard, 

I can't comment about ClamAV or some of the others that contribute to 
sanesecurity but I do know that skull's signatures are generated very shortly 
after detection as are my attachment and cracked sigs. Steve's rogue and many 
of my new malware sigs (after packed polymorphism is removed) are rolled out in 
near real time. So for those, at a minimum, update rates do matter. 

Tom
 

• Follow-Ups:
  • [sanesecurity] Re: Long DB refresh times
    • From: Emanuele Balla

• References:
  • [sanesecurity] Long DB refresh times
    • From: David Mayo
  • [sanesecurity] Re: Long DB refresh times
    • From: micah anderson
  • [sanesecurity] Re: Long DB refresh times
    • From: Richard Doyle
  • [sanesecurity] Re: Long DB refresh times
    • From: Richard Doyle
  • [sanesecurity] Re: Long DB refresh times
    • From: TR Shaw
  • [sanesecurity] Re: Long DB refresh times
    • From: Gerard Seibert

Other related posts:

• » [sanesecurity] Long DB refresh times- David Mayo
• » [sanesecurity] Re: Long DB refresh times- Michael Orlitzky
• » [sanesecurity] Re: Long DB refresh times- micah anderson
• » [sanesecurity] Re: Long DB refresh times- Richard Doyle
• » [sanesecurity] Re: Long DB refresh times- Robo Kupka
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- micah anderson
• » [sanesecurity] Re: Long DB refresh times- Henrik K
• » [sanesecurity] Re: Long DB refresh times- TR Shaw
• » [sanesecurity] Re: Long DB refresh times- Robo Kupka
• » [sanesecurity] Re: Long DB refresh times- Gerard Seibert
• » [sanesecurity] Re: Long DB refresh times- Richard Doyle
• » [sanesecurity] Re: Long DB refresh times- TR Shaw
• » [sanesecurity] Re: Long DB refresh times- Paul Enlund
• » [sanesecurity] Re: Long DB refresh times- Severus
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- Emanuele Balla (aka Skull)
• » [sanesecurity] Re: Long DB refresh times- Severus
• » [sanesecurity] Re: Long DB refresh times- David Mayo
• » [sanesecurity] Re: Long DB refresh times- John Horne
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- John Horne
• » [sanesecurity] Re: Long DB refresh times- Paul Enlund
• » [sanesecurity] Re: Long DB refresh times- Gerard Seibert
• » [sanesecurity] Re: Long DB refresh times- Henrique de Moraes Holschuh
• » [sanesecurity] Re: Long DB refresh times- Robo Kupka
• » [sanesecurity] Re: Long DB refresh times - TR Shaw
• » [sanesecurity] Re: Long DB refresh times- Emanuele Balla
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- Robo Kupka
• » [sanesecurity] Re: Long DB refresh times- Alan Stern
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- Emanuele Balla
• » [sanesecurity] Re: Long DB refresh times- Emanuele Balla
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- Steve Basford
• » [sanesecurity] Re: Long DB refresh times- Robo Kupka
• » [sanesecurity] Re: Long DB refresh times- Cernohorsky Wolfgang
• » [sanesecurity] Re: Long DB refresh times- Severus
• » [sanesecurity] Re: Long DB refresh times- TR Shaw

1. Home
2. sanesecurity
3. Archive
4. 04-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---