On Wed, 25 Apr 2012, Emanuele Balla wrote: > May I add, FWIW: several of the malware sigs refer to drive-by malware > infection schemes, and the URLs they target are used for only a few > hours in email. Which signature files are like that? > So, if you run clamav on the mailserver during or immediately after the > SMTP transaction (in other words: milter or post-queue content filter), > updating the signatures once a day will render them completely useless: > after the run, the only thing they're useful for is client-side and/or > post-delivery mailbox scanning. > > If you're using that DB at SMTP time and plan to update it once a day, I > suggest removing the DB completely, because it's simply not going to add > anything to you. > > Even updating every hour is far from being optimal, IMHO (on my systems > those signatures are refreshed every 5 minutes directly from my own > repository)... How do you update the repository? Alan Stern