-- Joel Esler Manager, Talos Group
On May 23, 2016, at 1:52 PM, C.D. Cochrane <c...@post.com<mailto:c...@post.com>> wrote: My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature. There is no way to keep up with that. ClamAV got more than a million virus samples per day, last time I inquired. ...Chris As for they claim above about Dridex etc being too numerous to handle, Sane Security seems to be doing just a fine job of it. (So its just a lame response). I'm not sure what heuristic Sane Security uses. My original point was that a traditional signature (sigtool?) on the current generation of malware seems to be a non-scalable idea. One million new sigs per day is not realistic. ClamAV must evolve if it is going to remain useful. There has to be a better scheme to ID new malware than sigtool. Otherwise, groach is right. ClamAV is just a redundant way to scan for virus files from 2008 or see if your latest files can generate FPs. Obviously going to disagree. We are pushing almost a thousand pieces of detection every four hours now, and that will only increase from here. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
