I guess it all depends on what you want from AV. I hope for 0 day email detection. If my customsig or ClamAV official DB detect the virus in the days and weeks AFTER the virus hit my inbox then I've already lost. I never do full system file scans with ClamAV. I want incoming email detection.
So, I keep hoping that any new official detection will be indicative of a new 0 day algorithm, not merely a copy of the static signature I already redundantly created. Insanity is doing the same thing over and over hoping for different results :) Am I insane, or are the ClamAV sig writers? ...Chris > Sent: Tuesday, May 24, 2016 at 8:37 AM > From: Groach <groachmail-stopspammin...@yahoo.com> > To: "ClamAV users ML" <clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] signature processing order > I dont understand why anyone would want to delete a signature from their > databases even if it is a duplicate. Consider this: > > MAIN: signature "BadWilly" (no guesses what it might be trying to trap) > 3rdParty signature "3rdBadWilly" attempting to catch the same virus > > Ok, so now you have determined there are 2 viruses with the same > intewntion. So you delete one of them > > Unknown to you, the one you deleted wasnt very good and doesnt actually > work as expected. (Whereas the deleted one weas good). > > OR > > You delete one, leaving one that was once proven effective...then tnat > same provider changes that defniition (agains leaving you without the > protection). > > OR.... you delete signature (thinkning its redundant) then do a database > update and it gets restored again. > > And you simply cant ask the providers to not include the definitions > 'just because MAIN Clam has included it' because MAYBE there is a > customer that does like or update MAIN database (and actually likes to > rely solely on the 3rd party database). > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
