Hi,
You are forgetting things like embedded systems in hospitals that can't
reasonably be updated.
The NHS got stung by this with XP and Microsoft had to produce a post
EOL fix.
Outside of the computer industry, software and hardware move forward at
a snails pace. Many systems still use Windows 2K and DOS. Many systems
can't reasonably be updated as the company that made them no-longer
exists. The primary reason for change is that something breaks and the
equipment has to be scrapped not that the embedded software is not
supportable, 'out of date' and at risk from malicious software.
Regards
Mark.
On 07/10/19 18:38, J.R. via clamav-users wrote:
Steve Basford:
So, is the above hash still relevant or should it moved into archived.hsb,
which by default doesn't load ?
I would *guess* the ClamAV team would have a *little* more detailed of
a back-end system tracking viruses (though I could be wrong)...
G.W. Haywood:
Well I only run Linux systems and I'd _still_ want to scan for Windows
and Office 2003 malware. Call it social responsibility. Just because
my systems are immune to something malicious doesn't mean I'll want to
ignore it when it arrives. If my systems accepted such a thing from a
correspondent who has a vulnerable system, and then gave it to another
correspondent with yet another vulnerable system then I'd say that I'd
been irresponsible if I could have stopped it in its tracks with a bit
of effort and very little extra resource usage.
That's why I said "optionally disable" as in "enabled by default"...
and Office 2003 was just a random example (as it is 16 years old)...
Would you still feel necessary to scan for DOS viruses? Windows 3.1?
95? 98? 2K? It's sad that some people still today think Windows XP
should be supported (even though EXTENDED support ended in 2014), when
that OS has no business being connected to the internet with all the
out-of-date software on it.
When there's almost 1 MILLION new pieces of malware/viruses created
every DAY, there's a point of diminishing returns if the signature
database was going to contain everything since the dawn of
computing... Granted there aren't nearly that many new signatures
added to clamav, but the explosive growth in MODERN threats just goes
to show the direction things are going...
A logical approach would be to keep definitions in the "main.cvd" as
long as the product is currently supported... After it is declared EOL
and no longer supported by its creator, then move said definitions
into the (default enabled, but optionally disabled) "archived.cvd" or
whatever and give them an extended year before being removed out of
that. For the super-paranoid then maybe create a "historical.cvd" that
can hold all the old bloat and could would be default-disabled but
optionally-enabled.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
