Hello Al,
> Because the signatures may not be identical and could be looking for two
> different things so that a variant of the original malware that could be
> caught by one sig will be overlooked by the other.
This can not happened with Securiteinfo.com sigs. We remove signatures when
Clamav
On May 24, 2016, at 5:37 AM, "Arnaud Jacques / SecuriteInfo.com" wrote:
>> As for "removing" a 3rd party signature when official ones block it,
>> well... overall... it wouldn't really be a good idea.
>
> Why ?
>
> Clamav official signatures + all 3rd party signatures needs a lot of system
> RAM
iters?
...Chris
> Sent: Tuesday, May 24, 2016 at 8:37 AM
> From: Groach
> To: "ClamAV users ML"
> Subject: Re: [clamav-users] signature processing order
> I dont understand why anyone would want to delete a signature from their
> databases even if it is a duplicate. C
Hello Steve,
> As for "removing" a 3rd party signature when official ones block it,
> well... overall... it wouldn't really be a good idea.
Why ?
Clamav official signatures + all 3rd party signatures needs a lot of system
RAM. Optimizing
our signatures to scan faster and use less RAM should be
Hmm, that's strange. I have noted exactly the opposite behavior. My
customsig.ndb sigs
only get applied after official ClamAV detection has run. I know this because
I am
always watching for my UNOFFICIAL FOUNDs to be replaced by official ones and I
then
delete the related sig from my customsi
On Tue, May 24, 2016 12:23 pm, Groach wrote:
> Out of interest, what does it matter? Why is it important that an
> official CLAM definition stops the virus before the 3rd party definition
> stops the same virus (if they both have the same criteria)? Surely a goal
> is a goal and it doesnt matter
Hello,
> Out of interest, what does it matter?
The question of Axb is interesting.
Such option could be used to remove signatures from 3rd party when detection is
done
with official signatures from Clamav.
We do not need 4 different signatures in RAM to get the same sample detection.
--
Bes
Out of interest, what does it matter? Why is it important that an
official CLAM definition stops the virus before the 3rd party definition
stops the same virus (if they both have the same criteria)? Surely a
goal is a goal and it doesnt matter who kicked the ball.
On 24/05/2016 11:54, Axb
