On Mon, Jan 12, 2004 at 01:56:47PM -0500, jef moskot wrote : [...]
> > Thanks, that puts things into a little perspective. > > I'm really just looking for a GENERAL idea. For example, if you had to > explain to the average user what sort of viruses were being added to the > database...is it MOSTLY new ones? MOSTLY old ones? About half and half? > > Would it be fair to say that when a new update comes out that it has > likely been triggered by a recent discovery? > We have mainly two types of contributors: - ISP or domain administrators. All those people send mainly new versions of virii. With their help, we have newest viruses in very short time. I think we can say that we have samples of new spreading virii in record times. An example ? When the Sober.C worm began to spread, we received about 4 submissions in some hours. And many more after it was added to the database. > Submissions: 315, 316, 317, 321 > Senders: Christian Kühn, Peter Surda, Joerg Seyfried, Andreas Grundler > Virus name: Sober.C > Added: Worm.Sober.C Since submissions are checked many times a day, I think we can say that new viruses that were sent to us are added to database on a 1 day delay. - Independant or personal contributors: Can send various types of viruses. New, old ones, unknown, Trojans, etc. Some of them are crawling the www to find the virii we don't have. Their contributions are important since they submit mainly more uncommon viruses that ISP do not often receive. There are actually a _balance_ between old and new viruses we receive. But, as said T. Papszun, the newests ones have all our attention and are processed in first. In conclusion, and to answer your question, we receive actually a majority of current worms,trojans and viruses that are still in activity. Those are analysed on a fifo base. At any time, if fast spreading new virus is received, it preempts the other submissions. Hope this mail answers your questions. /ddm -- Denis De Messemacker GnuPG Key-ID: 0x02787880 [EMAIL PROTECTED] http://www.e-labs.org [EMAIL PROTECTED] http://www.ClamAV.net - A GPL virus scanner ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
