want to unsubscribe. went to the http listed, no 'unsubscribed' thereā¦ On 20Dec, 2013, at 6:00 AM, [email protected] wrote:
> Send clamav-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > > > Today's Topics: > > 1. how to make a high efficiency cvd (???) > 2. Re: how to make a high efficiency cvd (Matus UHLAR - fantomas) > 3. Re: how to make a high efficiency cvd (Alain Zidouemba) > 4. Re: how to make a high efficiency cvd (Bryan Burke) > 5. Re: how to make a high efficiency cvd (Matus UHLAR - fantomas) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 19 Dec 2013 20:35:12 +0800 (CST) > From: ??? <[email protected]> > Subject: [clamav-users] how to make a high efficiency cvd > To: clamav-user <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset=GBK > > 1. Do you have a commonly-used?popular? virus list? > > > 2. Can we get the added time(the time of inserting into the virus database) > of every virus, or get the time order(insert time) of the sigature from > daily.cvd(or daily.mdb) file?Besides, does it mean that the last one of the > signature in the file means the newest virus? > > > 3. The cvd file is too large and consume too much memory, our less advanced > device can't run it smoothly, so we have to do a smaller cvd file, and will > delete the old or inactive sigature.Could you give us some instructions of > doing it, and tell us what do we need pay attention to? > > > 4. Could you tell us the meaning of every section? For example: > "7680:9c554a76ebddc16ce19c46677200f624:Win.Trojan.Vidro-98", this is one line > in the virus list,what's the meaning of these sections: "7680", > "9c554a76ebddc16ce19c46677200f624", "Win.Trojan.Vidro", "98"? And we think > that "Win.Trojan.Vidro" means a category of one virus,and > "Win.Trojan.Vidro-98" represents a specific virus, is this right? > > > 5. What frequency does clamav release new engine version, do you have a > release-time list of the history virus engine versions? Besides, can the old > virus engine run normally with the newer virus database? > > > thanks very much > > ------------------------------ > > Message: 2 > Date: Thu, 19 Dec 2013 17:05:03 +0100 > From: Matus UHLAR - fantomas <[email protected]> > Subject: Re: [clamav-users] how to make a high efficiency cvd > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8; format=flowed > > On 19.12.13 20:35, ??? wrote: >> 3. The cvd file is too large and consume too much memory, our less advanced >> device can't run it smoothly, so we have to do a smaller cvd file, and >> will delete the old or inactive sigature.Could you give us some >> instructions of doing it, and tell us what do we need pay attention to? > > You should use proper devices to do antivirus scanning. There's no sane > reason to exclude virus signatures if you really want to do the antivirus > scanning... > > -- > Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > LSD will make your ECS screen display 16.7 million colors > > > ------------------------------ > > Message: 3 > Date: Thu, 19 Dec 2013 11:12:46 -0500 > From: Alain Zidouemba <[email protected]> > Subject: Re: [clamav-users] how to make a high efficiency cvd > To: ClamAV users ML <[email protected]> > Message-ID: > <cagqqwqmpxzq6pw25rsuslizjh1dpjuqz9x0v01xpnene-sj...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Thu, Dec 19, 2013 at 7:35 AM, ??? <[email protected]> wrote: > >> 1. Do you have a commonly-used?popular? virus list? >> >> Yes, here: http://www.clamav.net/lang/en/download/cvd/malware-stats/ > >> >> 2. Can we get the added time(the time of inserting into the virus >> database) of every virus, or get the time order(insert time) of the >> sigature from daily.cvd(or daily.mdb) file?Besides, does it mean that the >> last one of the signature in the file means the newest virus? >> > > You can follow signature updates here: > http://lurker.clamav.net/list/clamav-virusdb.en.html > >> >> >> 3. The cvd file is too large and consume too much memory, our less >> advanced device can't run it smoothly, so we have to do a smaller cvd file, >> and will delete the old or inactive sigature.Could you give us some >> instructions of doing it, and tell us what do we need pay attention to? >> >> Look into the utility "sigtool" that ships with ClamAV. On a related > note, you don't need to have your signatures in a .cvd file. Your > signatures just need to be in a files that have the proper extensions for > the signature type. See: > https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf > >> >> 4. Could you tell us the meaning of every section? For example: >> "7680:9c554a76ebddc16ce19c46677200f624:Win.Trojan.Vidro-98", this is one >> line in the virus list,what's the meaning of these sections: "7680", >> "9c554a76ebddc16ce19c46677200f624", "Win.Trojan.Vidro", "98"? And we think >> that "Win.Trojan.Vidro" means a category of one virus,and >> "Win.Trojan.Vidro-98" represents a specific virus, is this right? >> >> Information can be found here: > https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf > >> >> 5. What frequency does clamav release new engine version, do you have a >> release-time list of the history virus engine versions? Besides, can the >> old virus engine run normally with the newer virus database? >> >> Older releases can be found here: > https://github.com/vrtadmin/clamav-devel/releases > I would not recommend running older ClamAV engines. However, some older > versions can run the some of the latest signatures > >> >> thanks very much >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml > > > ------------------------------ > > Message: 4 > Date: Thu, 19 Dec 2013 11:13:52 -0500 > From: Bryan Burke <[email protected]> > Subject: Re: [clamav-users] how to make a high efficiency cvd > To: ClamAV users ML <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Instead of trying to prune the database, is it possible to, say, only load > half the virus database, then just scan twice (with each half)? If memory is > the limiting factor, then perhaps the extra time/IO necessary is a worthy > trade-off. > > -- > Bryan Burke > EECS IT Staff > University of Tennessee, Knoxville > (865) 974-4695 > [email protected] > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: smime.p7s > Type: application/pkcs7-signature > Size: 2198 bytes > Desc: not available > URL: > <http://lists.clamav.net/pipermail/clamav-users/attachments/20131219/e3a82b74/attachment.bin> > > ------------------------------ > > Message: 5 > Date: Thu, 19 Dec 2013 17:53:37 +0100 > From: Matus UHLAR - fantomas <[email protected]> > Subject: Re: [clamav-users] how to make a high efficiency cvd > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii; format=flowed > > On 19.12.13 11:13, Bryan Burke wrote: >> Instead of trying to prune the database, is it possible to, say, only load >> half the virus database, then just scan twice (with each half)? If memory >> is the limiting factor, then perhaps the extra time/IO necessary is a >> worthy trade-off. > > Loading and parsing the database is very time and CPU expensive. > This would in fact slow things down. > > -- > Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Windows found: (R)emove, (E)rase, (D)elete > > > ------------------------------ > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > https://github.com/vrtadmin/clamav-faq > > End of clamav-users Digest, Vol 111, Issue 14 > ********************************************* First they ignore you. Then they laugh at you. Then they fight you. Then you win. -- M. K. Gandhi _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
