Hi there,

Attempting to bring some sort of perspective to all this...

The number of updates per day (or hour or minute), and the currency or
otherwise of the updated data are not, I think, the things that matter.

Isn't what matters most the probability that some malicious payload
will get past your scanner?

So, what's the difference in this probability if one updates daily, or
hourly, or even every minute?  Not terribly easy to estimate, but I'd
suggest that for real-world payloads (as opposed to random selections
from some population of known payloads), and for ClamAV, we're looking
at a range of a few percent in a probability of no less than several
tens of percent.

I'm not saying that this exercise is pointless, but I am wondering if
there might be better uses for the effort.

--

73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to