Hi there, Attempting to bring some sort of perspective to all this...

The number of updates per day (or hour or minute), and the currency or otherwise of the updated data are not, I think, the things that matter. Isn't what matters most the probability that some malicious payload will get past your scanner? So, what's the difference in this probability if one updates daily, or hourly, or even every minute? Not terribly easy to estimate, but I'd suggest that for real-world payloads (as opposed to random selections from some population of known payloads), and for ClamAV, we're looking at a range of a few percent in a probability of no less than several tens of percent. I'm not saying that this exercise is pointless, but I am wondering if there might be better uses for the effort. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml