This can be calculated by counting the number of ClamAV hits in the clamd log
using ClamAV signatures and the time period between the first and last hits. In
my case I have clamd logs back to April (252 days) and 58 hits on ClamAV
signatures or about 4 per day. Total hits from all signature vendors over the
same period is 5921 or roughly 100/day.
I'm in not much of a hurry to get the next daily update file within seconds of
it becoming available. That was not the case most recently when I was
responsible for production email systems with message rates in excess of 1M/day.
And compared to some I've run over the years that is not a lot.
On 12/20/18 10:37 AM, G.W. Haywood wrote:
Attempting to bring some sort of perspective to all this...
The number of updates per day (or hour or minute), and the currency or
otherwise of the updated data are not, I think, the things that matter.
Isn't what matters most the probability that some malicious payload
will get past your scanner?
clamav-users mailing list
Help us build a comprehensive ClamAV guide: