When talking about averages, I agree. But what I am worried about is the "worst case" malicious payload: for example, a brand new and particularly effective piece of ransomware. It's like car, life or medical insurance. The probability of needing it is low, but when you do, you don't want your account to be in arrears.
-pk On Thu, 20 Dec 2018 18:37:22 +0000 (GMT) "G.W. Haywood" <cla...@jubileegroup.co.uk> wrote: > Hi there, > > Attempting to bring some sort of perspective to all this... > > The number of updates per day (or hour or minute), and the currency or > otherwise of the updated data are not, I think, the things that > matter. > > Isn't what matters most the probability that some malicious payload > will get past your scanner? > > So, what's the difference in this probability if one updates daily, or > hourly, or even every minute? Not terribly easy to estimate, but I'd > suggest that for real-world payloads (as opposed to random selections > from some population of known payloads), and for ClamAV, we're looking > at a range of a few percent in a probability of no less than several > tens of percent. > > I'm not saying that this exercise is pointless, but I am wondering if > there might be better uses for the effort. _______________________________________________ clamav-users mailing list email@example.com http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml