I love this! ++ > On Nov 19, 2025, at 12:18, Brendan Bell (brebell) via clamav-users > <[email protected]> wrote: > > ClamAV was first introduced in 2002; since then, the signature set has grown > without bound, delivering as many detections as possible to the community. > Due to continually increasing database sizes and user adoption, we are faced > with significantly increasing costs of distributing the signature set to the > community. > To address the issue, Cisco Talos has been working to evaluate the efficacy > and relevance of older signatures. Signatures which no longer provide value > to the community, based on today’s security landscape, will be retired. > We are making this announcement as an advisory that our first pass of this > retirement effort will affect a significant drop in database size for both > the daily.cvd and main.cvd. > Our goal is to ensure that detection content is targeted to currently active > threats and campaigns. We will judge this based on signature matches seen in > our, and our partners, data feeds over an extended period of time. We will > continue to evaluate detection prevalence for retired signatures and will > restore any signatures to the active signature set as needed to protect the > community. Going forwards, we will continue to curate the signature set to > match the security landscape. This may result in further reductions in the > total number of signatures included in the signature set alongside the normal > growth that comes from new added coverage. > > These are the impacts on signature database sizes you can expect from the > first pass: > File Name > September 2025 > December 2025 after retirement of signatures > main.cvd > 163 MB > ~80 MB > daily.cvd > 62 MB > ~22 MB > > In addition to the reduction in size of the signature set, we will also begin > to remove container images from Docker Hub. We are doing this to remove > container images which may contain vulnerabilities either in ClamAV or in the > base image, and to reduce the burden on Docker Hub itself, which presently > hosts over 300 GiB of ClamAV container images. > When complete, we will only provide container images on Docker Hub for the > supported versions of ClamAV. At this time, these will include: > Release > Tags > 1.5 > 1.5, 1.5.1, latest, stable > 1.4 LTS > 1.4, 1.4.3 > 1.0 LTS > 1.0, 1.0.9 > > We recommend that ClamAV container image users select a feature release tag > rather than a specific minor release tag in order to <> stay up to date with > security and bug fixes. > > ClamAV Signature Retirement Open Source FAQ: > > What if bad actors begin to reuse old malware and old exploits? > Our team is committed to reintroducing any signature based on the activity of > bad actors in a timely fashion. > > Can open-source users access the signatures that have been retired from > main.cvd? > We intend to make the retired signatures available at a later date for > researchers and corner cases > > Is this an ongoing process? > Cisco Talos will continue to curate the signature set and may retire > signatures as they lose relevance to today’s security landscape. > How will open source Users benefit from these changes? > Smaller file downloads come with inherent advantages, but unbound growth is > not sustainable and we already have outgrown resource needs for scanning on > some server configurations. We anticipate a noticeable RAM usage reduction > for the ClamAV engine, possibly by as much as 25%. > > When will users see a change in file sizes? > Signature retirement and the file size reduction will begin on December 16th > , 2025. > Users will notice that the main.cvd and daily.cvd will be roughly 50% smaller > than they have seen prior to that date. > > > If you have any questions please ask here or join our ClamAV discord: > https://discord.gg/K5jjC9Td > > Thanks. > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
