Re: [clamav-users] ClamAV UnOfficial Database

2017-05-05 Thread Benny Pedersen 

Joel Esler (jesler) skrev den 2017-05-05 01:39:

We have some ideas here Benny, but nothing in the pipeline today.


+1, thats stable software :)


If we incorporated SaneSecurity’s sigs (we need permission to do so
from Steve), then we could ingest them, and de-dupe any hash-based
sigs that we have that other types of sigs alert on (we do this today
for our own internal sigs)  The hash based sigs are a method for us to
automatically get sigs out right now instead of later.  As we all have
other things we are doing.


why not just permit sig creatators to sign there own sigs ?, so it can 
be used entirely as a freshclam update ?, why would that be bad ?


atleast if sig creators could sign sigs digitaly, it wont hurt to drop 
bash updates that use gpg, i can make clu database files now, but still 
not sign it, with imho is bad that this is not yet possible :(


the dedupe is appricated, and thats is a very good reason to make sigs 
centraly, but that can be ensured in other ways imho


how to list pua catagorys ?, what about clam stats used as a sig 
catagory change rule for sigs that are not in the wild, so if users not 
using all catagorys will not load all sigs, but users that want to use 
all sigs can do so ?


or it could be make another cvd called archived, with contains all sigs 
that are considered very old and not usefull, not hitting in long time


doing nothing is not a problem for stable software, but it not makeing 
it better even


lets hear Steve why he not just send sigs to sig creators maillists, i 
know its a big work done even if he did not send it

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Joel Esler (jesler) 
We have some ideas here Benny, but nothing in the pipeline today.


If we incorporated SaneSecurity’s sigs (we need permission to do so from 
Steve), then we could ingest them, and de-dupe any hash-based sigs that we have 
that other types of sigs alert on (we do this today for our own internal sigs)  
The hash based sigs are a method for us to automatically get sigs out right now 
instead of later.  As we all have other things we are doing.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On May 4, 2017, at 5:57 PM, Benny Pedersen > 
wrote:

Henrik K skrev den 2017-05-04 23:30:

So we traded memory for equal disk. No surprise there, those bazillion
hashes need their space.  I guess someone should just serve them up in cloud
somewhere like...  Immunet?  ^_^

and scan times is still the same ?, while load time is considred very fast 
since it now dont need to unzip main.cvd ? :)

wish for freshclam, save cvd files in unpacked state so it does not need to 
unpack on load

freeshclam can update cvd files and pack it with zlib, but it sigtool can 
unpack it to being not zlipped saved, hmm

zlip packed data is only usefull for mirror updateing to save data transfer 
imho on diff updatees it does not get much saved

oh well :=)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Benny Pedersen 

Henrik K skrev den 2017-05-04 23:30:


So we traded memory for equal disk. No surprise there, those bazillion
hashes need their space.  I guess someone should just serve them up in 
cloud

somewhere like...  Immunet?  ^_^


and scan times is still the same ?, while load time is considred very 
fast since it now dont need to unzip main.cvd ? :)


wish for freshclam, save cvd files in unpacked state so it does not need 
to unpack on load


freeshclam can update cvd files and pack it with zlib, but it sigtool 
can unpack it to being not zlipped saved, hmm


zlip packed data is only usefull for mirror updateing to save data 
transfer imho on diff updatees it does not get much saved


oh well :=)
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Henrik K 
On Thu, May 04, 2017 at 08:36:00PM +0300, Henrik K wrote:
> On Thu, May 04, 2017 at 02:57:51PM +0200, Reindl Harald wrote:
> > 
> > it's unacceptable having a clamd process which wastes nearly 1 GB of RAM
> > hanging around when he don't catch anything
> 
> For once I have to agree..
> 
> My stats:
> ClamAV - 10 million sigs (includes most sanesecurity stuff)
> Sophos - 13 million sigs
> 
> # /usr/bin/time -f '\t%E real, \t%M kBmem' /usr/local/clamav/bin/clamscan 
> /etc/hosts
> 
> 0:28.18 real,   1096492 kBmem
> 
> # /usr/bin/time -f '\t%E real, \t%M kBmem' /opt/sophos-av/bin/savscan 
> /etc/hosts
> 
> 0:05.99 real,   231504 kBmem
> 
> Perhaps ClamAV devs should start innovating a little on how to handle all
> the sigs, instead of keeping bloating a glorified in-memory hash-database. 
> ;-D Jeez one could probably simply precompile a CDB database from all the
> hashes and dramatically reduce memory usage, probably wouldn't even slow
> down much..

Just playing around a bit..

# /usr/bin/time -f '\t%E real, \t%M kBmem' /usr/local/clamav/bin/clamscan -d 
/tmp/testsigs /etc/hosts
Known viruses: 10448710
  0:25.76 real,   1164396 kBmem

Take out all the "complete file hashes" and we are not left with many sigs.. 
dramatic drop in memory usage, though it's still very high considering..

# /usr/bin/time -f '\t%E real, \t%M kBmem' /usr/local/clamav/bin/clamscan -d 
/tmp/testsigs /etc/hosts
Known viruses: 298188
  0:10.67 real,   215048 kBmem

These were separated:

# wc -l *
   447753 daily.hdb
   54 daily.hdu
  1531075 daily.hsb
1 daily.hsu
75620 daily.mdb
 1083 daily.mdu
1 daily.msb
1 daily.msu
58464 main.hdb
1 main.hsb
  4059433 main.mdb
1 main.msb
  428 porcupine.hsb
 9636 rfxn.hdb
  114 rogue.hdb
  3730415 securiteinfo.hdb
94786 securiteinfoandroid.hdb
96084 securiteinfoascii.hdb
36319 securiteinfohtml.hdb
   14 spamattach.hdb
   71 spamimg.hdb
 5894 winnow.attachments.hdb
  825 winnow_extended_malware.hdb
 3751 winnow_malware.hdb
 10151824 total

Chew them into cdb with some lamo perl

===
#!/usr/bin/perl
use CDB_File;
$cdb = new CDB_File ('/tmp/sigs.cdb', "/tmp/sigs.cdb.$$") or die $@;
$keys = 0;
while () {
chomp;
if (/^([a-f0-9]{32,64}):(\d+|\*):([^:]+)/i) {
$hash = lc($1); $size = $2; $sig = $3;
}
elsif (/^(\d+):([a-f0-9]{32,64}):([^:]+)/i) {
$size = $1; $hash = lc($2); $sig = $3;
}
else { die "Barf? $_\n"; }
$cdb->insert(pack("H*", $hash), "$size:$sig");
$keys++;
}
$cdb->finish;
print "$keys keys inserted\n";
===

# cat * | /usr/bin/time -f '\t%E real, \t%M kBmem' /tmp/clamcdb.pl
10151824 keys inserted
  0:31.09 real,   160144 kBmem

# du -h /tmp/sigs.cdb
781M/tmp/sigs.cdb

So we traded memory for equal disk. No surprise there, those bazillion
hashes need their space.  I guess someone should just serve them up in cloud
somewhere like...  Immunet?  ^_^

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Bond Masuda 
I have to agree on the memory requirements for clamd being high. I 
wonder if it would make sense to store the data set of signatures in a 
tiered hierarchy, with some of the less used data being on disk until 
there's a hit? i don't know enough about the internals and scanning 
algorithm used in clamd to speak meaningfully about it...



On 05/04/2017 10:36 AM, Henrik K wrote:

On Thu, May 04, 2017 at 02:57:51PM +0200, Reindl Harald wrote:

it's unacceptable having a clamd process which wastes nearly 1 GB of RAM
hanging around when he don't catch anything

For once I have to agree..

My stats:
ClamAV - 10 million sigs (includes most sanesecurity stuff)
Sophos - 13 million sigs

# /usr/bin/time -f '\t%E real, \t%M kBmem' /usr/local/clamav/bin/clamscan 
/etc/hosts

 0:28.18 real,   1096492 kBmem

# /usr/bin/time -f '\t%E real, \t%M kBmem' /opt/sophos-av/bin/savscan /etc/hosts

 0:05.99 real,   231504 kBmem

Perhaps ClamAV devs should start innovating a little on how to handle all
the sigs, instead of keeping bloating a glorified in-memory hash-database.
;-D Jeez one could probably simply precompile a CDB database from all the
hashes and dramatically reduce memory usage, probably wouldn't even slow
down much..

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Henrik K 
On Thu, May 04, 2017 at 02:57:51PM +0200, Reindl Harald wrote:
> 
> it's unacceptable having a clamd process which wastes nearly 1 GB of RAM
> hanging around when he don't catch anything

For once I have to agree..

My stats:
ClamAV - 10 million sigs (includes most sanesecurity stuff)
Sophos - 13 million sigs

# /usr/bin/time -f '\t%E real, \t%M kBmem' /usr/local/clamav/bin/clamscan 
/etc/hosts

0:28.18 real,   1096492 kBmem

# /usr/bin/time -f '\t%E real, \t%M kBmem' /opt/sophos-av/bin/savscan /etc/hosts

0:05.99 real,   231504 kBmem

Perhaps ClamAV devs should start innovating a little on how to handle all
the sigs, instead of keeping bloating a glorified in-memory hash-database. 
;-D Jeez one could probably simply precompile a CDB database from all the
hashes and dramatically reduce memory usage, probably wouldn't even slow
down much..

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Kris Deugau 

Joel Esler (jesler) wrote:

We already distribute some third party feeds into the official database, we 
have a program for that which can be found on our website.


For my part I would far prefer an enhancement to freshclam to allow it 
to download arbitrary third-party signature sets, much as SpamAssassin's 
"sa-update" tool can download third-party SpamAssassin rules without any 
upstream involvement.


Database (re)load time is already rather high with the current 
officially-distributed signatures, and many ongoing complaints 
substantially amount to "Database (re)load time is too long" and/or "I 
can't run Clam on a low-memory VPS".


-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Dennis Peterson 
You make this harder than is necessary. Create a directory for your preferred 
signature files in it (/var/lib/crazyclam, for example), put your preferred 
signature files in it, create a new clamd config file (crazyclamd.conf, for 
example) with that directory defined (DatabaseDirectory /var/lib/crazyclam, for 
example), and use clamd --config-file=/path_to/crazyclamd.conf to start clamd.


dp

On 5/4/17 4:28 AM, crazy thinker wrote:

Hi ClamAV Developers, Users

To my curiosity, i want  to remove ClamAV Official Database and plan to
integrate unofficial database with clamav engine.. i heard that
Sanesecurity signatures increases  ClamAV  performance upto 90%.. so i am
thinking  that  excluding ClamAV Official Database not afffecting ClamAV
performance in this scenario. because. i guess Sanesecurity unofficial
database covers signatures which is covered by ClamAV Official Database..
Am i right?  Th e reason behind to do like this is  i  want to keep
optimized database
i would like to get  some suggestions/advices on my experimental  thought

Thanks,

Crazy Thinker Inc
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Reindl Harald 



Am 04.05.2017 um 13:52 schrieb Joel Esler (jesler):

We already distribute some third party feeds into the official database, we 
have a program for that which can be found on our website.

We would love to incorporate Sanesecurity's feed, all they have to do is give 
us the okay to do it


you *really* should start split the stuff at all and give freshclams 
options what do download and what not - as i found out the offical 
sigantures completly useless but not disable and even if it would likely 
also disable update for googlesafebrowsing which is explicitly wanted here


and there needs to be some *heavy* optimizing - many hundret MB large 
processes are unacceptable at all


and that crap needs a cleanup too because remove 
/var/lib/clamav-spam/safebrowsing.cvd from all machines lasts not long 
and it's completly unclear why there are two signatzres with the same 
purpose and different file extensions


May  4 15:01:15 mail-gw clamd: LibClamAV Warning: Detected duplicate 
databases /var/lib/clamav-spam/safebrowsing.cvd and 
/var/lib/clamav-spam/safebrowsing.cld. The 
/var/lib/clamav-spam/safebrowsing.cvd database is older and will not be 
loaded, you should manually remove it from the database directory.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Reindl Harald 



Am 04.05.2017 um 13:39 schrieb crazy thinker:

Please find below ClamAV performance statistics

In our recent *ClamAV Detection rate test*….

Sanesecurity signatures :*97.11%*
SecuriteInfo  signatures (free) :  19.03%
ClamAV Official only signatures: 13.82%

Number of signatures:

Sanesecurity signatures :  *249,766*
SecuriteInfo (free) :  1,110,596
ClamAV Only  : 4,137,929

Date of oldest malware Sample in test : 06.01.2015
Date of newest malware Sample in test: 05.12.2015


Optimized Database means the db having leass no of signatures and can able
to give more malware detection rate


that logic by itslef is nonsense - how would less signatures give better 
rates?


but yes, on a mailsevrer the official signatures are completly useless 
and hence we don't push them for many months  from the machine running 
freshcalm to the inbound mailserver


why?

beause analyze 6 months logs gave only 3 hits on the offical at all and 
even for them it's unknown if it would not have been caught by the 
unnoficila anyways and because it's unacceptable having a clamd process 
which wastes nearly 1 GB of RAM hanging around when he don't catch anything

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Joel Esler (jesler) 
3rd party signatures distributed by us, are signed.  

--
Sent from my iPhone

> On May 4, 2017, at 08:27, Benny Pedersen  wrote:
> 
> Joel Esler (jesler) skrev den 2017-05-04 14:19:
>> We'd have to evaluate which feeds would be appropriate for the ClamAV
>> Db.  The more coverage the better, with fewest false positives.
> 
> agree, but i like to know if it will be opt out or opt in aswell, would it be 
> considered to make all 3dr party sigs into pua ?, so end users can enable pua 
> category selecting ?
> 
> i am just very open minded on asking here
> 
> lastly will it ever be possible to have 3dr party signature signed ?
> 
> i just begin to hate bash scripts when i know freshclam can do it better
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Benny Pedersen 

Joel Esler (jesler) skrev den 2017-05-04 14:19:

We'd have to evaluate which feeds would be appropriate for the ClamAV
Db.  The more coverage the better, with fewest false positives.


agree, but i like to know if it will be opt out or opt in aswell, would 
it be considered to make all 3dr party sigs into pua ?, so end users can 
enable pua category selecting ?


i am just very open minded on asking here

lastly will it ever be possible to have 3dr party signature signed ?

i just begin to hate bash scripts when i know freshclam can do it better
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Joel Esler (jesler) 
We'd have to evaluate which feeds would be appropriate for the ClamAV Db.  The 
more coverage the better, with fewest false positives. 

--
Sent from my iPhone

> On May 4, 2017, at 08:04, Benny Pedersen  wrote:
> 
> Joel Esler (jesler) skrev den 2017-05-04 13:52:
>> We already distribute some third party feeds into the official
>> database, we have a program for that which can be found on our
>> website.
> 
> +1
> 
>> We would love to incorporate Sanesecurity's feed, all they have to do
>> is give us the okay to do it.
> 
> would it be opt in or opt out if done ?
> 
> most of there signatures is spam sigs, not virus sigs :(
> 
> hopefully all wake up with it
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Benny Pedersen 

Joel Esler (jesler) skrev den 2017-05-04 13:52:

We already distribute some third party feeds into the official
database, we have a program for that which can be found on our
website.


+1


We would love to incorporate Sanesecurity's feed, all they have to do
is give us the okay to do it.


would it be opt in or opt out if done ?

most of there signatures is spam sigs, not virus sigs :(

hopefully all wake up with it
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Benny Pedersen 

crazy thinker skrev den 2017-05-04 13:39:


Sanesecurity signatures :*97.11%*
SecuriteInfo  signatures (free) :  19.03%
ClamAV Official only signatures: 13.82%


all this is not virus signature, so for me this does not count


Number of signatures:

Sanesecurity signatures :  *249,766*
SecuriteInfo (free) :  1,110,596
ClamAV Only  : 4,137,929


if clamav should have more optimized signatures, if would need more 
virus signatures, not just random more signatures


personly i like to see more 0day signaturees then 1 more specific 
signature catches



Date of oldest malware Sample in test : 06.01.2015
Date of newest malware Sample in test: 05.12.2015


so thay are dead ?

Optimized Database means the db having leass no of signatures and can 
able

to give more malware detection rate


so no more 3dr party signature ?

and now i ask why is clamwin have more signatures engines then clamav 
linux ?, reading this maillists here says we all want clamav to be 
global not just windows specific, ironical ?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Joel Esler (jesler) 
We already distribute some third party feeds into the official database, we 
have a program for that which can be found on our website.  

We would love to incorporate Sanesecurity's feed, all they have to do is give 
us the okay to do it.  

--
Sent from my iPhone

> On May 4, 2017, at 07:29, crazy thinker  wrote:
> 
> Hi ClamAV Developers, Users
> 
> To my curiosity, i want  to remove ClamAV Official Database and plan to
> integrate unofficial database with clamav engine.. i heard that
> Sanesecurity signatures increases  ClamAV  performance upto 90%.. so i am
> thinking  that  excluding ClamAV Official Database not afffecting ClamAV
> performance in this scenario. because. i guess Sanesecurity unofficial
> database covers signatures which is covered by ClamAV Official Database..
> Am i right?  Th e reason behind to do like this is  i  want to keep
> optimized database
> i would like to get  some suggestions/advices on my experimental  thought
> 
> Thanks,
> 
> Crazy Thinker Inc
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread crazy thinker 
@Benny Pendersen  Dude ... please find link in previous mail thread

On 4 May 2017 at 17:10, crazy thinker  wrote:

> http://sanesecurity.com/
>
> On 4 May 2017 at 17:09, crazy thinker  wrote:
>
>> Please find below ClamAV performance statistics
>>
>> In our recent *ClamAV Detection rate test*….
>>
>> Sanesecurity signatures :*97.11%*
>> SecuriteInfo  signatures (free) :  19.03%
>> ClamAV Official only signatures: 13.82%
>>
>> Number of signatures:
>>
>> Sanesecurity signatures :  *249,766*
>> SecuriteInfo (free) :  1,110,596
>> ClamAV Only  : 4,137,929
>>
>> Date of oldest malware Sample in test : 06.01.2015
>> Date of newest malware Sample in test: 05.12.2015
>>
>>
>> Optimized Database means the db having leass no of signatures and can
>> able to give more malware detection rate
>>
>>
>> On 4 May 2017 at 17:05, Benny Pedersen  wrote:
>>
>>> crazy thinker skrev den 2017-05-04 13:28:
>>>
 Hi ClamAV Developers, Users

 To my curiosity, i want  to remove ClamAV Official Database and plan to
 integrate unofficial database with clamav engine.. i heard that
 Sanesecurity signatures increases  ClamAV  performance upto 90%..

>>>
>>> where did you read that ?
>>>
>>> so i am
 thinking  that  excluding ClamAV Official Database not afffecting ClamAV
 performance in this scenario. because. i guess Sanesecurity unofficial
 database covers signatures which is covered by ClamAV Official
 Database..

>>>
>>> well if you do this you will shut your self in foots
>>>
>>> Am i right?

>>>
>>> nope
>>>
>>> The reason behind to do like this is  i  want to keep
 optimized database
 i would like to get  some suggestions/advices on my experimental
 thought

>>>
>>> define a optimized database first
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread crazy thinker 
http://sanesecurity.com/

On 4 May 2017 at 17:09, crazy thinker  wrote:

> Please find below ClamAV performance statistics
>
> In our recent *ClamAV Detection rate test*….
>
> Sanesecurity signatures :*97.11%*
> SecuriteInfo  signatures (free) :  19.03%
> ClamAV Official only signatures: 13.82%
>
> Number of signatures:
>
> Sanesecurity signatures :  *249,766*
> SecuriteInfo (free) :  1,110,596
> ClamAV Only  : 4,137,929
>
> Date of oldest malware Sample in test : 06.01.2015
> Date of newest malware Sample in test: 05.12.2015
>
>
> Optimized Database means the db having leass no of signatures and can able
> to give more malware detection rate
>
>
> On 4 May 2017 at 17:05, Benny Pedersen  wrote:
>
>> crazy thinker skrev den 2017-05-04 13:28:
>>
>>> Hi ClamAV Developers, Users
>>>
>>> To my curiosity, i want  to remove ClamAV Official Database and plan to
>>> integrate unofficial database with clamav engine.. i heard that
>>> Sanesecurity signatures increases  ClamAV  performance upto 90%..
>>>
>>
>> where did you read that ?
>>
>> so i am
>>> thinking  that  excluding ClamAV Official Database not afffecting ClamAV
>>> performance in this scenario. because. i guess Sanesecurity unofficial
>>> database covers signatures which is covered by ClamAV Official Database..
>>>
>>
>> well if you do this you will shut your self in foots
>>
>> Am i right?
>>>
>>
>> nope
>>
>> The reason behind to do like this is  i  want to keep
>>> optimized database
>>> i would like to get  some suggestions/advices on my experimental  thought
>>>
>>
>> define a optimized database first
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread crazy thinker 
Please find below ClamAV performance statistics

In our recent *ClamAV Detection rate test*….

Sanesecurity signatures :*97.11%*
SecuriteInfo  signatures (free) :  19.03%
ClamAV Official only signatures: 13.82%

Number of signatures:

Sanesecurity signatures :  *249,766*
SecuriteInfo (free) :  1,110,596
ClamAV Only  : 4,137,929

Date of oldest malware Sample in test : 06.01.2015
Date of newest malware Sample in test: 05.12.2015


Optimized Database means the db having leass no of signatures and can able
to give more malware detection rate


On 4 May 2017 at 17:05, Benny Pedersen  wrote:

> crazy thinker skrev den 2017-05-04 13:28:
>
>> Hi ClamAV Developers, Users
>>
>> To my curiosity, i want  to remove ClamAV Official Database and plan to
>> integrate unofficial database with clamav engine.. i heard that
>> Sanesecurity signatures increases  ClamAV  performance upto 90%..
>>
>
> where did you read that ?
>
> so i am
>> thinking  that  excluding ClamAV Official Database not afffecting ClamAV
>> performance in this scenario. because. i guess Sanesecurity unofficial
>> database covers signatures which is covered by ClamAV Official Database..
>>
>
> well if you do this you will shut your self in foots
>
> Am i right?
>>
>
> nope
>
> The reason behind to do like this is  i  want to keep
>> optimized database
>> i would like to get  some suggestions/advices on my experimental  thought
>>
>
> define a optimized database first
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread Benny Pedersen 

crazy thinker skrev den 2017-05-04 13:28:

Hi ClamAV Developers, Users

To my curiosity, i want  to remove ClamAV Official Database and plan to
integrate unofficial database with clamav engine.. i heard that
Sanesecurity signatures increases  ClamAV  performance upto 90%..


where did you read that ?


so i am
thinking  that  excluding ClamAV Official Database not afffecting 
ClamAV

performance in this scenario. because. i guess Sanesecurity unofficial
database covers signatures which is covered by ClamAV Official 
Database..


well if you do this you will shut your self in foots


Am i right?


nope


The reason behind to do like this is  i  want to keep
optimized database
i would like to get  some suggestions/advices on my experimental  
thought


define a optimized database first
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV UnOfficial Database

2017-05-04 Thread crazy thinker 
Hi ClamAV Developers, Users

To my curiosity, i want  to remove ClamAV Official Database and plan to
integrate unofficial database with clamav engine.. i heard that
Sanesecurity signatures increases  ClamAV  performance upto 90%.. so i am
thinking  that  excluding ClamAV Official Database not afffecting ClamAV
performance in this scenario. because. i guess Sanesecurity unofficial
database covers signatures which is covered by ClamAV Official Database..
Am i right?  Th e reason behind to do like this is  i  want to keep
optimized database
i would like to get  some suggestions/advices on my experimental  thought

Thanks,

Crazy Thinker Inc
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml