Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

When talking about averages, I agree. But what I am worried about is the "worst case" malicious payload: for example, a brand new and particularly effective piece of ransomware. It's like car, life or medical insurance. The probability of needing it is low, but when you do, you don't want your

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

On 12/20/18 10:56 AM, Dennis Peterson wrote: This can be calculated by counting the number of ClamAV hits in the clamd log using ClamAV signatures and the time period between the first and last hits. In my case I have clamd logs back to April (252 days) and 58 hits on ClamAV signatures or

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

This can be calculated by counting the number of ClamAV hits in the clamd log using ClamAV signatures and the time period between the first and last hits. In my case I have clamd logs back to April (252 days) and 58 hits on ClamAV signatures or about 4 per day. Total hits from all signature

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

Hi there, Attempting to bring some sort of perspective to all this... The number of updates per day (or hour or minute), and the currency or otherwise of the updated data are not, I think, the things that matter. Isn't what matters most the probability that some malicious payload will get past

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

Right. We only publish at certain times a day. I think a check once an hour is probably fine. Sent from my  iPhone > On Dec 20, 2018, at 09:55, Paul Kosinski wrote: > > Only DNS TXT queries are done 3-5 times per hour. Freshclam itself is > only run whenever that reports that there is

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

Only DNS TXT queries are done 3-5 times per hour. Freshclam itself is only run whenever that reports that there is something new available, as determined by the DNS TXT result showing a higher version number than the *local* CLD file shows. In practice, this means that freshclam is only run a few

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

Al... > Note these restrictions: You must either be running an old version of ClamAV or using an old .conf file... Relevant part from my freshclam.conf below... Doing a DNS lookup requires very little data transfer since it's just a small UDP packet (~100 bytes maybe) back & forth (and is

Re: [clamav-users] No good deed goes unpunished, or, why CVD files don't work

Inline > On Dec 19, 2018, at 4:08 PM, J.R. wrote: > > Joel - In regards to the comment on pointing everyone to Cloudflare... > I'm guessing that statement means you are using a mix of the > Cloudflare CDN and the original volunteer mirrors still? No. Cloudflare is currently handling