When talking about averages, I agree. But what I am worried about is
the "worst case" malicious payload: for example, a brand new and
particularly effective piece of ransomware. It's like car, life or
medical insurance. The probability of needing it is low, but when you
do, you don't want your
On 12/20/18 10:56 AM, Dennis Peterson wrote:
This can be calculated by counting the number of ClamAV hits in the clamd log
using ClamAV signatures and the time period between the first and last hits.
In my case I have clamd logs back to April (252 days) and 58 hits on ClamAV
signatures or
This can be calculated by counting the number of ClamAV hits in the clamd log
using ClamAV signatures and the time period between the first and last hits. In
my case I have clamd logs back to April (252 days) and 58 hits on ClamAV
signatures or about 4 per day. Total hits from all signature
Hi there,
Attempting to bring some sort of perspective to all this...
The number of updates per day (or hour or minute), and the currency or
otherwise of the updated data are not, I think, the things that matter.
Isn't what matters most the probability that some malicious payload
will get past
Right. We only publish at certain times a day. I think a check once an hour
is probably fine.
Sent from my iPhone
> On Dec 20, 2018, at 09:55, Paul Kosinski wrote:
>
> Only DNS TXT queries are done 3-5 times per hour. Freshclam itself is
> only run whenever that reports that there is
Only DNS TXT queries are done 3-5 times per hour. Freshclam itself is
only run whenever that reports that there is something new available,
as determined by the DNS TXT result showing a higher version number
than the *local* CLD file shows. In practice, this means that freshclam
is only run a few
Al...
> Note these restrictions:
You must either be running an old version of ClamAV or using an old
.conf file... Relevant part from my freshclam.conf below... Doing a
DNS lookup requires very little data transfer since it's just a small
UDP packet (~100 bytes maybe) back & forth (and is
Inline
> On Dec 19, 2018, at 4:08 PM, J.R. wrote:
>
> Joel - In regards to the comment on pointing everyone to Cloudflare...
> I'm guessing that statement means you are using a mix of the
> Cloudflare CDN and the original volunteer mirrors still?
No. Cloudflare is currently handling