On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: > > About 4 hours later I checked again and > 12 out of 54 scanners detected a virus in this file > but ClamAV did not detect it.
I know 4 hours sounds a long time but when you consider the current amount of malware that is submitted / auto-submitted to very few official signature writers, things will take time. Sanesecurity sigs consist of manually generated and auto-generated signatures, for example rogue.hdb is updated hourly automatically (hashes) and will be short-lived detection but quick. Whereas phish.ndb is manually generated but will normally have longer term effectiveness that rogue.hdb. Currently though, download script download from the Sanesecurity mirrors hourly but even that may not be good enough/quick enough for some. I'm actually looking as quicker updates via freshclam for a few users, so I've put a poll on the Sanesecurity.com website, to see how often freshclam updates happen, just to gauge if it would help. Anyway, this is more for the sanesecurity list really. But just wanted to say a huge kudos to the whole ClamAV team and sig writers, without which we wouldn't have ClamAV and it's engine to play with in the first place. Cheers, Steve Sanesecurity.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
