>> My 2 cents would be that rapid traditional signature updates are not a >> viable solution to this long term problem. >> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. >> ransomware is generated using millions >> of tiny mutations so that almost every email attachment has a unique >> signature. There is no way to keep up with >> that. ClamAV got more than a million virus samples per day, last time I >> inquired. >> ...Chris > > As for they claim above about Dridex etc being too numerous to handle, > Sane Security seems to be doing just a fine job of it. (So its just a > lame response).
I'm not sure what heuristic Sane Security uses. My original point was that a traditional signature (sigtool?) on the current generation of malware seems to be a non-scalable idea. One million new sigs per day is not realistic. ClamAV must evolve if it is going to remain useful. There has to be a better scheme to ID new malware than sigtool. Otherwise, groach is right. ClamAV is just a redundant way to scan for virus files from 2008 or see if your latest files can generate FPs. ...Chris _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml