On 8/13/2013 9:46 PM, Matt Olney wrote:
OK...I'll do some testing tomorrow and see if we can't come up with some
information for you.
Mainly I want MX pool heavy on signatures. I tested shorter list on
SMTP pool:
ss_dbs=
blurl.ndb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
OK...I'll do some testing tomorrow and see if we can't come up with some
information for you.
Matt
in the last few days a lot of spam is (ab)using t.co shortened URLs in
the payload, so these are ending up in bofhland_cracked_URL.ndb (~7K
distinct URLs atm)
Sorry for the cross post...
OK...I'll do some testing tomorrow and see if we can't come up with some
information for you.
Hi Matt
In additional testing:
a) Replacing (B)772E with (B)772E also brings the speed
down... (6.5 secs)
b) Replacing (B)772E with (B)77??772E also brings the speed
down...(10.2
Hi there,
On Wed, 14 Aug 2013, Vincent Fox wrote:
Re: clamd taking too long to restart?
Previously I was using a short list of signatures and startup time of 30
seconds which was acceptable. Well it didn't get noticed much.
However recently I added a kitchen sink of extra databases like
On 8/14/2013 7:58 AM, G.W. Haywood wrote:
Hi there,
On Wed, 14 Aug 2013, Vincent Fox wrote:
Re: clamd taking too long to restart?
Previously I was using a short list of signatures and startup time of 30
seconds which was acceptable. Well it didn't get noticed much.
However recently I added
OK, we've been able to reproduce the problem and it is, as you all
suspected revolving around the www. matching. I've asked one of the
developers to look at it, and we should be able to provide some
best-practice guidelines on how to construct rules to avoid this situation.
We'll also review if
OK, we've been able to reproduce the problem and it is, as you all
suspected revolving around the www. matching. I've asked one of the
developers to look at it, and we should be able to provide some
best-practice guidelines on how to construct rules to avoid this
situation.
Thanks Matt,
On Aug 14, 2013, at 2:34 PM, Steve Basford steveb_cla...@sanesecurity.com
wrote:
We'll also review if code changes are appropriate, but given how the tree
operates, I don't immediately expect that to be the case.
Out of interest are there any roadmaps/future improvements for ClamAV
that
On Aug 14, 2013, at 1:54 PM, Joel Esler jes...@sourcefire.com wrote:
On Aug 14, 2013, at 2:34 PM, Steve Basford steveb_cla...@sanesecurity.com
wrote:
We'll also review if code changes are appropriate, but given how the tree
operates, I don't immediately expect that to be the case.
Out of
I've done some analysis of ClamAV with just this signature set, and the
loading is simply slowing down as it runs through the list. This is mainly
because of the significant amounts of overlap at the beginnings of these
strings and the length thereafter. The slowdown is occurring even before
the
On 8/14/13 2:23:28PM, David Raynor wrote:
I'll look a bit more at how we are loading the interim signature state and
see what else we could do with the sorting. Meanwhile, this is a change you
could put into practice now and get faster startup times. Before making any
change on a server
Nope. 0.98 is getting patches applied to it and will then move to QA
regression and finally to release engineering. There is a lot going on in
0.98, and we'll have more information once we finalize a build.
Matt
On Wed, Aug 14, 2013 at 5:03 PM, A K Varnell alvarn...@mac.com wrote:
On Aug
12 matches
Mail list logo