Hello Al,
> Because the signatures may not be identical and could be looking for two
> different things so that a variant of the original malware that could be
> caught by one sig will be overlooked by the other.
This can not happened with Securiteinfo.com sigs. We remove signatures when
Clamav
On May 24, 2016, at 5:37 AM, "Arnaud Jacques / SecuriteInfo.com" wrote:
>> As for "removing" a 3rd party signature when official ones block it,
>> well... overall... it wouldn't really be a good idea.
>
> Why ?
>
> Clamav official signatures + all 3rd party signatures needs a lot of system
>
?
...Chris
> Sent: Tuesday, May 24, 2016 at 8:37 AM
> From: Groach <groachmail-stopspammin...@yahoo.com>
> To: "ClamAV users ML" <clamav-users@lists.clamav.net>
> Subject: Re: [clamav-users] signature processing order
> I dont understand why anyone would want to dele
Hello Steve,
> As for "removing" a 3rd party signature when official ones block it,
> well... overall... it wouldn't really be a good idea.
Why ?
Clamav official signatures + all 3rd party signatures needs a lot of system
RAM. Optimizing
our signatures to scan faster and use less RAM should
customsig.ndb. It does not happen often, but it
does
happen (official detection, I mean)!
...Chris
>
> Sent: Tuesday, May 24, 2016 at 5:54 AM
> From: Axb <axb.li...@gmail.com>
> To: clamav-users@lists.clamav.net
> Subject: [clamav-users] signature processing order
> Go
On Tue, May 24, 2016 12:23 pm, Groach wrote:
> Out of interest, what does it matter? Why is it important that an
> official CLAM definition stops the virus before the 3rd party definition
> stops the same virus (if they both have the same criteria)? Surely a goal
> is a goal and it doesnt
Hello,
> Out of interest, what does it matter?
The question of Axb is interesting.
Such option could be used to remove signatures from 3rd party when detection is
done
with official signatures from Clamav.
We do not need 4 different signatures in RAM to get the same sample detection.
--
Out of interest, what does it matter? Why is it important that an
official CLAM definition stops the virus before the 3rd party definition
stops the same virus (if they both have the same criteria)? Surely a
goal is a goal and it doesnt matter who kicked the ball.
On 24/05/2016 11:54, Axb
Good day,
I've noticed that apparently third party (UNOFFICIAL) signatures get
applied before the official ones.
Depending on the signature types, we may never see any "official" sigs
hitting, ever.
Is there a scientific reason for this? (or am I missing something?)
If no, could it be
