ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
ClamAV Signature Database
GuitarBob


Joined: 09 Jul 2006
Posts: 4370
Location: USA
Reply with quote
I see that AV-Test.org has a cross reference list in Excel of Wildlist viruses as of November. The list includes ClamAV. It appeared to me that Clam had signatures for 95% (or better) of the viruses. Most of those that it didn't have were boot viruses, macro viruses, or MS-DOS viruses. Not bad! The link to the list is below.

http://www.av-test.org/index.php?lang=00

Regards,
View user's profileSend private message
speaking of that,
justkyle


Joined: 29 Nov 2006
Posts: 21
Location: Indiana
Reply with quote
what is the teams take on obsoleting old virus definitions, like McAfee and some of the other brand names are doing?

Do you (as developers) think this is a good idea? Are old viruses really gone, just like Polio?

Or, is the off-chance that old, infected media from the 20th century could again wreak havoc on the computing industry because of this new planned database definition obsolescence?

I might add, one of the many things I like about the whole clamav product is the sheer amount of viruses it can detect. I can vouch personally how it detected a virus where McAfee and Avast did not.

Kyle
View user's profileSend private message
Pruning Virus Databases
GuitarBob


Joined: 09 Jul 2006
Posts: 4370
Location: USA
Reply with quote
Well, I'm not part of the ClamWin team, but, here's my take (as an antivirus software user since 1988):

It's good to prune your database if you can tell which signatures you no longer need. It should speed up scanning and free up some space on the users' hard drives. Many of the old viruses will no longer be a problem--such as DOS-based viruses, and you don't see that many boot viruses now.

Some of the "smarter" viruses may be back--in a different form, but the intent of the virus writers is what will really dictate what new viruses will be written. Their primary intent in the past was to get noticed, but their primary intent now is to use a virus to gain something--money, a password, advertising fees, etc.

The ClamAV team responsible for developing the signatures has been working like mad, and ClamAV/ClamWin now are approaching 80,000 signatures.ClamWin is newer than most of the commercial antivirus software, and it might not have as many of the old signatures in its database as a lot of other antivirus programs. You need a large database of signatures, of course, but the "zero day" exploits and poly/meta-morphic viruses of today make it just as important for an antivirus program to have "smarts" in addition to a large database.

Regards.
View user's profileSend private message
ClamAV Signature Database
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic