|
shagger1
| Joined: 29 May 2012 |
| Posts: 0 |
| Location: Manitowoc WI |
|
|
 Posted: Sun Feb 24, 2013 7:55 pm |
|
 |
 |
|
|
Hi
they used to be about 3 megs-then they went to 6 now they are 20 megs!!!!
I manually update clamwin and use the portable version,why are thet so large
now??
Thanks a lot
Rod
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Feb 25, 2013 6:26 am |
|
|
|
|
|
Since most of the signatures are now done automatically with scripts, the published updates are larger than they used to be. In fact, the daily database is now larger than the main database. Also, the daily database is not compacted unless you manually include this line in your ClamWin configuration file (but I don't know if this will work in the ClamWin Portable version): CompressLocalDatabase=yes
Regards,
|
|
|
|
shagger1
| Joined: 29 May 2012 |
| Posts: 0 |
| Location: Manitowoc WI |
|
|
| Posted: Tue Feb 26, 2013 12:26 am |
|
|
|
|
|
Hi Bob hope yo are wel.
but why is the daily cvd so large now?It used to be much smaller?
I manually download the new one then delete the old on and replace it,I dont use the auto update feature-btw there is no need to use that compress thing as it does not work on the portable verion-just wondering why the downloaded file is now so very large?As I stated it used to be under 3 megs(the manually downloaded file)Plus there is nothing to compress since I only have the main and the daily,see?
Kind Regards
Rod
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Feb 26, 2013 1:45 am |
|
|
|
|
|
Well, I guess the daily database updates are probably so large now because Clam is preparing automated signatures for a lot of the malware samples they receive.
Sourcefire has not integrated the daily database with the main database for some time now. Integration takes quite a bit of massaging, and no one has integrated the databases since well before the original Clam AV team left in August. They may be waiting until they either have time/personnel to integrate or, better yet, until they can utilize a combined database.
By the way, it appears that starting tomorrow--Tuesday February 25th, there will only be signature updates at 4 AM, 10 AM, 4 PM, and 10 PM--4 times per day. The change is due to "infrastructure requirements" which I assume means that Clam is sharing servers and software with other Sourcefire projects--like Snort, Immunet, etc. Although there will not be as many updates as before, each update will have more signatures, so there should not be any impact on detection. I think that detection has improved due to the automated signature preparation, which the original Clam AV team refused to consider whenever it was brought up.
Unfortunately, malware does not seem to have infrastructure considerations, so the entire AV industry is behind the curve.
Regards,
|
|
|
|
shagger1
| Joined: 29 May 2012 |
| Posts: 0 |
| Location: Manitowoc WI |
|
|
| Posted: Wed Feb 27, 2013 7:13 am |
|
|
|
|
|
Thanks Bob for the info!
Rod
|
|
|
