lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <15589.1218814946@turing-police.cc.vt.edu>
Date:	Fri, 15 Aug 2008 11:42:26 -0400
From:	Valdis.Kletnieks@...edu
To:	Theodore Tso <tytso@....edu>
Cc:	douglas.leeder@...hos.com, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning

On Fri, 15 Aug 2008 09:55:37 EDT, Theodore Tso said:
> On Fri, Aug 15, 2008 at 02:22:27PM +0100, douglas.leeder@...hos.com wrote:
> > 
> > This is a problem for current anti-malware scanning, as virus data updates 
> > come every few hours
> 
> Every few hours?!?  I hadn't noticed Windows AV programs getting
> updates that frequently, at least not the ones that I've been familiar
> with.  (Semantec, Norton, McAfee)

Try running a mail server that provides virus scanning for a large population
of 100K or so mailboxes.  You end up pulling from your vendor on an hourly
basis, just because a virus on a burn through your userbase can toast you that
quickly.

Since 9AM Sunday (is now 11:30AM Friday as I write this), we've pulled new
signatures 33 times (one new signature each time in this case) from our vendor.
So yeah, about once every 3-4 hours we get a new updated one for a new variant
of whatever.  I've seen times when we've pulled a new signature file 3 hours in
a row, and each time there were 10-12 new variants, so averaging 12/hour...



Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ