[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <15589.1218814946@turing-police.cc.vt.edu>
Date: Fri, 15 Aug 2008 11:42:26 -0400
From: Valdis.Kletnieks@...edu
To: Theodore Tso <tytso@....edu>
Cc: douglas.leeder@...hos.com, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning
On Fri, 15 Aug 2008 09:55:37 EDT, Theodore Tso said:
> On Fri, Aug 15, 2008 at 02:22:27PM +0100, douglas.leeder@...hos.com wrote:
> >
> > This is a problem for current anti-malware scanning, as virus data updates
> > come every few hours
>
> Every few hours?!? I hadn't noticed Windows AV programs getting
> updates that frequently, at least not the ones that I've been familiar
> with. (Semantec, Norton, McAfee)
Try running a mail server that provides virus scanning for a large population
of 100K or so mailboxes. You end up pulling from your vendor on an hourly
basis, just because a virus on a burn through your userbase can toast you that
quickly.
Since 9AM Sunday (is now 11:30AM Friday as I write this), we've pulled new
signatures 33 times (one new signature each time in this case) from our vendor.
So yeah, about once every 3-4 hours we get a new updated one for a new variant
of whatever. I've seen times when we've pulled a new signature file 3 hours in
a row, and each time there were 10-12 new variants, so averaging 12/hour...
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists