Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning

[Valdis . Kletnieks]

On Fri, 15 Aug 2008 09:55:37 EDT, Theodore Tso said:
> On Fri, Aug 15, 2008 at 02:22:27PM +0100, douglas.leeder@xxxxxxxxxx wrote:
> > 
> > This is a problem for current anti-malware scanning, as virus data updates 
> > come every few hours
> 
> Every few hours?!?  I hadn't noticed Windows AV programs getting
> updates that frequently, at least not the ones that I've been familiar
> with.  (Semantec, Norton, McAfee)

Try running a mail server that provides virus scanning for a large population
of 100K or so mailboxes.  You end up pulling from your vendor on an hourly
basis, just because a virus on a burn through your userbase can toast you that
quickly.

Since 9AM Sunday (is now 11:30AM Friday as I write this), we've pulled new
signatures 33 times (one new signature each time in this case) from our vendor.
So yeah, about once every 3-4 hours we get a new updated one for a new variant
of whatever.  I've seen times when we've pulled a new signature file 3 hours in
a row, and each time there were 10-12 new variants, so averaging 12/hour...

Attachment: pgp00000.pgp
Description: PGP signature