acabng at digitalfuture
May 18, 2009, 8:03 AM
Post #2 of 4
(623 views)
Permalink
|
Dan wrote:
> Hi,
>
> After submitting something to VirusTotal, and getting the response
> back that shows only one or two products detected it as a virus...
>
> VirusTotal then automatically forwards the item to all the vendors?
Yes, if the vendor asks for the stuff. Yes we do receive samples we miss
at VT.
> Or is there further action required by me to initiate this?
Since VT feeds are pretty massive and contains very random files
(including false positives from other vendors, lots of tests - the bad
guys know about VT as well) we generally classify those samples as low
priority.
On the other hand, user sumbissions have a much higher priority and are
generally processed first.
> Once the ClamAV team receives the virus, on average currently how
> long before its sig is added to the database?
Due to the huge number of submissions we have to process it is really
hard to tell. It mostly depends on the severity of the threat, that is,
how many of such samples we've already received. Big outbreaks generally
take less than one hour. Unique samples may need several days to be
processed.
-aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
|
