I can only tell you from previous postings that the signature team is small and receives thousands of samples from a variety of sources daily, and even though some are processed by automation, all signatures still have to go through a QA process before release and database updates are normally six hours apart. Expecting a response in six hours is totally unrealistic. Perhaps someone from the team can give you a better estimate, but my guess would be at least twenty-four hours will pass before you see your submission being addressed.

Sent from my iPad

-Al-
ClamXAV User
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

The one thing that we do know is that you shouldnt have expectations of
ClamAV to be effective for Zero Hour, or even Zero Day (or some could
argue more) effective and you really shouldnt expect such immediate
response or effectiveness. (They will have their reasons - team size,
techology, reliance on public etc). To give you a realistic idea - a
recent FP I had and reported (involving marking a shed load of PDF's
that go back several years long before the supposed threat was even
invented) took 4 days to be removed after being reported.

For more immediate effectiveness then, yes, you should be relying on
Sane (or others).

Any 24hour released threats have (for my system) always been detected by
Sane (I rarely get Clam detecting anything as the threat has since been
detected by Sane and remove, or the threat is no longer prevalent, by
the time matching ClamAV sigs get released).

You asked about expectation and requirements to rely on Sane: I believe
the above is the answer giving a true reflection of the facts from my
experience.