SoylentNews is people
SoylentNews
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
ClamAV was first introduced in 2002; since then, the signature set has grown without bound, delivering as many detections as possible to the community. Due to continually increasing database sizes and user adoption, we are faced with significantly increasing costs of distributing the signature set to the community.
To address the issue, Cisco Talos has been working to evaluate the efficacy and relevance of older signatures. Signatures which no longer provide value to the community, based on today's security landscape, will be retired.
We are making this announcement as an advisory that our first pass of this retirement effort will affect a significant drop in database size for both the daily.cvd and main.cvd.
Our goal is to ensure that detection content is targeted to currently active threats and campaigns. We will judge this based on signature matches seen in our, and our partners, data feeds over an extended period of time. We will continue to evaluate detection prevalence for retired signatures and will restore any signatures to the active signature set as needed to protect the community. Going forwards, we will continue to curate the signature set to match the security landscape. This may result in further reductions in the total number of signatures included in the signature set alongside the normal growth that comes from new added coverage.
[...]
In addition to the reduction in size of the signature set, we will also begin to remove container images from Docker Hub. We are doing this to remove container images which may contain vulnerabilities either in ClamAV or in the base image, and to reduce the burden on Docker Hub itself, which presently hosts over 300 GiB of ClamAV container images.
When complete, we will only provide container images on Docker Hub for the supported versions of ClamAV.
[...]
We recommend that ClamAV container image users select a feature release tag rather than a specific minor release tag in order to stay up to date with security and bug fixes.
ClamAV Signature Retirement Open Source FAQ:
What if bad actors begin to reuse old malware and old exploits?
Our team is committed to reintroducing any signature based on the activity of bad actors in a timely fashion.Can open-source users access the signatures that have been retired from main.cvd?
We intend to make the retired signatures available at a later date for researchers and corner casesIs this an ongoing process?
Cisco Talos will continue to curate the signature set and may retire signatures as they lose relevance to today's security landscape.How will open source Users benefit from these changes?
Smaller file downloads come with inherent advantages, but unbound growth is not sustainable and we already have outgrown resource needs for scanning on some server configurations. We anticipate a noticeable RAM usage reduction for the ClamAV engine, possibly by as much as 25%.When will users see a change in file sizes?
Signature retirement and the file size reduction will begin on December 16th , 2025.
Users will notice that the main.cvd and daily.cvd will be roughly 50% smaller than they have seen prior to that date.
(Score: 3, Interesting) by Uncle_Al on Monday December 01, @06:44PM (7 children)
You know, the people who have to deal with someone's collection of floppies
that may have viruses on them?
There should at least be a legacy version, if they intend to nuke the signatures
from orbit.
(Score: 2) by epitaxial on Monday December 01, @08:02PM (5 children)
Are you worried about your windows 95 era viruses infecting windows 11?
(Score: 4, Insightful) by mrpg on Monday December 01, @08:40PM (4 children)
Virus: I'm going to modify COMMAND.COM
Win11: What the fuck is COMMAND.COM?
Virus: (crashes)
(Score: 3, Interesting) by anubi on Monday December 01, @11:39PM (3 children)
It's puzzled me since the DOS days why the PC didn't have a memory board just for the operating system - in ROM/EPROM. We had 27C512 back then. Most early systems already had BIOS in EPROM back then.
All this copyright crap has sure cost society a lot of wasted time and resources chasing down malfunctioning code by enforcement of ignorance on the "losers" who bought into this paradigm of "what you don't know won't hurt you!". A trusted INT3 debugger should have been a standard component of an OS.
I consider running modern code hopeless from a security angle, with professional code offerings abysmal in their track record of security, as after-the-sale "support", with its deniability, being the main driver of enforced obsolescence.
I blame the DMCA as the enabler of all of our computer woes.
My ire is not specifically directed at Microsoft, albeit I do see them as the major bribery and lobbyist/instigator of using government to help them set up artificial monopolies.
Cars are just as bad. Anything that has a processor in it is fair game for enforcing terms and conditions, which most people will not read, knowing negotiation with businessmen at the consumer level is futile.
I am forced to take the cockroach approach to dealing with business - that is to never provide contact information. It's a losing battle for me. I have enough legacy technology that I should be able to have use of what I had up through 2010 or so, but know I will have to use the panopticon soon to comply with government mandates for taxation and recovery of social security payments from decades ago.
Besides, many of my most treasured softwares were written in C++ and GWBasic by colleagues and shared amongst the engineers, runs under DOS, no tricks, no expiry, and I know exactly what it is doing and how it arrives at the data ( a lot of the graphics used VGA Mode 12 ). I treat them like the set of fine hand tools passed down by family. The companies who made the tools have long since gone, but the tools live on.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by Snotnose on Tuesday December 02, @12:24AM (2 children)
Your shiny new OS has a hole in it a mile wide, now what do you do? I know how to replace/update a ROM/EPROM. But does grandma?
Why would I want to dick with the hardware just to update my software? Your scheme just means 90% of the machines never get upgraded past the factory default.
Recent research has shown that 1 out of 3 Trump supporters is a stupid as the other 2.
(Score: 3, Interesting) by anubi on Tuesday December 02, @02:30AM (1 child)
I will buy into that on the condition that manufacturers quit using their customers as beta testers. Calling for product recall for replacement of hastily released code would provide financial incentive to thoroughly test before release. Other manufacturers have to stand behind their product...fix it or refund the money.
Companies discovered that hiring lawyers to write exclusions, exceptions, disclaimers, and tricky legal talkwas far cheaper than writing and testing of solid trustworthy code.
I don't even get a switch that I can throw to inhibit writing to an OS "partition" on my HDD! I used to have an untrustworthy one on my floppy drives.
Back in the old days, I had a 5 inch Floppy drive made with discrete components ( Shugart, IIRC ), where I had surgically cut the write current enable gate trace and routed it to a 9602 mono stable, which drove a sonalert piezo beeper...so any attempted write just beeped - and couldn't do anything .
Drive A: was read-only for me.
I did this in response to some copy protect scheme that wrote back to the install disk so as to mark it as used so it wouldn't install again. Mathcad 3.1 did this.
Later, it went to beeping again. I forget which virus it was...Pakistani Brain Virus? Stoned? One of those early DOS boot sector infectors. Long time ago. My first scrounged PC made from swap meet parts and a couple of neighborhood garaget sales.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by aafcac on Tuesday December 02, @10:46PM
That's effectively not possible at this point. OSes are far too complicated to ensure that they're 100% free of stuff that needs to be patched. These days you even see microcode patches for processors, expecting the whole stack to be free of bugs to that extent is asking too much. And, I don't think that most people would want to go back to what it was like before that.
That being said, having a recovery environment that is subject to those sorts of restrictions is probably doable if it was hard coded to download signed lists of checksums or the like for essential system files sort of like how tripwire uses signatures on an external USB drive to verify system integrity.
(Score: 2) by aafcac on Tuesday December 02, @06:30PM
Archivists dealing in floppies can use an older version that still has those signatures. Nobody even makes floppy disks anymore, and chances are that archivists are going to be just imaging the disks and mounting them in an OS environment for which the viruses weren't designed anyways. Sure, antivirus software is still helpful, but if you're loading it up in a VM anyways and that gets infected, it's not that big of a deal as you wouldn't be using shared memory for this anyways and you could use software like tripwire to identify if there have been any unexpected changes to system files.