Comodo AV Database update page

[futuretech]

If you think wisely, old signatures are taking space on my drive. Old signatures must be in cloud and the most recent, newest malware signatures must be in database. Malwarebytes does this, Avast does this.. they keep last 3 months of samples signatures in their db.
All these 50million signatures running in my RAM.. openin folders with full of .exe files takes time day by day... signatures are growing... Never ending story.. What will happen in 2025 ? 150million signatures as local database, it will be 1GB file 

We need more generic signatures and powerful heuristics... these are my opinions but Comodo can continue with old techniques..

You're confusing between file signature based on a pattern of bytes (a byte-signature) within a file and a file signature based on its hash (hash-signature).  Read this blog post for  a good overview.

In CIS case, the cloud scanner/cloud AV, is solely on the hash of the file being executed/opened. Whereas the local db contains more than just the hash that makes up the AV signature. So if you get ride of those old local sigs then it would make it easy to bypass detection by changing the file just enough to change its hash, but would still contain the byte-sequence that the local db would have detected had the sig not been removed.

[Dennis2]

You're confusing between file signature based on a pattern of bytes (a byte-signature) within a file and a file signature based on its hash (hash-signature).  Read this blog post for  a good overview.

In CIS case, the cloud scanner/cloud AV, is solely on the hash of the file being executed/opened. Whereas the local db contains more than just the hash that makes up the AV signature. So if you get ride of those old local sigs then it would make it easy to bypass detection by changing the file just enough to change its hash, but would still contain the byte-sequence that the local db would have detected had the sig not been removed.

So removing old sigs. from the database and expect cloud detection to work the same way does not follow.

Dennis

[languy99]

Side bar,

Did anyone notice Cisco released an open source pattern based malware signature maker?

http://www.securityweek.com/cisco-releases-open-source-malware-signature-generator

Might be worth looking into integrating into Comodo??

[klaken]

Comodo needs an automatic system for generic signatures.

What happens if the user can choose the size of the signatures?
former:
config AV cis> Signatures

none: Only cloud (like ccav).
light: cloud + generic signatures in local.( I would like it to be by default)
moderate: cloud + generic + malware signatures 1 or 2 months.
complete: All signatures + cloud.

[EricJH]

Comodo already has an automated system for generic signatures.

[Felipe Oliveira]

I totally agree with you, the up-to-date signatures should be kept, and old ones would be removed (just tested on the cloud and re-initiated if needed). We'll start a process soon to clean this up.

Latest Database Version:   28829
Release Date (all times GMT):   8-Apr-2018 10:59:21
Number of Definitions Added Today:   59026
Total Definitions:   54666496

Already in 54 milions.. 6 months already gone.

When are you plan to start the "cleaning" of old signatures for the cloud, ir order to decrease the database size?
Could you create something that automatically throws a malware that has not been detected for years in the COMODO statistics into the cloud? I do not know, something like that.

[fatih.orhan]

Latest Database Version:   28829
Release Date (all times GMT):   8-Apr-2018 10:59:21
Number of Definitions Added Today:   59026
Total Definitions:   54666496

Already in 54 milions.. 6 months already gone.

When are you plan to start the "cleaning" of old signatures for the cloud, ir order to decrease the database size?
Could you create something that automatically throws a malware that has not been detected for years in the COMODO statistics into the cloud? I do not know, something like that.

Felipe, you're correct that it's been a long time. And thank you for bringing this to attention. We focused on multiple items during the past few months. We have made good progress on some of them and as a result we see better results with our customers as well as having good scores on independent testing programs (i.e av-test selected CIS as Top-product in the latest result).

Still, reducing the base size is critical for us, and I expect to see this happening very soon.

[yigido]

Latest Database Version: 29063
Release Date (all times GMT): 23-May-2018 08:29:50
Number of Definitions Added Today: 19239
Total Definitions: 55769724

I remember the old-good days and I realized I missed [at]spywar

Beginning of the year 2013, we hit 15 Millions of signatures

Here we go 15M signs

Latest Database Version: 14973
Release Date (all times GMT): 19-Jan-2013 10:59:26
Number of Definitions Added Today: 31401
Total Definitions: 15009536

End of the year 2013, We hit 26 Millions (almost x2 times more signatures) It was 183MB on drive.

Latest Database Version: 17373
Release Date (all times GMT): 2-Dec-2013 06:59:55
Number of Definitions Added Today: 27441
Total Definitions: 26239383

going up going up ...

Melih promised about the decrease but ...

it will continue to decrease......


Comodo always listens to its users.

Today, in May 2018. We have almost 56 Millions signatures. It costs approx. 375MB place on drive for CIS users.

[yigido]

Hello everyone, too much time and no see. Today I login to my account in forum and I saw CCAV was discontinued. I am very sad because of that decision. I hate to feel that our efforts in it useless now.

Anyway,

Latest Database Version:   32036
Release Date (all times GMT):   2-Feb-2020 03:58:26
Number of Definitions Added Today:   77.831
Total Definitions:   69.068.563

Today, in Feb 2019. We have almost 70 Millions signatures. It costs approx. 452MB place on drive for CIS users.

Best Regards,
yigido