ClamAV Signature Retirement Announcement

An Anonymous Coward writes:

https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html

ClamAV was first introduced in 2002; since then, the signature set has grown without bound, delivering as many detections as possible to the community. Due to continually increasing database sizes and user adoption, we are faced with significantly increasing costs of distributing the signature set to the community.

To address the issue, Cisco Talos has been working to evaluate the efficacy and relevance of older signatures. Signatures which no longer provide value to the community, based on today's security landscape, will be retired.

We are making this announcement as an advisory that our first pass of this retirement effort will affect a significant drop in database size for both the daily.cvd and main.cvd.

Our goal is to ensure that detection content is targeted to currently active threats and campaigns. We will judge this based on signature matches seen in our, and our partners, data feeds over an extended period of time. We will continue to evaluate detection prevalence for retired signatures and will restore any signatures to the active signature set as needed to protect the community. Going forwards, we will continue to curate the signature set to match the security landscape. This may result in further reductions in the total number of signatures included in the signature set alongside the normal growth that comes from new added coverage.

[...]

In addition to the reduction in size of the signature set, we will also begin to remove container images from Docker Hub. We are doing this to remove container images which may contain vulnerabilities either in ClamAV or in the base image, and to reduce the burden on Docker Hub itself, which presently hosts over 300 GiB of ClamAV container images.

When complete, we will only provide container images on Docker Hub for the supported versions of ClamAV.

Read more of this story at SoylentNews.