ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
GuitarBob


Joined: 09 Jul 2006
Posts: 4305
Location: USA
Reply with quote
RRK: I think what Clam AV is saying is that they don't have enough signatures and they are asking for more help with signatures. Maybe they finally realize the Open Source community can be helpful--if it is smart enough to take advantage of it. They are trying to find out what unofficial signatures are out there in quantity and they are trying to figure out a mechanism to use them. Clam will take responsibility for any false positives, although they will inform the submitting organization of their false positive signatures.

Is there a new Open Source coordinator at Clam now?

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
For all users using Clamd for either ClamWin or ClamAV, the ClamAV team reported attacks through TCP sockets using Clamd. If you do use Clamd and you need TCP, please read this article on how to protect yourself from these attacks: http://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
GuitarBob wrote:
Is there a new Open Source coordinator at Clam now?Regards,


As far as I am concerned, everyone who was working at Sourcefire is now apart of Cisco's Talos group. I believe Cisco no longer has open-source representatives like Sourcefire had. I believe everyone who volunteers for ClamAV/Snort are just volunteers and are not considered anything. I could be wrong, but I believe that is how it works now.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Contest winner for June 2016 was announced here: http://blog.clamav.net/2016/07/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
CDFR has joined the signature partner program for ClamAV and will now be included for all users. They are also the first to join the 3rd party partner program. You can read more here: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
July 2016 winner for community signature contest here: http://blog.clamav.net/2016/08/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
This is important to all of us here. ClamAV .99.3 will be using Visual Studio 2015. This will mean you will need Visual Studio 2015 if you want to compile the source code for ClamAV. Please note that this will break compatibility with older versions of ClamAV. You can read more here: http://blog.clamav.net/2016/08/clamav-0993-moving-to-visual-studio-2015.html
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Nothing important but if anyone is curious who the contest winners for August and September 2016 are: http://blog.clamav.net/2016/10/clamav-community-signature-contest.html
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4305
Location: USA
Reply with quote
These look like heuristic detections to me--that's what we would have called them in Clam Sentinel.

Anyway, call it what you will, the Clam AV PUA detections were rife with false positives on packers. If you enable PUA detections (I guess this is still an optional detection, eh), I hope all the packer detections have been removed from PUA. We removed PUA detection in Clam Sentinel due to all the false positives.

I guess the ClamWin command line entry (under the advanced tab) for PUA is still: --detect-pua. (no period). (I don't know if you can enable PUA in Clam Sentinel any more--don't think you can).

Regards,
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 122
Location: USA
Reply with quote
ClamAV Version number adjustment

Quote:
This is a heads up to the ClamAV community, we are changing our version numbering scheme as follows. Our versions will follow x.y.z (major.minor.patch). Major releases will be reserved for major feature additions or changes that may be incompatible with previous releases. Minor releases will be for regular bug fixes and minor feature changes/additions. Patches will be reserved for security fixes to address CVE and other critical bug fixes. more...


http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4305
Location: USA
Reply with quote
Thanks, Lipper. I told the developers about this. Looks like Clam AV is going to get out a quick V.99.3 to fix those vulnerabilities and wait a while on the old V.99.3 version they have been testing in beta. I guess lots of Linux email servers still use Clam AV for one of their AVs, so Clam can't afford to drag its heels on the vulns.

Regards,
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 122
Location: USA
Reply with quote
You're welcome, Bob. I expect the ClamWin devs will port .99.3 final release to ClamWin to eliminate these vulnerabilities. I'm very curious, and awaiting Clam AV to publish said vulnerabilities.

As ever,
Lipper
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 122
Location: USA
Reply with quote
ClamAV 0.99.3 has been released!

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 122
Location: USA
Reply with quote
ClamAV 0.100.0 beta has been released!

Quote:
ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2. The 0.99.3 patch release on January 25th was required to address vulnerability fixes in a timely manner, so the features previously found in 0.99.3 betas have been bumped to this new version. more...


http://blog.clamav.net/2018/02/clamav-01000-beta-has-been-released.html
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4305
Location: USA
Reply with quote
This will probably not have any effect on ClamWin. where the developers will wait for a proper final release. Clam AV says the release is so users can test the changes they have made, so it will not be released in its present form. Seems to me they are playing rather loose with their betas now (I know - there is a version change). They are asking for user help in testing. I wish they would ask for user help in substantive development ideas. They have never addressed any of mine.

Regards,
View user's profileSend private message
Updates on ClamAV are posted here
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 8 of 8  

  
  
 Reply to topic