ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clam AV Automated Signatures
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
There has been no announcement from Clam AV, but it appears that they are now preparing automated signatures. Signatures are published hourly, 24 times a day at about the same time after the hour. This is a good development that should result in improved detection due to a larger volume of signatures that are published in a timely manner. ClamWin users will benefit from this, of course. An AV company just can not keep up with the volume of malware samples it receives without preparing the bulk of them with an automated process.

Clam AV has also asked knowledgeable users to submit their personal virus signatures by pasting them in the Comments section of the Clam virus submission form. Clam will verify the signatures and check them for false positives and give the submitter credit in the email that accompanies published signatures. There are some articles on the web about preparing Clam AV signatures if you are interested. There are now two Clam AV submission forms: one for viruses/malware and another for false positives.

Regards,
View user's profileSend private message
Re: Clam AV Automated Signatures
tizef


Joined: 24 Feb 2012
Posts: 60
Location: France
Reply with quote
GuitarBob wrote:
There has been no announcement from Clam AV, but it appears that they are now preparing automated signatures. Signatures are published hourly, 24 times a day at about the same time after the hour.

It seems they are now experiencing different frequencies : 8 then 4 a day.

GuitarBob wrote:
Clam AV has also asked knowledgeable users to submit their personal virus signatures by pasting them in the Comments section of the Clam virus submission form.

Here is the source, for those interested : Contribute signatures to ClamAV.


Last edited by tizef on Sat Mar 23, 2013 8:54 pm; edited 1 time in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Clam has reduced the frequency of publishing their automated signatures from hourly to 6 times per day. They just had too much traffic at their mirror sites. The volume of signatures will be larger at each publishing point, so protection should be about the same. This is about the same schedule that some other AVs use. I am not certain, but manually-prepared signatures may still be published more frequently.

I think this puts Clam AV a step closer to the Cloud.

Regards,
View user's profileSend private message
tizef


Joined: 24 Feb 2012
Posts: 60
Location: France
Reply with quote
GuitarBob wrote:
Clam has reduced the frequency of publishing their automated signatures from hourly to 6 times per day.

The interval between two automated updates is about 6 hours now (since 2013-01-08 17:44 UTC). So I would rather say 4 times per day. However it may be, it does really matter for the Clam Sentinel users only.

The cloud a la Immunet seems pretty far from ClamWin, but the daily.cvd file is growing up pretty fast !


Last edited by tizef on Sat Mar 23, 2013 8:55 pm; edited 1 time in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Yes, the automated sigs are published 4 times per day. My manual sigs are still published very quickly, but it appears that they are thinking of automating the publishing of manual sigs once they clear the false positive check. This should speed things up and enable more manual signatures to be worked. With the increased volume of Clam signatures, I occasionally find that Clam has already prepared an automated signature for a malware that I am working on. The false positive checks seem to take only about 30 minutes now. Sourcefire must have added more resources for this whole effort. To move to the Cloud shouldn't be too hard for them. The Clam source code would probably have to be upgraded for the Cloud, and I hope that ClamWin can piggyback on that as it is ported over. Of course they could make it proprietary and put a stop to that. Sourcefire has said they have no time limit for conversion to the Cloud, however.

As you said, Clam Sentinel users are always protected via the Sentinel system monitor heuristics--currently detecting 88% of the Windows PE malware I worked for the last month, but it varies depending upon the type of malware, the platform used, and the capabilities of the malware writers. The heuristics do not depend upon ClamWin, although it is nice to have the signatures as a back up.

Re: Immunet Free: I have installed it many times, but I always end up uninstalling it very quickly. The scripts are bad, the error checking is bad, and I get the impression that it is very cheaply done!

Regards,
View user's profileSend private message
Clam AV Automated Signatures
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic