ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
RRK: I think what Clam AV is saying is that they don't have enough signatures and they are asking for more help with signatures. Maybe they finally realize the Open Source community can be helpful--if it is smart enough to take advantage of it. They are trying to find out what unofficial signatures are out there in quantity and they are trying to figure out a mechanism to use them. Clam will take responsibility for any false positives, although they will inform the submitting organization of their false positive signatures.

Is there a new Open Source coordinator at Clam now?

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
For all users using Clamd for either ClamWin or ClamAV, the ClamAV team reported attacks through TCP sockets using Clamd. If you do use Clamd and you need TCP, please read this article on how to protect yourself from these attacks: http://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
GuitarBob wrote:
Is there a new Open Source coordinator at Clam now?Regards,


As far as I am concerned, everyone who was working at Sourcefire is now apart of Cisco's Talos group. I believe Cisco no longer has open-source representatives like Sourcefire had. I believe everyone who volunteers for ClamAV/Snort are just volunteers and are not considered anything. I could be wrong, but I believe that is how it works now.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Contest winner for June 2016 was announced here: http://blog.clamav.net/2016/07/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
CDFR has joined the signature partner program for ClamAV and will now be included for all users. They are also the first to join the 3rd party partner program. You can read more here: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
July 2016 winner for community signature contest here: http://blog.clamav.net/2016/08/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
This is important to all of us here. ClamAV .99.3 will be using Visual Studio 2015. This will mean you will need Visual Studio 2015 if you want to compile the source code for ClamAV. Please note that this will break compatibility with older versions of ClamAV. You can read more here: http://blog.clamav.net/2016/08/clamav-0993-moving-to-visual-studio-2015.html
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Nothing important but if anyone is curious who the contest winners for August and September 2016 are: http://blog.clamav.net/2016/10/clamav-community-signature-contest.html
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
These look like heuristic detections to me--that's what we would have called them in Clam Sentinel.

Anyway, call it what you will, the Clam AV PUA detections were rife with false positives on packers. If you enable PUA detections (I guess this is still an optional detection, eh), I hope all the packer detections have been removed from PUA. We removed PUA detection in Clam Sentinel due to all the false positives.

I guess the ClamWin command line entry (under the advanced tab) for PUA is still: --detect-pua. (no period). (I don't know if you can enable PUA in Clam Sentinel any more--don't think you can).

Regards,
View user's profileSend private message
Updates on ClamAV are posted here
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 8 of 8  

  
  
 Reply to topic