 |
 |  |
|
GuitarBob
|
|
RRK: I think what Clam AV is saying is that they don't have enough signatures and they are asking for more help with signatures. Maybe they finally realize the Open Source community can be helpful--if it is smart enough to take advantage of it. They are trying to find out what unofficial signatures are out there in quantity and they are trying to figure out a mechanism to use them. Clam will take responsibility for any false positives, although they will inform the submitting organization of their false positive signatures.
Is there a new Open Source coordinator at Clam now? Regards, |
|||||||||||
|
|||||||||||||
 |
| |
|
ROCKNROLLKID
|
|
For all users using Clamd for either ClamWin or ClamAV, the ClamAV team reported attacks through TCP sockets using Clamd. If you do use Clamd and you need TCP, please read this article on how to protect yourself from these attacks: http://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
|
|||||||||||
|
|||||||||||||
|
| |
|
ROCKNROLLKID
|
|
As far as I am concerned, everyone who was working at Sourcefire is now apart of Cisco's Talos group. I believe Cisco no longer has open-source representatives like Sourcefire had. I believe everyone who volunteers for ClamAV/Snort are just volunteers and are not considered anything. I could be wrong, but I believe that is how it works now. |
|||||||||||||
|
|||||||||||||||
|
| |
|
ROCKNROLLKID
|
|
Contest winner for June 2016 was announced here: http://blog.clamav.net/2016/07/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
|
|||||||||||
|
|||||||||||||
|
| |
|
ROCKNROLLKID
|
|
CDFR has joined the signature partner program for ClamAV and will now be included for all users. They are also the first to join the 3rd party partner program. You can read more here: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
|
|||||||||||
|
|||||||||||||
|
| |
|
ROCKNROLLKID
|
|
July 2016 winner for community signature contest here: http://blog.clamav.net/2016/08/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29
|
|||||||||||
|
|||||||||||||
|
| |
|
ROCKNROLLKID
|
|
This is important to all of us here. ClamAV .99.3 will be using Visual Studio 2015. This will mean you will need Visual Studio 2015 if you want to compile the source code for ClamAV. Please note that this will break compatibility with older versions of ClamAV. You can read more here: http://blog.clamav.net/2016/08/clamav-0993-moving-to-visual-studio-2015.html
|
|||||||||||
|
|||||||||||||
|
| |
|
ROCKNROLLKID
|
|
Nothing important but if anyone is curious who the contest winners for August and September 2016 are: http://blog.clamav.net/2016/10/clamav-community-signature-contest.html
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
These look like heuristic detections to me--that's what we would have called them in Clam Sentinel.
Anyway, call it what you will, the Clam AV PUA detections were rife with false positives on packers. If you enable PUA detections (I guess this is still an optional detection, eh), I hope all the packer detections have been removed from PUA. We removed PUA detection in Clam Sentinel due to all the false positives. I guess the ClamWin command line entry (under the advanced tab) for PUA is still: --detect-pua. (no period). (I don't know if you can enable PUA in Clam Sentinel any more--don't think you can). Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Lipper
|
|
ClamAV Version number adjustment
http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29 |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
Thanks, Lipper. I told the developers about this. Looks like Clam AV is going to get out a quick V.99.3 to fix those vulnerabilities and wait a while on the old V.99.3 version they have been testing in beta. I guess lots of Linux email servers still use Clam AV for one of their AVs, so Clam can't afford to drag its heels on the vulns.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Lipper
|
|
You're welcome, Bob. I expect the ClamWin devs will port .99.3 final release to ClamWin to eliminate these vulnerabilities. I'm very curious, and awaiting Clam AV to publish said vulnerabilities.
As ever, Lipper |
|||||||||||
|
|||||||||||||
|
| |
|
Lipper
|
|
|
|||||||||||
|
|||||||||||||
|
| |
|
Lipper
|
|
ClamAV 0.100.0 beta has been released!
http://blog.clamav.net/2018/02/clamav-01000-beta-has-been-released.html |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
This will probably not have any effect on ClamWin. where the developers will wait for a proper final release. Clam AV says the release is so users can test the changes they have made, so it will not be released in its present form. Seems to me they are playing rather loose with their betas now (I know - there is a version change). They are asking for user help in testing. I wish they would ask for user help in substantive development ideas. They have never addressed any of mine.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Updates on ClamAV are posted here | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.