ClamWin Free Antivirus :: View topic

Posted: Thu Jun 16, 2016 9:28 pm

RRK: I think what Clam AV is saying is that they don't have enough signatures and they are asking for more help with signatures. Maybe they finally realize the Open Source community can be helpful--if it is smart enough to take advantage of it. They are trying to find out what unofficial signatures are out there in quantity and they are trying to figure out a mechanism to use them. Clam will take responsibility for any false positives, although they will inform the submitting organization of their false positive signatures.

Is there a new Open Source coordinator at Clam now?

Regards,

Posted: Fri Jun 17, 2016 11:28 pm

For all users using Clamd for either ClamWin or ClamAV, the ClamAV team reported attacks through TCP sockets using Clamd. If you do use Clamd and you need TCP, please read this article on how to protect yourself from these attacks: https://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29

Posted: Fri Jun 17, 2016 11:31 pm

GuitarBob wrote:

Is there a new Open Source coordinator at Clam now?Regards,

As far as I am concerned, everyone who was working at Sourcefire is now apart of Cisco's Talos group. I believe Cisco no longer has open-source representatives like Sourcefire had. I believe everyone who volunteers for ClamAV/Snort are just volunteers and are not considered anything. I could be wrong, but I believe that is how it works now.

Posted: Thu Jul 07, 2016 12:21 am

Contest winner for June 2016 was announced here: https://blog.clamav.net/2016/07/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29

Posted: Wed Jul 13, 2016 11:45 pm

CDFR has joined the signature partner program for ClamAV and will now be included for all users. They are also the first to join the 3rd party partner program. You can read more here: https://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html

Posted: Thu Aug 04, 2016 6:07 am

July 2016 winner for community signature contest here: https://blog.clamav.net/2016/08/clamav-community-signature-contest.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29

Posted: Wed Aug 10, 2016 5:59 pm

This is important to all of us here. ClamAV .99.3 will be using Visual Studio 2015. This will mean you will need Visual Studio 2015 if you want to compile the source code for ClamAV. Please note that this will break compatibility with older versions of ClamAV. You can read more here: https://blog.clamav.net/2016/08/clamav-0993-moving-to-visual-studio-2015.html

Posted: Sat Oct 08, 2016 3:52 am

Nothing important but if anyone is curious who the contest winners for August and September 2016 are: https://blog.clamav.net/2016/10/clamav-community-signature-contest.html

Posted: Sat Oct 08, 2016 6:31 pm

These look like heuristic detections to me--that's what we would have called them in Clam Sentinel.

Anyway, call it what you will, the Clam AV PUA detections were rife with false positives on packers. If you enable PUA detections (I guess this is still an optional detection, eh), I hope all the packer detections have been removed from PUA. We removed PUA detection in Clam Sentinel due to all the false positives.

I guess the ClamWin command line entry (under the advanced tab) for PUA is still: --detect-pua. (no period). (I don't know if you can enable PUA in Clam Sentinel any more--don't think you can).

Regards,

Posted: Thu Jan 25, 2018 1:15 am

ClamAV Version number adjustment

Quote:

This is a heads up to the ClamAV community, we are changing our version numbering scheme as follows. Our versions will follow x.y.z (major.minor.patch). Major releases will be reserved for major feature additions or changes that may be incompatible with previous releases. Minor releases will be for regular bug fixes and minor feature changes/additions. Patches will be reserved for security fixes to address CVE and other critical bug fixes. more...

https://blog.clamav.net/2018/01/clamav-version-number-adjustment.html?utm_source=dlvr.it&utm_medium=twitter&utm_campaign=Feed%3A+Clamav+%28ClamAV%C2%AE%29

Posted: Thu Jan 25, 2018 2:03 am

Thanks, Lipper. I told the developers about this. Looks like Clam AV is going to get out a quick V.99.3 to fix those vulnerabilities and wait a while on the old V.99.3 version they have been testing in beta. I guess lots of Linux email servers still use Clam AV for one of their AVs, so Clam can't afford to drag its heels on the vulns.

Regards,

Posted: Fri Jan 26, 2018 1:21 am

You're welcome, Bob. I expect the ClamWin devs will port .99.3 final release to ClamWin to eliminate these vulnerabilities. I'm very curious, and awaiting Clam AV to publish said vulnerabilities.

As ever,
Lipper

Posted: Sat Jan 27, 2018 1:48 am

ClamAV 0.99.3 has been released!

https://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Posted: Wed Feb 07, 2018 2:07 am

ClamAV 0.100.0 beta has been released!

Quote:

ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2. The 0.99.3 patch release on January 25th was required to address vulnerability fixes in a timely manner, so the features previously found in 0.99.3 betas have been bumped to this new version. more...

https://blog.clamav.net/2018/02/clamav-01000-beta-has-been-released.html

Posted: Wed Feb 07, 2018 1:37 pm

This will probably not have any effect on ClamWin. where the developers will wait for a proper final release. Clam AV says the release is so users can test the changes they have made, so it will not be released in its present form. Seems to me they are playing rather loose with their betas now (I know - there is a version change). They are asking for user help in testing. I wish they would ask for user help in substantive development ideas. They have never addressed any of mine.

Regards,