Tom Shaw wrote: > Currently, I am tracking 233 files containing malware that have been > submitted both directly to clamav.net and virustotal.com and yet > continue not to show up in the signature database so that they can be > detected. My scripts check them frequently against the current clamav > databases using 0.95.1 and re-report them to clamav.net every two > weeks or so. > > I am pretty sure that they all are malware as the virustotal reports > the some AV vendors detect them within the first two weeks after we > initially receive them in our honeypot. > > I release signatures of these files in winnow_malware.hdb which > sanesecurity graciously distributes for me. > > What I would like (and I think that others that submit malware files > to clamav.net would like) is for clamav.net to provide a method for > us to programmatically query to determine if either 1) the file has > already been determined by clamav to be not malicious or 2) you have > the file in your processing queue and don't need a second copy. This > would allow us to stop resending reports to you when you are already > on top of it and also allow us to remove them from our signature > files when they are added to the main clamav database (which we do > now) or when you have determined that the file is not malware.
Maybe posting the Submission-ID after one submits the file may help too. Best regards, Rafael. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml