On 7/25/2011 12:35 PM, Luca Gibelli wrote: > Hello, > > The ClamAV project is launching a new service called "Third Party web > interface". It will allow selected individuals/organizations to publish > ClamAV Virus Databases (CVD) through the ClamAV mirror network. >
Possibly in answer to this thread http://lurker.clamav.net/thread/20110627.064208.dc61d1be.en.html#20110627.064208.dc61d1be On the devel list > If you choose to publish your signatures through our Third Party > web interface you will benefit from the following: And of course, if you allow us to. Key Word above is "selected". :-) > - before publishing the signatures, we will test them for > false positives against our false positive file collection. > - before publishing the signatures, we'll verify that the latest two major > versions of ClamAV can load them correctly. > - the signatures will be digitally signed and packaged into a single > .cvd compressed file. Because as covered on the devel list, us lowly users can't be allowed to sign our own sigs. :-) Is this or is this not open source software? > - there will be no ".UNOFFICIAL" suffix in the detection names. That can be masked with open source software. :-) > - a custom prefix will be added to the detection names, identifying the > organization which published the signature. > - updates will be distributed both as full CVD files and cdiff > incremental updates. Users will benefit from lower network traffic. > - the .cvd and .cdiff files will be distributed through the > ClamAV mirror network. > - the service should result in faster remediation of false positives. Good QA, accountability, distribution, how convenient. Now what if I want to produce and sign my own cvd's for my own use, and not hand them to you first. > - ClamAV users will be able to download the third party databases > using freshclam, by adding a single line to freshclam.conf, what > should make signature maintenance significantly easier. Of course, the convenience of it all. Or you guys could just release the cvd signing methodology as Open Source like the rest of the project. > The service is still in beta, you are welcome to contact Luca Gibelli > <luca*clamav.net> if you intend to join the beta program. > > We especially welcome those who already distribute their own unofficial > signatures to join. A list of databases distributed by the new service > will be available at http://www.clamav.net/download/cvd/3rdparty This may be a viable option if I am developing sigs for everyone to use. Leveraging the official testing / distribution framework would be great. If I require cvd validation on the endpoints, and am producing sigs for a limited use application, this solution is worthless. Just open source the cvd signing methodology. > We will be happy to answer any questions you might have. Why not just Open Source the db signing methodology? Maybe have a fine "setting up a local cvd signing server" doc. A lot of us do the local mirror thing already anyways. > > PS: twitter is not a requirement > Glad to hear it.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
