Walter, Thanks. The issue is that we receive over a million new samples a day. We prioritize those samples for analysis and detection in a number of ways, one of the ways, of course, being "number of submitters". So, for example if we see 13 different places giving us the same sample, obviously the file is pretty widespread.
One of the best ways to help us, is to generate your own signatures and submit those to us on the Community-sigs list. http://www.clamav.net/contact.html That way we can take the coverage, FP test it, and ship it out faster. I'll even return in kind, after 20 submissions, I'll send you a brand new (just had them made) ClamAV Tshirt. How does that sound? -- Joel Esler Sent from my iPhone On Jan 28, 2015, at 6:23 AM, Walter Bürger <walter.buer...@arscons.de<mailto:walter.buer...@arscons.de>> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I can confirm that. My samples never make it into daily. I am very frustrated about that. I use the same link to upload as Wagner, http://www.clamav.net/report/report-malware.html, enter my full name, my email, check notify me, check share this sample with other AV vendors, upload the malware file and submit the malware report. The submit procedure is successful every time as I get the http://www.clamav.net/report/success.html page every time. In the last three days I uploaded a sample, I don't know how often I uploaded it. Every day I checked if clamav could detect the virus in the sample after a new daily arrived. And every day clamav couldn't detect it. I checked on three different machines, linux, windows and openbsd. Virustotal.com<http://Virustotal.com> says about my sample: SHA256: bb1e635aa88a6906473713bd49368553f49c21e885c1586742542b3fee4b405c Dateiname: ccp.exe Erkennungsrate: 42 / 57 Analyse-Datum: 2015-01-28 09:32:11 UTC ( vor 0 Minuten ) If I imagine how often this possibly happens and how many samples it never make into daily, then this could be one of the main reasons why clamav has such a terribly bad detection rate. So, what can we do to remedy the problem and make the detection rate of clamav better ? Best regards, Walter. On 01/26/15 19:08, Wagner De Queiroz wrote: Dear users. I receive new viruses (Brazilian malware trojans) all day, and I submit to clamav, but my submissions never appear at virus list. I like to suggest at clamav page to submit files a kind of verify the upload sha256 or md5sum like virustotal website does to know if the submission are new one or not. to stop rising the high number of new submissions all day and maybe better our beloved anti-virus. Maybe put a option at clamav anti-virus to check before send new samples. When I receive a new malware sample, when came at .zip or .rar file, I open the .zip or .rar to expose the .exe trojan before send to virustotal check if the last clamav saw anything before send at website of clamav. My english is not good, and maybe my message can't be understood. but I have hope this email can make a difference. The link what I use to send new samples are: http://www.clamav.net/report/report-malware.html http://cgi.clamav.net/sendvirus.cgi _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlTIxqYACgkQkoswlxeNK+xWMACgqfiZYE7qM5nHBrd+3pYBE+D/ C5YAoIZMEu9ZkBAOYP+EJAX9DcFNRjNw =sr9b -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
