This is the list clamav users and administrators use to troubleshoot, debug,
install, and configure the product. The support staff also participate and
answer questions that can't be answered by reading the manual. It is intended
for product support. The other lists are for product improvement through false
positive handling and malware sample submissions.
dp
On 3/11/16 12:57 AM, Groach wrote:
Hello
Ok, so I understand the process:
1, If you have a false positive or you have a suspicious file you send it to
ClamAV via the website and wait a few days for them to process it.
2, When they do process it (in theory) you get an email back saying something
to the effect of :
"Dear ClamAV user,
The following submissions have been processed and published:
-
See http://lists.clamav.net/pipermail/clamav-virusdb/2016-March/ "
3, By its referenced inclusion, you then go to
http://lists.clamav.net/pipermail/clamav-virusdb/2016-March to see some 'details'
But what is the point of this mailing list?
Because it doesnt show anything meaningful within the individual postings:
Example:
Submission-ID: 14926518
Sender: Virus Total
Sender: VirScan.org
Sender: Anonymous
Sender: Paul McKnight
Added: No
(and a LOT of them).
"Submission-ID" - what does that refer to? It certainly isnt a anything that
I received back at time of submitting. Completely ambiguous.
"Sender" - ok, this I accept
"Added" - what does that mean? (In the experience of a recent submission of
mine I received an "Added=no" and I had submitted a False Positive report.
And most entries say "no").
I thought the theory of this mailing list was to allow people to view their
(or any other) submissions with the details yet the details they give have no
use whatsoever beyond that of the 'Sender' ID and the header "ClamAV database
updated..." Date. (And even then the SenderId is no good if you have done
multiple submissions).
And this is all pointless anyway as there is no longer any search facility any
more (I submitted a report and now must go through every entry individually,
doing a CTRL-F search, looking for the Sender id of interest(!), backwards,
and then backout, in to the next posting, and repeat again...and again....and
again...until I find one).
Did anyone actually THINK about the point of publishing this list and whether
it has any use to anyone?
I would like to see something more meaningful where:
a, 'Submission ID' is a reference that is given to the user making the report
in the first place (currently the users dont get anything)
b, 'Added' means something more meaningful that makes it clear whether a new
virus signature has been created, a false positive has been removed, or
whether the submission was just disregarded for some reason (making the reason
clear).
c, Bring back a SEARCH facility so that a user can search for either a
signature definition (when it was added) or their recent submission (to see if
it has been processed yet).
Take this as constructive feedback. But if anyone can give an answer with
convincing reasons as to why this mailing list is of interest to any member of
public, and how they are expected to use it, then Im all ears
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
