Dear Al, Thank you very much for your response. Completely understand the ClamAV position. Perhaps one day if you expand then there will be more capability for documentation of the samples.
Best wishes, Nikita On Sat, 30 Jun 2018 at 12:34, Nikita Yerenkov-Scott <yerenkov.sc...@gmail.com> wrote: > > Dear Al, > > Thank you very much for your response. Completely understand the ClamAV > position. Perhaps one day if you expand then there will be more capability > for documentation of the samples. > > > Best wishes, > > Nikita > > On Sat, 30 Jun 2018 at 04:09, Al Varnell <alvarn...@mac.com> wrote: >> >> I'm not sure I understand exactly what you are looking for. >> >> When an individual submits a file directly to ClamAV, there is plenty of >> opportunity for them to make their case on what they believe is malicious. >> The form for doing this can be seen at >> <https://www.clamav.net/reports/malware>. Of course this information is not >> publicly available, it simply helps the signature writers with their >> conclusions as to whether it's malware or not. It's up to ClamAV to decide >> whether it's malicious or not and should a user disagree for any reason, >> then they need to make their case back to ClamAV by reporting it as a "False >> Positive." >> >> I suspect the main source of malware submissions is Virus Total, which is >> crowd source supported by both malware scanning vendors and a variety of >> other malware analysts. There you can sometimes find comments and votes >> publicly displayed that will help with what you appear to be struggling >> with. If you know anything about malware infections, there is often a >> section showing the behavior of any executable software which will assist >> you in determining whether or not it is behaving in a malicious way. >> >> If you are looking for detailed information on the hundreds of thousands of >> individual malware samples being submitted from all sources as many other >> software vendors do, then I think you are expecting way to much from a group >> that is providing a free product from a small staff and a large group of >> volunteers. When you charge for your product you can afford to establish a >> lab able to actively research malware infections 24/7 and publish their >> findings. It's pretty much all the ClamAV signature team can do to keep up >> with all the samples and much of what is done today is automated, with >> little or no information of the detail you are asking for. ClamAV appears to >> be focused on the art of signature writing, not malware discovery and >> analysis. I think you are asking for way too much unless you are willing to >> pay for it. >> >> -Al- >> >> On Fri, Jun 29, 2018 at 04:36 PM, Nikita Yerenkov-Scott wrote: >> >> Basically in terms of the signatures people provide, even though you >> can get the information of what they thought was malicious from the >> sigtool, it would be really nice if there was at least an option for >> people to also provide descriptions of *why* they thought it was >> malicious. So that it is easier to tell if it's actually so and also >> to deal with all the damage in case in is unclear all that it did. If >> an option like this was provided then it would be really great if >> users were encouraged to do so. It is so with all other AVs. It's >> really unhelpful for Clam to give such little information on "malware" >> it finds. It might not even be actually a malicious file. >> >> On Sat, 30 Jun 2018 at 00:35, Nikita Yerenkov-Scott >> <yerenkov.sc...@gmail.com> wrote: >> >> >> Basically in terms of the signatures people provide, even though you can get >> the information of what they thought was malicious from the sigtool, it >> would be really nice if there was at least an option for people to also >> provide descriptions of *why* they thought it was malicious. So that it is >> easier to tell if it's actually so and also to deal with all the damage in >> case in is unclear all that it did. If an option like this was provided then >> it would be really great if users were encouraged to do so. It is so with >> all other AVs. It's really unhelpful for Clam to give such little >> information on "malware" it finds. It might not even be actually a malicious >> file. >> >> On Sat, 30 Jun 2018 at 00:31, Joel Esler (jesler) <jes...@cisco.com> wrote: >> >> >> Who needs to add a link to what, and what would you like to see? >> >> Sent from my iPhone >> >> On Jun 29, 2018, at 19:11, Nikita Yerenkov-Scott <yerenkov.sc...@gmail.com> >> wrote: >> >> Is there any chance that they will add a way of people giving a >> description of why they think that it is malware? >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> >> >> >> -- >> The world is filled with Totoros. >> >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> >> >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > > > > -- > The world is filled with Totoros. > > > > > > > -- The world is filled with Totoros. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
