Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-30 Thread Nikita Yerenkov-Scott
Dear Al, Thank you very much for your response. Completely understand the ClamAV position. Perhaps one day if you expand then there will be more capability for documentation of the samples. Best wishes, Nikita On Sat, 30 Jun 2018 at 12:34, Nikita Yerenkov-Scott wrote: > > Dear Al, > > Thank

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-30 Thread Nikita Yerenkov-Scott
Dear Al, Thank you very much for your response. Completely understand the ClamAV position. Perhaps one day if you expand then there will be more capability for documentation of the samples. Best wishes, Nikita On Sat, 30 Jun 2018 at 04:09, Al Varnell wrote: > I'm not sure I understand

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-29 Thread Al Varnell
I'm not sure I understand exactly what you are looking for. When an individual submits a file directly to ClamAV, there is plenty of opportunity for them to make their case on what they believe is malicious. The form for doing this can be seen at

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-29 Thread Nikita Yerenkov-Scott
Basically in terms of the signatures people provide, even though you can get the information of what they thought was malicious from the sigtool, it would be really nice if there was at least an option for people to also provide descriptions of *why* they thought it was malicious. So that it is

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-29 Thread Nikita Yerenkov-Scott
Basically in terms of the signatures people provide, even though you can get the information of what they thought was malicious from the sigtool, it would be really nice if there was at least an option for people to also provide descriptions of *why* they thought it was malicious. So that it is

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-29 Thread Joel Esler (jesler)
Who needs to add a link to what, and what would you like to see? Sent from my iPhone > On Jun 29, 2018, at 19:11, Nikita Yerenkov-Scott > wrote: > > Is there any chance that they will add a way of people giving a > description of why they think that it is malware?

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-29 Thread Nikita Yerenkov-Scott
Is there any chance that they will add a way of people giving a description of why they think that it is malware? Because with an AV product this is really a very important necessity to have so it would be nice if it at least was given as an option. And encouraged of people as well of course. This

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Nikita Yerenkov-Scott
Dear Maarten, Thank you very much for your response, it has been very useful to myself and others. Could you please update your AskUbuntu answer with this information. As that is what the question was getting at. Thanks, Nikita On Thu, 28 Jun 2018 at 15:33, Maarten Broekman wrote: > > As the

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Maarten Broekman
As the use of sigtool was the only thing not covered explicitly in the signature creation documentation (signatures.pdf), that was the only thing left to fill in. The documentation covers everything else needed to create your own signatures, including the accepted naming conventions and a

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Tilman Schmidt
IMHO that doesn't answer the question. When I see a message like: /path/to/file: Win.Exploit.Unicode_Mixed-1 FOUND sigtool can only tell me how that signature is defined, ie. what content it considers malicious. In order to decide on an appropriate course of action I'd like to know what the

Re: [clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Maarten Broekman
Answered TL;Dr Use sigtool to find and decode the signature. Sent from a tiny keyboard > On Jun 28, 2018, at 06:57, Nikita Yerenkov-Scott > wrote: > > Hello, > > A question on this matter exists on this Linux site: >

[clamav-users] Is there any documentation on what signatures mean?

2018-06-28 Thread Nikita Yerenkov-Scott
Hello, A question on this matter exists on this Linux site: https://askubuntu.com/questions/571342/clamav-virus-detections-documentation However it never received an answer. So I am wondering if there is an answer to that now or how things work? And if there are any plans to regulate the