At 3:18 PM +1200 4/18/09, Jason Haar wrote: >Tom Shaw wrote: >> What I would like (and I think that others that submit malware files >> to clamav.net would like) is for clamav.net to provide a method for >> us to programmatically query to determine if either 1) the file has >> already been determined by clamav to be not malicious or 2) you have >> the file in your processing queue and don't need a second copy. This >> would allow us to stop resending reports to you when you are already >> on top of it and also allow us to remove them from our signature >> files when they are added to the main clamav database (which we do >> now) or when you have determined that the file is not malware. >> >I'd suggest doing what virustotal does - refer to previously uploaded >files by their md5/sha1 checksums. They are independent of filename and >much easier to check against programmatically.
Jason You misunderstand or I didn't explain properly. We have over 200 unique signatures. We do locally check there hashes and reject duplicates. A query capability using md5 signatures would be fine as long as it differentiated between received but not processed yet and deemed safe. Tom _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
