On Mon, Feb 13, 2012 at 05:04:34AM -0500, Michael Richards wrote: > Do the sigmakers just waste their time sifting through tons of > duplicate submissions?
I sure hope not. I am more than happy to help creating faster "process" for this if ClamAV guys can tell what they need or at least old system should be documented somehow. Why not create this as a open-source :) If I am correct the duplicates mostly come from big av-check sites. They send reports with old signatures and/or when they send the file it is not in fact known, but it is known when ClamAV guys starts to add the signature. > How about a tracking system when you submit a file? In my opinion these could help. https://bugzilla.clamav.net/show_bug.cgi?id=1969 https://bugzilla.clamav.net/show_bug.cgi?id=4335 > I've used the web submit option a number of times and checked back to > see that a virus was added but without any results. I encounter a > large number of viruses each month as I run a large mail system. > Whenever a new threat begins I typically start seeing it at the > mailserver first. I've found that Norton has taken a number of my > submissions and generally released updates within hours of the new > virus being submitted. I respect the fact that clamav is free and > everyone has a day job but more than a week after the bbb email virus > came out it still hasn't been added and my mailserver has recorded > more than 100,000 instances (so it's not some rare email virus). This > is not the first time this has happened. For example the dhl virus I > submitted over a month ago was never added. I finally added a script > to load some non-official virus sigs which catches a few more but the > official database updates seem to be going a little slow. This is also a reason that I have heard in the field for not taking ClamAV as a mail-filtering product to company. - Henri Salo _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
