That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw this comment out.
The signature team has always been overwhelmed by the number of new samples it receives every day and even though the team is bigger today, so is the input. They established a third party signature contribution system a few months ago and I’m sure part of the reason is to try to reduce what is apparently a growing backlog of samples which require manual signature writing. If those with the ability to write quality signatures and contribute them to this project can do so, we will all benefit from this. I don’t blame the team for trying to promote this new means of community contributions. It would appear that Steve is in a unique position here, in that he has his own UNOFFICIAL signature databases to contribute as well as the apparent skills to write them on his own. Obviously there is a much larger user base for official set so contributions there would be of broader benefit, yet he runs his own services to the community. Something he’ll need to consider and decide on his own. Just my two cents. -Al- Al Varnell Mountain View, CA On Tue, Jun 24, 2014 at 07:44 PM, Dennis Peterson wrote: > > Why wouldn't ClamAV be interested in creating this signature as part of their > own distribution? It's a virus, it's what you do, no? > > dp > > On 6/24/14, 11:14 AM, Joel Esler (jesler) wrote: >> On Jun 24, 2014, at 11:01 AM, Bowie Bailey >> <bowie_bai...@buc.com<mailto:bowie_bai...@buc.com>> wrote: >> On 6/24/2014 9:53 AM, Walter Bürger wrote: >> Hi dear ClamAV team, >> >> I submitted the same file as yesterday to >> virustotal.com<http://virustotal.com/>: >> >> Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe >> (MD5 ad690be247dda635781e20887fcac0e7) >> >> 30 out of 54 scanners detected a virus >> (NOD32 named it Win32/Emotet.AA) >> but ClamAV did not detect it. >> >> I am just curious why ClamAV still can't detect it. >> >> AFAIK, virustotal only uses the official signatures. Your samples were >> detected by a Sanesecurity unofficial signature. >> >> Correct. >> >> Steve, >> >> If SaneSecurity wants to push the sig into the official set, you can get in >> touch with us at any time, which we’ll give you and your team full credit >> for. >> >> -- >> Joel Esler >> Open Source Manager >> Threat Intelligence Team Lead >> Vulnerability Research Team= _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
