> On Jun 25, 2014, at 1:40, "Dennis Peterson" <denni...@inetnw.com> wrote: > >> On 6/24/14, 9:16 PM, Al Varnell wrote: >> That’s certainly a valid question and deserves a ClamAV® answer, but I’ll >> throw this comment out. >> >> The signature team has always been overwhelmed by the number of new samples >> it receives every day and even though the team is bigger today, so is the >> input. >> >> They established a third party signature contribution system a few months >> ago and I’m sure part of the reason is to try to reduce what is apparently a >> growing backlog of samples which require manual signature writing. If those >> with the ability to write quality signatures and contribute them to this >> project can do so, we will all benefit from this. I don’t blame the team >> for trying to promote this new means of community contributions. >> >> It would appear that Steve is in a unique position here, in that he has his >> own UNOFFICIAL signature databases to contribute as well as the apparent >> skills to write them on his own. Obviously there is a much larger user base >> for official set so contributions there would be of broader benefit, yet he >> runs his own services to the community. Something he’ll need to consider >> and decide on his own. >> >> Just my two cents. >> >> -Al- >> Al Varnell >> Mountain View, CA > I don't blame them either but the arrangement is that of peers. Why set some > of them up as unofficial? Why put a limit on the very resource (2 submissions > per day) that that people need to make the product useful? Run all the > submitted signatures through the same QA process and stamp them official. > Create a signature writer's certification test to help streamline the > submission process so qualified people can include a sig with the submission. > And they can answer the earlier question, "How can we make the process > better?"
If people, Steve or others want to submit to the official list, they are more than welcome. We'll receive it, QA it like we do ours, and ship it in the official set, with attribution. It's not a problem. There's an artificial limitation (not really a restriction on uploads) because we have people, all the time that want to send us, say 100,000 samples. Well, submitting those all through the interface would be a bit tiresome :). So if people are going to submit a bunch of samples we ask them to get in touch with us and we can handle that differently. The certification is not a bad idea. We do it internally, and I know we have discussed it internally for external people as well. Alain can probably comment better on this, but I know he's worked with a couple people to teach them the more advanced sigs, and those people generate content. > It wouldn't hurt to have a youtube video that shows admins how to generate > simple day 0 check sum sigs that they can deploy locally while waiting for a > Cisco/SourceFire signature. In fact the submission process generates a > checksum that just needs to be captured to a file. We're currently doing a major overhaul to several of the backend systems on ClamAV. One is ClamAV.net itself. We do have training somewhere on how to write signatures. I don't know if we have the recording anymore, maybe I can get Alain to re-teach it. But if there Are people out there interested in writing sigs for ClamAV, by all means, let's do this. Steve, if you want to submit some, a few, all, (I know you have several feeds) whatever, to the official db, let's do this. Joel _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
