On 29.02.2016 10:46, Groach wrote:
On 29/02/2016 10:14, Al Varnell wrote:On Sun, Feb 28, 2016 at 05:26 AM, Theodore Alcapotaxis wrote:It's industry practice that a third-party vendor, e.g. Symantec, discovers a new virus, it has to share it with other vendors such as Eset, Kapersky, McAfee…Yes, it is Industry practice to share malware samples when doing so is in both vendor’s mutual interest, but some are better than others and Symantec is one I’ve heard is on the stingy side. There is nothing that says they have to share. For instance, Symantec doesn't participate in VirusTotal. But that’s not really the point. Samples are a totally different ball game from signatures. They are found in-the-wild, making them public property not really belonging to the vendor that happens to finds them.But turning those samples into a signature requires an expenditure on the part of the vendor so those signatures along with the code that allows them to be used for scanning is protected by intellectual property and copyright laws. As far as I know, ClamAV is the only vendor to publicly release it’s signature formats: <https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf>. And I’m totally unaware of any of the other vendors sharing their signature databases.-Al-And I will also add this thought to reinforce the point....Why would Symantec, Kaspersky, McAfee etc spend thousands on systems and employing staff to identify and create signatures just to release them for users to get then use them for free by using them with Clam (thus avoiding the need to buy their product)?NO antivirus vendor "has to share" anything. "Choosing" to and "having" to are totally different things.
when I look at the last few mails of signature database updates then there is something quite strange ...
and I would ask if it only me that sees it like this: e.g. Submission-ID: xxxxxx Sender: IKARUS Security Software GmbH Submission notes: Same as in Submission-ID xxxxx Added: No or Submission-ID: xxxxxxx Sender: Virus Total Sender: Anonymous Sender: IKARUS Security Software GmbH Added: any name whenever I see IKARUS Security Software GmbH as the only sender of the submission it is not added because it was done before, but when I see this company together with other senders it is added; this looks quite strange to me; IKARUS Security Software GmbH is a vendor of Anti-Virus software in Austria; and they provide the so called T3scan http://updates.ikarus.at/updates/update.html for free; but you can also have a Anti-Virus software from this company like the one from Kaspersky, McAfee (now Intel), ... as payware; this has been my Anti-Virus for the last 10 years; IKARUS was the first company in the whole world that offered Anti-Virus software ... the first releases go back to the early 1990s
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
