Still no updates? On Thu, Mar 17, 2016 at 4:24 AM, Joel Esler (jesler) <jes...@cisco.com> wrote:
> > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.htm< > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance.html?m=1 > >l > > ClamAV Signature Interface maintenance is now complete! New Main.cvd! > Our ClamAV Signature Interface maintenance is now complete. While we > apologize for the delay, the rollout of the the new Signature Interface > inside of ClamAV will result in several new features for the community, and > I wanted to tell you about some of them: > > First, the first new “main.cvd” in about two years. This main.cvd has > been completely re-written from scratch, and while the function of the > “main” is largely the same, it’s been rewritten to not only enforce order > to the signatures, but naming convention as well. For example: > > W97M.Ethan.AK-1 has moved to Doc.Trojan.Ethan > Worm.Padowor.A-zippwd has moved to Win.Worm.Padowor > Adware.Smshoax has moved to Win.Adware.Smshoax > > Re-naming of the signatures may affect a local user’s whitelist. If you > have excluded certain signatures in the past that are now firing, we ask > that you both submit the file to us for false positive remediation (if you > believe it to be a false positive), and rename the signature whitelist on > your side. > > This new main is 109Mb in size, and contains 4 million signatures for > ClamAV. Now that the main.cvd has been rewritten, it is now easier for us > to create diffs, which means upgrading the main more often, and making the > “daily.cvd” smaller more often. > > Second, we now have the ability to offer different types of CVDs. For > instance, we now have the ability to distribute 3rd party signatures that > are officially signed by ClamAV, but updated through the ClamAV global > mirror network. If we wanted to separate out “policy” type signatures from > the daily.cvd into their own cvd, we can now do that. > > Third, while we have not removed some of the older signature formats, we > did convert those older signatures to the newer formats to empty those > older “cvd”s out. > > For example: > “db" signatures were consolidated into “ndb" signatures > “zmd" and “rmd" archive signatures we moved to the “cdb" container > signature format > > These formats are not new, they simply have never been published before. > This includes other formats such as “hsb", “msb", “sfp", and “crb". The > older formats are supported for now, we are simply no longer publishing > them. > > Fourth, newer features, like the ability to write signatures based on the > SHA256 of a file have been added to the system, and we can now publish that > type of detection. > > We’d like to thank you for your patience. > > ClamAV team > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
