I'm not sure I understand exactly what you are looking for. When an individual submits a file directly to ClamAV, there is plenty of opportunity for them to make their case on what they believe is malicious. The form for doing this can be seen at <https://www.clamav.net/reports/malware <https://www.clamav.net/reports/malware>>. Of course this information is not publicly available, it simply helps the signature writers with their conclusions as to whether it's malware or not. It's up to ClamAV to decide whether it's malicious or not and should a user disagree for any reason, then they need to make their case back to ClamAV by reporting it as a "False Positive."
I suspect the main source of malware submissions is Virus Total, which is crowd source supported by both malware scanning vendors and a variety of other malware analysts. There you can sometimes find comments and votes publicly displayed that will help with what you appear to be struggling with. If you know anything about malware infections, there is often a section showing the behavior of any executable software which will assist you in determining whether or not it is behaving in a malicious way. If you are looking for detailed information on the hundreds of thousands of individual malware samples being submitted from all sources as many other software vendors do, then I think you are expecting way to much from a group that is providing a free product from a small staff and a large group of volunteers. When you charge for your product you can afford to establish a lab able to actively research malware infections 24/7 and publish their findings. It's pretty much all the ClamAV signature team can do to keep up with all the samples and much of what is done today is automated, with little or no information of the detail you are asking for. ClamAV appears to be focused on the art of signature writing, not malware discovery and analysis. I think you are asking for way too much unless you are willing to pay for it. -Al- On Fri, Jun 29, 2018 at 04:36 PM, Nikita Yerenkov-Scott wrote: > Basically in terms of the signatures people provide, even though you > can get the information of what they thought was malicious from the > sigtool, it would be really nice if there was at least an option for > people to also provide descriptions of *why* they thought it was > malicious. So that it is easier to tell if it's actually so and also > to deal with all the damage in case in is unclear all that it did. If > an option like this was provided then it would be really great if > users were encouraged to do so. It is so with all other AVs. It's > really unhelpful for Clam to give such little information on "malware" > it finds. It might not even be actually a malicious file. > > On Sat, 30 Jun 2018 at 00:35, Nikita Yerenkov-Scott > <yerenkov.sc...@gmail.com <mailto:yerenkov.sc...@gmail.com>> wrote: >> >> Basically in terms of the signatures people provide, even though you can get >> the information of what they thought was malicious from the sigtool, it >> would be really nice if there was at least an option for people to also >> provide descriptions of *why* they thought it was malicious. So that it is >> easier to tell if it's actually so and also to deal with all the damage in >> case in is unclear all that it did. If an option like this was provided then >> it would be really great if users were encouraged to do so. It is so with >> all other AVs. It's really unhelpful for Clam to give such little >> information on "malware" it finds. It might not even be actually a malicious >> file. >> >> On Sat, 30 Jun 2018 at 00:31, Joel Esler (jesler) <jes...@cisco.com >> <mailto:jes...@cisco.com>> wrote: >>> >>> Who needs to add a link to what, and what would you like to see? >>> >>> Sent from my iPhone >>> >>>> On Jun 29, 2018, at 19:11, Nikita Yerenkov-Scott <yerenkov.sc...@gmail.com >>>> <mailto:yerenkov.sc...@gmail.com>> wrote: >>>> >>>> Is there any chance that they will add a way of people giving a >>>> description of why they think that it is malware? >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> >> >> -- >> The world is filled with Totoros. -Al- -- Al Varnell Mountain View, CA
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
