Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Al Varnell
I also tracked down a problem with False Positives that I personally reported to ClamXAV support that was passed on and received this response from Steve Morgan: > Thanks, we are also observing these same FP's in our testing. They are on the > roadmap for 0.99.3. -Al- On Fri, Sep 08, 2017 at

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Al Varnell
I'm aware of at least one bug was reported on the developer-list in mid-August and last I knew the patch was still not working. On Fri, Sep 08, 2017 at 09:32 AM, Joel Esler (jesler) wrote: > We don’t have a slated date yet. We’ve had about 6000 downloads of the beta > package and no reported bu

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Joel Esler (jesler)
We don’t have a slated date yet. We’ve had about 6000 downloads of the beta package and no reported bugs so far. So far, so good. -- Joel Esler | Talos: Manager | jes...@cisco.com On Sep 8, 2017, at 8:20 AM, Vijayakumar U mailto:vj1...@gmail.com>> wrote: When

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Paul Kosinski
MD5 has been discredited (found insecure) a long time ago. Putting out *new* signatures with SHA256 shouldn't be all that hard. And just like some new sigs needing a recent version of ClamAV because of their content, SHA-signed sigs could demand a new ClamAV version. As far as a being a security i

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Vijayakumar U
This is what I was expecting. Thanks for the reply. When can we expect the 99.3 stable release ? On Fri, Sep 8, 2017 at 5:01 PM, Alain Zidouemba wrote: > We are shipping sha256 signatures now. See contents of daily.hsb. We > are no longer shipping new hdb (md5) signatures. > > -Alain > > > On

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Vijayakumar U
I'm not asking to update previously collected signatures. At-least from now on while adding new ones lets have it as sha256sum. On Fri, Sep 8, 2017 at 4:57 PM, Al Varnell wrote: > I'm struggling to understand how that would improve the DB? It's not a > security issue and it would seemingly invol

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Alain Zidouemba
We are shipping sha256 signatures now. See contents of daily.hsb. We are no longer shipping new hdb (md5) signatures. -Alain > On Sep 8, 2017, at 7:28 AM, Al Varnell wrote: > > I'm struggling to understand how that would improve the DB? It's not a > security issue and it would seemingly involve

Re: [clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Al Varnell
I'm struggling to understand how that would improve the DB? It's not a security issue and it would seemingly involve a ton of work to run all those samples again just to get a larger number which would require additional time to download and space to store the DB as well as in RAM. -Al- On Fri

[clamav-users] Signatures in md5sum not in sha256sum

2017-09-08 Thread Vijayakumar U
Dear Team, Do we have any plans to maintain/update the signature DB with sha256sum? Is there any specific reason to maintain the signatures in md5sum format? Please clarify. -- Cheers, Vijay. ___ clamav-users mailing list clamav-users@lists.clamav.ne