Thursday, June 16, 2016

ClamAV Signatures

As many of you know, over the past several years, we’ve been retooling the entire backend of ClamAV.nets signature management system to handle a more streamlined release method and signature generation system.  Now that this work is complete, we’re reaching out to those of you in our ClamAV community that manage some form of third party ClamAV signature distribution systems.

We would like to potentially incorporate the feeds that you are producing into the official feed coming from our mirror network at ClamAV, out to the community.  We are going to ensure proper attribution for everyone’s work within the signature name.  

We haven’t determined what this will look like, but what we would like to see is the name of the feed, not only in the signature name, but a table to be maintained on ClamAV.net ensuring the proper mapping from signature name to your website (and donation system, if you have one).

We would be responsible for the “dropping” of a False positive prone ClamAV sig from the official db, however, our intention is to notify you of the FP on your sig when it is reported to us at the same time we are notified, so that the signature can be fixed.

This process is ongoing but if you are interested in being added to the list of those already contributing or have additional questions, please contact me at bcouncil@cisco.com

Your comments and concerns are also welcome.