Monday, June 19, 2017

BASS Automated Signature Synthesizer

ClamAV Users --

Please take a look at the newest OpenSource project from Cisco Talos, entirely released towards the ClamAV audience, the BASS Automated Signature Synthesizer.



A short preview to the blog post linked above, is the following:

BASS (pronounced "bæs") is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters. It is meant to reduce resource usage of ClamAV by producing more pattern-based signatures as opposed to hash-based signatures, and to alleviate the workload of analysts who write pattern-based signatures. The framework is easily scalable thanks to Docker. 
Please note that this framework is still considered in the Alpha stage and as a result, it will have some rough edges. As this tool is open source and actively maintained by us, we gladly welcome any feedback from the community on improving the functionality of BASS. You can find source code for BASS here:
https://github.com/Cisco-Talos/bass

Please check out our project,  check it out, play with it, use it, and help us improve it.

Wednesday, June 7, 2017

ClamAV Main.cvd and Main-cdiff.cvd have been published!

As promised, we were able to ship a new Main.cvd and the cdiff for the main.cvd a few minutes ago.

It should have hit the mirrors in the past few minutes. As always, this will increase the amount of traffic on the mirrors from people downloading the file, and should settle down within in the next 12-24 hours.

I’d like to thank our Signature team for working late into the night the past several days in order to get this out on time!

We have tested this Main.cvd and cdiff on all currently supported versions of ClamAV. Please let us know via the clamav-users list if there are any problems.