ClamAV Bugzilla new ticket creation will redirect to GitHub Issues

In early 2021, we made a decision to switch to using GitHub directly. Before then, our primary Git repository was sequestered to the Cisco corporate network. The public GitHub repository was just a mirror. That made it tougher for us to connect to and work with contributors from the ClamAV community. Our daily routines drew our attention away from GitHub.

At the same time, we also settled on a plan for how we could test using GitHub Issues for ClamAV bug reports. Initially, this would supplement our aging Bugzilla server. While Bugzilla requires users to make an account on our server, enabling GitHub Issues would open up bug reporting to the wider GitHub community that already has an account.

Since enabling GitHub Issues at the start of June, we have found that using GitHub Issues has been a very positive experience. At this point, most of our reports come in through GitHub Issues. With the aid of issue templates, the quality of bug reports coming through GitHub Issues has also been of a higher caliber than those coming through Bugzilla. With users following guidance in the template, the bug reports are generally easier to triage and respond to intelligently. 

All that being said, we will disable Bugzilla ticket creation so we can focus all new bug reports towards GitHub Issues. Effective immediately, the new ticket creation form on bugzilla.clamav.net will redirect users to the new issue creation page on our primary ClamAV repository on GitHub.com.

Existing open tickets on Bugzilla will remain open for now, and the Bugzilla server is expected to remain available through 2022 as we complete this transition. 

If you have an open ticket on Bugzilla and would like to help migrate it to GitHub Issues, we would appreciate the help. If you choose to migrate any tickets from Bugzilla to GitHub Issues, please add references in each ticket and close the original Bugzilla ticket(s) to assist our team with the ticket queue maintenance.

Thank you!

Micah

New online documentation and other improved open-source processes

By Micah Snyder.

I'm excited to announce that we are making several changes that will improve how we work with the open-source community. We've also made several other changes to ClamAV.net over the past year that we are excited to formally unveil today, including a new security policy and new build advisories. 

ClamAV Community Signature Contest Winner for July 2016

We'd like to congratulate our July winner of the monthly ClamAV Community Signature contest: Askar Dyussekeyev

Congratulations and thank you for your contributions!

For more information on how you can get involved in the monthly contest and try and win your ClamAV swag, please see my post on the blog.

Once again, thank you, and congratulations to Askar!

ClamAV Community Signature contest winner for June 2016

We'd like to congratulate our June winner of the monthly ClamAV Community Signature contest:   Arnaud Jacques!

Congratulations and thank you for your contributions!

For more information on how you can get involved in the monthly contest and try and win your ClamAV swag, please see my post on the blog.

Once again, thank you, and congratulations to Arnaud!

ClamAV Signatures

As many of you know, over the past several years, we’ve been retooling the entire backend of ClamAV.net’s signature management system to handle a more streamlined release method and signature generation system.  Now that this work is complete, we’re reaching out to those of you in our ClamAV community that manage some form of third party ClamAV signature distribution systems.

We would like to potentially incorporate the feeds that you are producing into the official feed coming from our mirror network at ClamAV, out to the community.  We are going to ensure proper attribution for everyone’s work within the signature name.  

We haven’t determined what this will look like, but what we would like to see is the name of the feed, not only in the signature name, but a table to be maintained on ClamAV.net ensuring the proper mapping from signature name to your website (and donation system, if you have one).

We would be responsible for the “dropping” of a False positive prone ClamAV sig from the official db, however, our intention is to notify you of the FP on your sig when it is reported to us at the same time we are notified, so that the signature can be fixed.

This process is ongoing but if you are interested in being added to the list of those already contributing or have additional questions, please contact me at bcouncil@cisco.com. 

Your comments and concerns are also welcome.  

Create your Own Anti-Virus Signatures with ClamAV

Today I came across this older blog post (almost 10 years old at this point!) about a simple method you can use to create your won Anti-Virus signatures with ClamAV.

The article has a nice walk through of how to dump an attachment out of an email, how to write a simple ndb signature to detect it, and how to deploy it.  I thought this was fairly simple and well done, so I wanted to share.

If you are interested in creating your own detection, this article is worth checking out.

http://blog.adamsweet.org/?p=250

If you want to proceed a step further and submit those signatures back to us, we'll take a look as well, and if you submit the most in a month, we'll send you some nice swag!

ClamAV Community Signature contest winner for March, 2016

We'd like to congratulate our first winner of the monthly ClamAV Community Signature contest:  Samuel Borell!

Congratulations!  Thank you for your contributions!

For more information on how you can get involved in the monthly contest and try and win your ClamAV swag, please see my post on the blog.

Once again, thank you, and congratulations to Samuel!

ClamAV Monthly Community Signature contest!

Here at ClamAV, we continue to welcome signature submissions to improve community detection. As a thanks to our community, we like to reward individuals with some cool “ClamAV swag” items such as our ClamAV t-shirts, battery chargers, Snort calendars, and other goodies for signature submissions accepted.

Standard rules for submission criteria:

We are accepting signatures into ClamAV via the Community-Sigs mailing list, which anyone may join here:  http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs

When we receive a signature, we will follow our standard internal procedures (which involves heavy QA of the signature, testing, optimization for performance, and running it against our bank of clean files).

You may reference the ClamAV Signatures Manual for general signature questions, as well as discussing it among fellow ClamAV Signature writers on the above list.

The signatures are released in the Official ClamAV Signature Set and are available to the ClamAV community via our normal mirror rule distribution process, published approximately every four hours!

We will provide you feedback about how to improve your signatures such as what you should or should not do, tips and tricks involved with the latest versions of ClamAV, as well as giving the author full attribution for their submissions.

If you’d like to submit to the ClamAV signature set, please email the above list with your signatures and research behind it (pcap, ascii dump, references, anything!)

As always False positive reports belong here: http://www.clamav.net/reports/fp

The highest submitter for accepted signatures for each month will receive some goodies.  Keep in mind that we must accept the signatures.

We thank the community in advance for community submissions, as well as continued submission of false positive reports.

What to do with MD5 checksums of files provided as an Indicator of Compromise?

I spotted this blog article over on thepcn3rd blog, with a really simple blog article on how to generate ClamAV detection quickly given an md5 for a malicious file.

As I have researched malware and the indicators of compromise an MD5 checksum of the files are provided so that you can detect them in your environment. I am not sure about your anti-virus but I am not able to plug-in an MD5 and have it search for them across the enterprise as it does it's scan.

The blog highlights a great point about ClamAV and Open Source, the ability to generate your own detection!

Take a look at the blog here.

Open Source Community Meeting next week at RSA!

After a lot of hard work by our teams, and with RSA just a few days away, we are proud to announce that along with Cisco and Sourcefire's corporate teams being present at RSA, and for the first time we will also be holding an Open Source Community Meeting!

Matt Watchinski (Director of the Vulnerability Research Team) and myself, Joel Esler, (Open Source Manager) will be presenting on the state of our Open Source projects at Sourcefire, the state of Open Source now that we are Cisco,  some future developments and of course, open Q&A!

So here's some attendance details:

Open Source Community Meeting
Executive Conference Center
55 4th Street -- Level 2
San Francisco, CA 94103

Wednesday, February 26th, 2014
12:00pm - 2:00pm

Lunch will be provided on site.

We also have some exclusive Swag give-aways that not only no one else has, but aren't available anywhere else!  Available for the first 40 people that come through the door (if we have your size).

We'll have availability for about 50 people on site, so first come, first served, let's make this a repeating event!

We look forward to seeing you there!