Tuesday, September 18, 2012

ClamAV Stats, we need more of them, we need your help

We've been working pretty hard behind the scenes over here on ClamAV, its backend infrastructure, and moving the codebase as well as its detection up the ladder.

In order for us to get some accurate statistics about what you all are seeing out there, in the field, we need as many people as possible to "opt-in" to some statistics gathering features that we have built into the code base.

If you've ever browsed around ClamAV.net, I'm sure you've probably bumped into this page:
http://www.clamav.net/lang/en/download/cvd/malware-stats/ at some point.  These are statistics that are provided by you all, the users of ClamAV, collected and correlated on our backend systems here.  It allows us to see trends across signatures and allows us to check in on what you are seeing in the actual real world.

We need more people to opt-in to this feature.  We are looking at growing the detection rate and feature set of ClamAV's detection functionality, and this type of data will allow us to see where we need to pinpoint resources.

If you can participate in the program, please go here:


Follow the instructions above and you should be good to go!  Thanks!
Posted by at
Labels: ,

Windows versions of ClamAV 0.97.6 posted!

All:

If you are a Windows user of ClamAV, you'll be happy to know that we have released the Windows builds for ClamAV 0.97.6 to our Sourceforge site here:

http://sourceforge.net/projects/clamav/files/clamav/win32/0.97.6/

Please feel free to download, use, and provide feedback via the ClamAV-Users list here:

http://lists.clamav.net/mailman/listinfo/clamav-users

Thanks!

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
Posted by at
Labels: , ,

Monday, September 17, 2012

ClamAV 0.97.6 has been released.

Dear ClamAV users,

ClamAV 0.97.6 includes minor bug fixes and detection improvements.

Download: http://downloads.sourceforge.net/clamav/clamav-0.97.6.tar.gz
PGP sig: http://downloads.sourceforge.net/clamav/clamav-0.97.6.tar.gz.sig
ChangeLog: https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog

--

Posted by at
Labels: ,

Tuesday, July 3, 2012

ClamAV's Wiki

The ClamAv Wiki is currently down.  It hadn't been updated for some time (several years!) and it was time to covert it into something more useable.

We are currently converting the relevant documentation that was in the Wiki into something more useful and it will be forthcoming.
Posted by at
Labels: ,

Friday, June 22, 2012

Introducing the new ClamAV team

Earlier this week we announced a new chapter for ClamAV with the departure of Tomasz Kojm, Alberto Wu, Luca Gibelli and Edwin Török. While we are sad to see them go, we are grateful for the contributions they have made and are committed to carrying on the project with the community in mind.

As Tomasz mentioned in his own email, ClamAV just had its 10th birthday. Over the years we've been able to integrate ClamAV into our own product suite and it is now used by millions of mail filters, operating systems and millions of file scans per day. It's big, and we want it to be even bigger, with open source commitment at its core.

So, now that we've begun this new chapter, I’d like to introduce you to some new members of the ClamAV team. These folks might be new to ClamAV, but they have been with the Sourcefire Vulnerability Research Team (VRT) for quite some time, and all have worked on other open source projects. Without further ado, they are:

Matthew Olney is the project development lead for ClamAV and lead architect for the Razorback framework. Pulling from his experience as a network and security engineer, he’s also a detection specialist for Snort and a frequent contributor of signatures to the ClamAV engine itself.

Ryan Pentney is the lead bytecode engine developer for ClamAV; a perfect complement to his role as lead developer for file format detection for the Razorback framework. He also is a contributor to both the Snort and ClamAV engines.

Tom Judge has a strong background in systems and security operations. He is a FreeBSD committer, a lead developer for the Razorback framework and a long-time user of ClamAV. On the ClamAV development team, he concentrates on FireAMP integration, virtual machine interfacing and freshclam development.

David Raynor is the core engine developer for ClamAV. He was a developer of a major scalable security system for the United States Department of Homeland Security before coming to Sourcefire.

Nigel Houghton has been with Sourcefire as the lead of the Department of Intelligence Excellence for almost 10 years. Nigel has vast knowledge of programming, operating systems, administration, and security. His team is responsible for the ClamAV supporting infrastructure as well as releasing signature updates.

As I mentioned, all of the above are members of the VRT, led by Matt Watchinski, who has overseen the ClamAV project since Sourcefire acquired it in 2007. We remain committed to continuing the open source nature of the project, pushing the growth of the project even farther.

As always, you can reach us on the ClamAV Mailing lists found here: http://www.clamav.net/lang/en/ml/. We look forward to hearing your ideas and feedback. Thanks for using ClamAV and we look forward to working with you.



Joel Esler
Open Source Community Manager
Senior Research Engineer, VRT
Sourcefire
Posted by at
Labels: , ,

Tuesday, June 19, 2012

A New Chapter for ClamAV

Earlier today, Tomasz Kojm sent an email to the ClamAV mailing list on behalf of himself and three of his teammates - Alberto Wu, Luca Gibelli, Edwin Török. As he wrote in his email, since they joined us via acquisition in 2007, we’ve been able to work together on some great projects. And now, as we celebrate the 10-year anniversary of ClamAV, the team has decided to move onto new development projects outside of Sourcefire. From his email:
“...it is time for us to make a change. ClamAV is now mature software and we are confident that Sourcefire will successfully continue its development, move it forward and maintain the integrity of its infrastructure.”
And mature it has. Today the solution has more than 2 million active installations and scans hundreds of millions of files every day. I am incredibly proud of the leadership of Tomasz and the tenacity of his team in all of these development projects. While I am remiss to see them go, I am excited and looking forward to what they come up with next.

Now, what does this mean for you, our ClamAV users and community? The good news is that I will continue to oversee the development project, as I have done since our acquisition of the company in 2007.  Joel Esler, our Open Source community manager, will still be your main point of contact. I do want you to be aware of a few changes to come:
  • ClamAV source package signing. The signing key will no longer be tkojm@clamav.net. It will be research@sourcefire.com. This is the main VRT GPG key, and has been signed by tkojm@clamav.net. 
  • New faces 
    • Matt Olney
    • David Raynor
    • Tom Judge
    • Nigel Houghton
  • 0.97.5 New Release

If you need to reach us for any reason, email vrt@sourcefire.com. In the meantime, please join me in expressing thanks to Tomasz, Alberto, Luca and Edwin for all of their contributions to the ClamAV project.
Posted by at
Labels:

Friday, June 15, 2012

ClamAV 0.97.5 has been released!

Just released is version 0.97.5 of ClamAV.  Below is the changelog:

Fri Jun 1 13:15:50 EST 2012 (dar)
---------------------------------
 * libclamav: Scan output at end of truncated tar (bb#4625) 

Wed May 30 17:27:00 EST 2012 (dar)
----------------------------------
 * libclamav: Fix handling of tar file with malformed header
         (bb#4627)

Fri May 25 13:05:40 EST 2012 (dar)
----------------------------------
 * libclamav: Scan chm with invalid handling (bb#4626)

Thu May 10 15:45:56 CEST 2012 (tk)
----------------------------------
 * freshclam: give custom dbs higher priority during update

Tue May  8 15:31:51 CEST 2012 (acab)
------------------------------------
 * libclamav: detect read races and abort the scan with an error
       (bb#4669)

Tue Apr 10 17:04:20 CEST 2012 (tk)
----------------------------------
 * libclamav/pe.c: drop old header check (bb#4699)

We are currently experiencing some problems updating our freshmeat account, however, in the meantime ClamAV, as always, is available from http://www.clamav.net








Posted by



at


























Labels:
,













                                          

                                        

                                        

                                      



Friday, June 1, 2012




                                        

                                      


















ClamAV vs. ContentIQ Test series







I wanted to call attention to a series of blog posts that Alain is writing over on the VRT blog about the ContentIQ test and ClamAV's results with that test.  Enjoy:



http://blog.talosintel.com/2012/02/clamav-vs-content-iq-test-part-1.html

http://blog.talosintel.com/2012/03/clamav-vs-content-iq-test-part-2.html

http://blog.talosintel.com/2012/04/clamav-vs-content-iq-test-part-3.html








Posted by



at


























Labels:
,
,













                                          

                                        

                                        

                                      



Monday, May 28, 2012




                                        

                                      


















Building a Computer Disaster Recovery Toolkit







In this article over at CNET, one of the things they discuss is using An Ubuntu Live CD, included with ClamAV to help repair infected computers. 







Article here








Posted by



at


























Labels:
,













                                          

                                        

                                        

                                      



Thursday, May 24, 2012




                                        

                                      


















ClamAV as a service on Windows with Kerio Connect / Mailserver







A quick blog post about installing ClamWin with Kerio Connect. 



http://blog.campodoro.org/?p=269








Posted by



at


























Labels:
,













                                      

                                    










Subscribe to:

Posts
                                      (
                                      Atom
                                      )