[clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!

Discussion:

(too old to reply)

Joel Esler (jesler)

2016-07-13 18:40:29 UTC

http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html

CRDF Joins the ClamAV Signature Partner Program!
We'd like to welcome CRDF to the ClamAV Signature Detection Partner Program!

The CRDF<https://threatcenter.crdf.fr/> is the first 3rd party Signature house we've integrated into the program. Their signatures are now being distributed to all ClamAV Virus database subscribers, officially signed by us, and distributed through the official mirror system.

If you visit ClamAV.net<http://ClamAV.net> and file a false positive report against one of CRDF's signatures, they will also receive a copy of the False positive report at the same time we do.

You can keep abreast of who we bring into the Partner program on our Contact page on ClamAV.net<http://www.clamav.net/contact>, and we'll announce each new on here, on the ClamAV Blog. We have several more we are working on right now.

If you write ClamAV detection, and are interested in having it distributed to the entire ClamAV community, and receive donations and false positive reports from your signatures, please see our blog post<http://blog.clamav.net/2016/06/clamav-signatures.html> about how to join the program.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Joel Esler (jesler)

2016-07-14 11:25:55 UTC

Permalink

You're right. Nothing I said was negative. We know exactly what happens when our testing is done. We don't know in other cases. I didn't say anything about the quality of 3rd party signatures. In fact, the quality is so good, that's exactly why we are rolling out the program to protect more people.

Protecting customers is a good thing. We're always going to try and do that.

--
Joel Esler
iPhone

On Jul 14, 2016, at 3:21 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> <***@securiteinfo.com<mailto:***@securiteinfo.com>> wrote:

Hello,

We are putting out more detection for the user.
We are making it easier for the vast majority of our users to use ClamAV and
provide more detection with the built in system.

And that's a good way for everyone. I approve. We are all here to fight malwares, right ?

There are lots of places
out there that make detection other than us, but not distributed in an
large fashion, regression tested, etc.

How do you know ? Do you think SaneSecurity or Securiteinfo.com<http://Securiteinfo.com> does not verify their signatures before
publishing ? Do you know our technical infrastructure ?
SaneSecurity and SecuriteInfo.com<http://SecuriteInfo.com> are NOT poor-low quality-sub signatures. We provide FAST RESPONSE to
0-day malware threads and our detection ratio is actually FAR BETTER than Clamav+CRDF.
We will publish some public stats in a few weeks to proove the above.

That's true we have less users. But we could be surprise how many computers we protect in the word. And
as you say, we have 95% room for improvement, marketing stats of course.

SaneSecurity and SecuriteInfo.com<http://SecuriteInfo.com> signatures are compatible with freshclam.conf, this facilitates
integration with official Clamav. And the final user have the choice to include them or not.

Not everyone uses ClamAV on the command line to scan mail. Not everyone
uses it on *nix. Our user base is gigantic, and spreads over nearly every
platform we've ever seen.

Our signatures are good for other platforms too.

--
Best regards,

Arnaud Jacques
SecuriteInfo.com<http://SecuriteInfo.com>

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Joel Esler (jesler)

2016-07-14 12:21:22 UTC

Permalink

Arnaud,

Nothing I said was negative against 3rd party signature makers. I hope you are not upset by my comments. As I said, there is a ton of good content out there, and we want to get it out to more users.

As far as feedback, I'll talk to our team.

--
Joel Esler
iPhone

On Jul 14, 2016, at 8:09 AM, Arnaud Jacques / SecuriteInfo.com<http://SecuriteInfo.com> <***@securiteinfo.com<mailto:***@securiteinfo.com>> wrote:

Hello Joel,

You're right. Nothing I said was negative. We know exactly what happens
when our testing is done. We don't know in other cases. I didn't say
anything about the quality of 3rd party signatures. In fact, the quality
is so good, that's exactly why we are rolling out the program to protect
more people.

I have couple of signatures, handmade, I submited to community-sigs. And I have *no news* from them.
Did they pass false positive tests ? Are they wrong ? Will they be published one day ? Do Clamav want
better detection ratio ? If yes, the minimum is to provide news for sigmakers that sumbit their signatures
(time and efforts) to community-sigs to be included in official Clamav databases.

Protecting customers is a good thing. We're always going to try and do
that.

We (third parties) do that too ;)

--
Best regards,

Arnaud Jacques
SecuriteInfo.com<http://SecuriteInfo.com>

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml