Discussion:
[clamav-users] ClamAV® blog: CRDF Joins the ClamAV Signature Partner Program!
(too old to reply)
Benny Pedersen
2016-07-13 19:06:09 UTC
Permalink
http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
what ExtraDatabase is it in freshclam ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Joel Esler (jesler)
2016-07-13 19:11:43 UTC
Permalink
On Jul 13, 2016, at 3:06 PM, Benny Pedersen <***@junc.eu<mailto:***@junc.eu>> wrote:

On 2016-07-13 20:40, Joel Esler (jesler) wrote:
http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html

what ExtraDatabase is it in freshclam ?

It’s not. It’s in the regular daily.cvd that you download from us.
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-fa
Benny Pedersen
2016-07-13 19:25:45 UTC
Permalink
Post by Benny Pedersen
what ExtraDatabase is it in freshclam ?
It’s not. It’s in the regular daily.cvd that you download from us.
silly imho :(
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/conta
Joel Esler (jesler)
2016-07-13 19:30:34 UTC
Permalink
Why would it be silly to make life easier for millions of users?
Post by Benny Pedersen
Post by Benny Pedersen
what ExtraDatabase is it in freshclam ?
It’s not. It’s in the regular daily.cvd that you download from us.
silly imho :(
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contac
Benny Pedersen
2016-07-13 19:34:31 UTC
Permalink
Post by Joel Esler (jesler)
Why would it be silly to make life easier for millions of users?
its is since users want choices

why is SafeBrowsing not on pr default ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Axb
2016-07-13 19:36:19 UTC
Permalink
My guess is that Benny doens't really mean "silly" but probably is his
"special" way of saying that it would be nice to be able to opt-in to
third party sigs.
Post by Joel Esler (jesler)
Why would it be silly to make life easier for millions of users?
Post by Benny Pedersen
Post by Benny Pedersen
what ExtraDatabase is it in freshclam ?
It’s not. It’s in the regular daily.cvd that you download from us.
silly imho :(
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.htm
Joel Esler (jesler)
2016-07-13 19:52:02 UTC
Permalink
Nothing prevents anyone from using 3rd party sigs. We just want to incorporate 3rd party sigs into the official repo, for more coverage, for more users.

If ClamAV has, say, 10M users, how many of those 10M do you suppose also run 3rd party sigs? I’d say less that 5%.
My guess is that Benny doens't really mean "silly" but probably is his "special" way of saying that it would be nice to be able to opt-in to third party sigs.
Post by Joel Esler (jesler)
Why would it be silly to make life easier for millions of users?
Post by Benny Pedersen
Post by Benny Pedersen
what ExtraDatabase is it in freshclam ?
It’s not. It’s in the regular daily.cvd that you download from us.
silly imho :(
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-f
Axb
2016-07-13 20:06:33 UTC
Permalink
He means :

freshclam.conf

# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors.
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2

Do we aggree that any signatures which are NOT written by Sourcefire
staff are third party?

That would be the freshclam "opt-in" option

ExtraDatabase crdfam.clamav.hdb
(or whatever the naming would be)

If suddenly the CRDF sigs have a badhair day, they can be easily "disabled".

And ppl running on limited resources would have a little bit of extra
control.

What else would "ExtraDatabase" be used for?

Axb
Post by Joel Esler (jesler)
Nothing prevents anyone from using 3rd party sigs. We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.
If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs? I’d say less that 5%.
Post by Axb
My guess is that Benny doens't really mean "silly" but probably is
his "special" way of saying that it would be nice to be able to
opt-in to third party sigs.
Post by Joel Esler (jesler)
Why would it be silly to make life easier for millions of users?
what ExtraDatabase is it in freshclam ? It’s not. It’s in
the regular daily.cvd that you download from us.
silly imho :( _______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________ Help us build a
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________ Help us build a
comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________ Help us build a
comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clama
Benny Pedersen
2016-07-13 20:07:15 UTC
Permalink
Post by Joel Esler (jesler)
Nothing prevents anyone from using 3rd party sigs. We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.
If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs? I’d say less that 5%.
marketing stats
Post by Joel Esler (jesler)
Post by Axb
My guess is that Benny doens't really mean "silly" but probably is his
"special" way of saying that it would be nice to be able to opt-in to
third party sigs.
bravo 5% understand me :(
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
Joel Esler (jesler)
2016-07-13 20:13:09 UTC
Permalink
All third party signatures have the name of the third party submitter in the signature itself. For example:

* Win.Malware.Agent4285353149/CRDF-1

I understand what you are saying Benny, however, we’re rather err on the side of shipping more detection to protect users.
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com



On Jul 13, 2016, at 4:07 PM, Benny Pedersen <***@junc.eu<mailto:***@junc.eu>> wrote:

On 2016-07-13 21:52, Joel Esler (jesler) wrote:
Nothing prevents anyone from using 3rd party sigs. We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.
If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs? I’d say less that 5%.

marketing stats

On Jul 13, 2016, at 3:36 PM, Axb <***@gmail.com<mailto:***@gmail.com>> wrote:
My guess is that Benny doens't really mean "silly" but probably is his "special" way of saying that it would be nice to be able to opt-in to third party sigs.

bravo 5% understand me :(
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://ww
Benny Pedersen
2016-07-13 20:20:02 UTC
Permalink
Post by Joel Esler (jesler)
All third party signatures have the name of the third party submitter
* Win.Malware.Agent4285353149/CRDF-1
I understand what you are saying Benny, however, we’re rather err on
the side of shipping more detection to protect users.
just dont call it 3dr party then

ExtraDatabase would have worked aswell
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/cont
Joel Esler (jesler)
2016-07-13 20:21:40 UTC
Permalink
It basically has to do with our how signature system works.
Post by Benny Pedersen
Post by Joel Esler (jesler)
All third party signatures have the name of the third party submitter
* Win.Malware.Agent4285353149/CRDF-1
I understand what you are saying Benny, however, we’re rather err on
the side of shipping more detection to protect users.
just dont call it 3dr party then
ExtraDatabase would have worked aswell
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/conta
Benny Pedersen
2016-07-13 20:27:07 UTC
Permalink
Post by Joel Esler (jesler)
It basically has to do with our how signature system works.
so its complicated ?

i still like to know why its 3rd party, and why its not just added in
ExtraDatabase

marketing stats dont intrest me

SafeBrowsing is a option, why is 3dr party forced ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Paul Kosinski
2016-07-14 01:21:55 UTC
Permalink
I too would like the option. (One of the reasons I use ClamAV is
because of its lack of bloat.)

So how about having "extra" databases in freshclam.conf that are
enabled by default? Or perhaps a minimal ClamAV-origin-only database
as an alternative to the default "full" database.

Paul Kosinski


On Wed, 13 Jul 2016 20:13:09 +0000
Post by Joel Esler (jesler)
All third party signatures have the name of the third party submitter
* Win.Malware.Agent4285353149/CRDF-1
I understand what you are saying Benny, however, we’re rather err on
the side of shipping more detection to protect users.
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
On Jul 13, 2016, at 4:07 PM, Benny Pedersen
Nothing prevents anyone from using 3rd party sigs. We just want to
incorporate 3rd party sigs into the official repo, for more coverage,
for more users.
If ClamAV has, say, 10M users, how many of those 10M do you suppose
also run 3rd party sigs? I’d say less that 5%.
marketing stats
On Jul 13, 2016, at 3:36 PM, Axb
that Benny doens't really mean "silly" but probably is his "special"
way of saying that it would be nice to be able to opt-in to third
party sigs.
bravo 5% understand me :(
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/cla
Arnaud Jacques / SecuriteInfo.com
2016-07-14 07:20:23 UTC
Permalink
Hello,
We are putting out more detection for the user.
We are making it easier for the vast majority of our users to use ClamAV and
provide more detection with the built in system.
And that's a good way for everyone. I approve. We are all here to fight malwares, right ?
There are lots of places
out there that make detection other than us, but not distributed in an
large fashion, regression tested, etc.
How do you know ? Do you think SaneSecurity or Securiteinfo.com does not verify their signatures before
publishing ? Do you know our technical infrastructure ?
SaneSecurity and SecuriteInfo.com are NOT poor-low quality-sub signatures. We provide FAST RESPONSE to
0-day malware threads and our detection ratio is actually FAR BETTER than Clamav+CRDF.
We will publish some public stats in a few weeks to proove the above.

That's true we have less users. But we could be surprise how many computers we protect in the word. And
as you say, we have 95% room for improvement, marketing stats of course.

SaneSecurity and SecuriteInfo.com signatures are compatible with freshclam.conf, this facilitates
integration with official Clamav. And the final user have the choice to include them or not.
Not everyone uses ClamAV on the command line to scan mail. Not everyone
uses it on *nix. Our user base is gigantic, and spreads over nearly every
platform we've ever seen.
Our signatures are good for other platforms too.
--
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Arnaud Jacques / SecuriteInfo.com
2016-07-14 12:09:09 UTC
Permalink
Hello Joel,
You're right. Nothing I said was negative. We know exactly what happens
when our testing is done. We don't know in other cases. I didn't say
anything about the quality of 3rd party signatures. In fact, the quality
is so good, that's exactly why we are rolling out the program to protect
more people.
I have couple of signatures, handmade, I submited to community-sigs. And I have *no news* from them.
Did they pass false positive tests ? Are they wrong ? Will they be published one day ? Do Clamav want
better detection ratio ? If yes, the minimum is to provide news for sigmakers that sumbit their signatures
(time and efforts) to community-sigs to be included in official Clamav databases.
Protecting customers is a good thing. We're always going to try and do
that.
We (third parties) do that too ;)
--
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Ralf Hildebrandt
2016-07-14 12:24:28 UTC
Permalink
http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
Are these signatures already active?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
***@charite.de Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clam
Arnaud Jacques / SecuriteInfo.com
2016-07-14 12:42:43 UTC
Permalink
Post by Ralf Hildebrandt
http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html
Are these signatures already active?
Yes, since a few days
--
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Loading...