[clamav-users] Why are the ClamAV team so slow at creating signatures ?

Mark Allan markjallan at blueyonder.co.uk
Fri Oct 3 11:10:24 EDT 2014


On 3 Oct 2014, at 03:39 pm, Gene Heskett <gheskett at wdtv.com> wrote:

> On Friday 03 October 2014 07:19:13 Tim Smith did opine
>> Over the last 24-48 hours, I submitted a number of email attachments.
>> RAR files that contained viruses.
>> 
>> Running one or two of them through VirusTotal today, I see ClamAV have
>> *STILL* not managed to produce virus definitions for them !
>> 
>> All of the commercial vendors I submitted the samples to had analysed
>> and created samples in timeframes ranging from hours to one day.
>> 
>> At this rate I'm going to be dumping ClamAV from my systems and
>> subscribing to a service from a commercial vendor .....
>> 
>> Looking forward to hearing the reasons why !
> 
> Perhaps you should consider submitted them in a compressed file format 
> that is NOT proprietary to apple and which carries a per seat license fee?
> 
> Cheers, Gene Heskett

I'll admit that Tim's email rather reeked of entitlement, but Gene's response is just confusing and wrong.  Yes, the RAR file format is proprietary, but not to Apple - it was a Russian named Eugene Roshal (Roshal ARchive hence RAR) who came up with it and the licence is only required for creating files of that format; software to extract RAR files is free.

Also, ClamAV already contains code to unRAR these archives.

Anyway, I digress from the original question.

The reason it takes time to generate signatures from files/samples which are contributed by users is that the signatures are still generated manually by humans, most of whom have other jobs and unless I'm mistaken are therefore giving their time voluntarily.  I've always found the turnaround time to be pretty good actually, especially for free software.

Mark




More information about the clamav-users mailing list