[clamav-users] Why are the ClamAV team so slow at creating signatures ?

Dennis Peterson dennispe at inetnw.com
Fri Oct 3 17:12:14 EDT 2014


On 10/3/14 8:10:24AM, Mark Allan wrote:
> On 3 Oct 2014, at 03:39 pm, Gene Heskett <gheskett at wdtv.com> wrote:
>
>> On Friday 03 October 2014 07:19:13 Tim Smith did opine
>>> Over the last 24-48 hours, I submitted a number of email attachments.
>>> RAR files that contained viruses.
>>>
>>> Running one or two of them through VirusTotal today, I see ClamAV have
>>> *STILL* not managed to produce virus definitions for them !
>>>
>>> All of the commercial vendors I submitted the samples to had analysed
>>> and created samples in timeframes ranging from hours to one day.
>>>
>>> At this rate I'm going to be dumping ClamAV from my systems and
>>> subscribing to a service from a commercial vendor .....
>>>
>>> Looking forward to hearing the reasons why !
>> Perhaps you should consider submitted them in a compressed file format
>> that is NOT proprietary to apple and which carries a per seat license fee?
>>
>> Cheers, Gene Heskett
> I'll admit that Tim's email rather reeked of entitlement, but Gene's response is just confusing and wrong.  Yes, the RAR file format is proprietary, but not to Apple - it was a Russian named Eugene Roshal (Roshal ARchive hence RAR) who came up with it and the licence is only required for creating files of that format; software to extract RAR files is free.
>
> Also, ClamAV already contains code to unRAR these archives.
>
> Anyway, I digress from the original question.
>
> The reason it takes time to generate signatures from files/samples which are contributed by users is that the signatures are still generated manually by humans, most of whom have other jobs and unless I'm mistaken are therefore giving their time voluntarily.  I've always found the turnaround time to be pretty good actually, especially for free software.
>
> Mark
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

 From http://www.unrarlib.org/faq.html

Q: Do you know that the license for the unrar sources from RARLab is not 
compatible with the GNU Public license?

A: Yes, this is true. But we have the permission from Eugene Roshal to 
release unrarlib 0.4.0 under GPL and unrarlib-license. Note: this 
doesn't mean that RAR is free now or you can use the unrar source from 
RARlabs under GPL. You are just allowed to use UniquE RAR File Library 
version 0.4.0 (unrarlib 0.4.0) under GPL.

A lot of people avoid RAR as a result.

dp



More information about the clamav-users mailing list