[clamav-users] Add virus databases and signatures from third-party vendors

[Al Varnell]

On Sun, Feb 28, 2016 at 05:26 AM, Theodore Alcapotaxis wrote:
> 
> It's industry practice that a third-party vendor, e.g. Symantec, discovers a new virus, it has to share it with other vendors such as Eset, Kapersky, McAfee…

Yes, it is Industry practice to share malware samples when doing so is in both vendor’s mutual interest, but some are better than others and Symantec is one I’ve heard is on the stingy side.  There is nothing that says they have to share.  For instance, Symantec doesn't participate in VirusTotal.  But that’s not really the point.  Samples are a totally different ball game from signatures.  They are found in-the-wild, making them public property not really belonging to the vendor that happens to finds them.  

But turning those samples into a signature requires an expenditure on the part of the vendor so those signatures along with the code that allows them to be used for scanning is protected by intellectual property and copyright laws.  As far as I know, ClamAV is the only vendor to publicly release it’s signature formats: 
<https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf>.  And I’m totally unaware of any of the other vendors sharing their signature databases.


-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160229/28ef27c2/attachment.bin>