[clamav-users] Add virus databases and signatures from third-party vendors
Walter H.
Walter.H at mathemainzel.info
Mon Feb 29 20:25:05 UTC 2016
On 29.02.2016 10:46, Groach wrote:
>
>
> On 29/02/2016 10:14, Al Varnell wrote:
>> On Sun, Feb 28, 2016 at 05:26 AM, Theodore Alcapotaxis wrote:
>>> It's industry practice that a third-party vendor, e.g. Symantec,
>>> discovers a new virus, it has to share it with other vendors such as
>>> Eset, Kapersky, McAfee…
>> Yes, it is Industry practice to share malware samples when doing so
>> is in both vendor’s mutual interest, but some are better than others
>> and Symantec is one I’ve heard is on the stingy side. There is
>> nothing that says they have to share. For instance, Symantec doesn't
>> participate in VirusTotal. But that’s not really the point. Samples
>> are a totally different ball game from signatures. They are found
>> in-the-wild, making them public property not really belonging to the
>> vendor that happens to finds them.
>>
>> But turning those samples into a signature requires an expenditure on
>> the part of the vendor so those signatures along with the code that
>> allows them to be used for scanning is protected by intellectual
>> property and copyright laws. As far as I know, ClamAV is the only
>> vendor to publicly release it’s signature formats:
>> <https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf>.
>> And I’m totally unaware of any of the other vendors sharing their
>> signature databases.
>>
>>
>> -Al-
> And I will also add this thought to reinforce the point....
>
> Why would Symantec, Kaspersky, McAfee etc spend thousands on systems
> and employing staff to identify and create signatures just to release
> them for users to get then use them for free by using them with Clam
> (thus avoiding the need to buy their product)?
>
> NO antivirus vendor "has to share" anything. "Choosing" to and
> "having" to are totally different things.
when I look at the last few mails of signature database updates then
there is something quite strange ...
and I would ask if it only me that sees it like this:
e.g.
Submission-ID: xxxxxx
Sender: IKARUS Security Software GmbH
Submission notes: Same as in Submission-ID xxxxx
Added: No
or
Submission-ID: xxxxxxx
Sender: Virus Total
Sender: Anonymous
Sender: IKARUS Security Software GmbH
Added: any name
whenever I see IKARUS Security Software GmbH as the only sender of the submission
it is not added because it was done before,
but when I see this company together with other senders it is added;
this looks quite strange to me;
IKARUS Security Software GmbH is a vendor of Anti-Virus software in Austria;
and they provide the so called T3scan
http://updates.ikarus.at/updates/update.html
for free;
but you can also have a Anti-Virus software from this company
like the one from Kaspersky, McAfee (now Intel), ...
as payware; this has been my Anti-Virus for the last 10 years;
IKARUS was the first company in the whole world that offered
Anti-Virus software ...
the first releases go back to the early 1990s
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160229/0bca2b8f/attachment.bin>
More information about the clamav-users
mailing list