[clamav-users] clamav-virusdb mailing list - what is the use?

Fri Mar 11 08:57:29 UTC 2016

Hello

Ok, so I understand the process:

1,  If you have a false positive or you have a suspicious file you send 
it to ClamAV via the website and wait a few days for them to process it.
2,  When they do process it (in theory) you get an email back saying 
something to the effect of :

"Dear ClamAV user,

The following submissions have been processed and published:
-

See http://lists.clamav.net/pipermail/clamav-virusdb/2016-March/ "

3,  By its referenced inclusion, you then go to 
http://lists.clamav.net/pipermail/clamav-virusdb/2016-March to see some 
'details'

But what is the point of this mailing list?

Because it doesnt show anything meaningful within the individual postings:

Example:

Submission-ID: 14926518
Sender: Virus Total
Sender: VirScan.org
Sender: Anonymous
Sender: Paul McKnight
Added: No

(and a LOT of them).

"Submission-ID" - what does that refer to?  It certainly isnt a anything 
that I received back at time of submitting.  Completely ambiguous.

"Sender" - ok, this I accept

"Added" - what does that mean?  (In the experience of a recent 
submission of mine I received an "Added=no" and I had submitted a False 
Positive report.  And most entries say "no").

I thought the theory of this mailing list was to allow people to view 
their (or any other) submissions with the details yet the details they 
give have no use whatsoever beyond that of the 'Sender' ID and the 
header "ClamAV database updated..." Date. (And even then the SenderId is 
no good if you have done multiple submissions).

And this is all pointless anyway as there is no longer any search 
facility any more (I submitted a report and now must go through every 
entry individually, doing a CTRL-F search, looking for the Sender id of 
interest(!), backwards, and then backout, in to the next posting, and 
repeat again...and again....and again...until I find one).

Did anyone actually THINK about the point of publishing this list and 
whether it has any use to anyone?

I would like to see something more meaningful where:

a, 'Submission ID' is a reference that is given to the user making the 
report in the first place (currently the users dont get anything)
b, 'Added' means something more meaningful that makes it clear whether a 
new virus signature has been created, a false positive has been removed, 
or whether the submission was just disregarded for some reason (making 
the reason clear).
c, Bring back a SEARCH facility so that a user can search for either a 
signature definition (when it was added) or their recent submission (to 
see if it has been processed yet).

Take this as constructive feedback.  But if anyone can give an answer 
with convincing reasons as to why this mailing list is of interest to 
any member of public, and how they are expected to use it, then Im all ears