[clamav-users] clamav-virusdb mailing list - what is the use?

Fri Mar 11 09:33:26 UTC 2016

I can’t disagree with much of what you have said.  Others have complained about the lack of specificity on why a particular submission was not added.  Sometimes it’s duplicative, sometimes the sample was deemed to be safe and other times it was removed as a False Postive, but in all case it just says “No”.  I too would like to know exactly what “No” means for something I submitted, but have little or no interest in other submissions.  

I also complained when the old archive was taken down as it has become much more difficult to find out when a particular signature was added to the database, which is often helpful to know when you suspect False Positives.  I had to invest in a specialized e-mail search utility in order to search efficiently and even that doesn’t help when they fail to send an e-mail for every update.

I would also like to be directed to the exact update where my submission was addressed, rather than having to search through each message in a Months worth, although I can usually find my name in the most recent one, not always.

As to the stated purpose of this list it is for Users who "need support for ClamAV.”  The rules don’t really narrow that purpose.

My observation is that although a wide variety of subjects are addressed, most of them revolve around problems with the use of ClamAV on a particular platform or OS.  Discussions of FP’s and submissions used to be rare and were usually when they had some major impact on many users.  It’s only been recently that routine submissions have become more frequent.  I think I’m also seeing more bugs mentioned here than has been the case.

Unless the powers that be decide to limit the subject matter here, it seems most anything is appropriate for users needing support for ClamAV.

-Al-

On Fri, Mar 11, 2016 at 12:57 AM, Groach wrote:
> 
> Hello
> 
> Ok, so I understand the process:
> 
> 1,  If you have a false positive or you have a suspicious file you send it to ClamAV via the website and wait a few days for them to process it.
> 2,  When they do process it (in theory) you get an email back saying something to the effect of :
> 
> "Dear ClamAV user,
> 
> The following submissions have been processed and published:
> -
> 
> See http://lists.clamav.net/pipermail/clamav-virusdb/2016-March/ "
> 
> 
> 3,  By its referenced inclusion, you then go to http://lists.clamav.net/pipermail/clamav-virusdb/2016-March to see some 'details'
> 
> But what is the point of this mailing list?
> 
> Because it doesnt show anything meaningful within the individual postings:
> 
> Example:
> 
> Submission-ID: 14926518
> Sender: Virus Total
> Sender: VirScan.org
> Sender: Anonymous
> Sender: Paul McKnight
> Added: No
> 
> (and a LOT of them).
> 
> "Submission-ID" - what does that refer to?  It certainly isnt a anything that I received back at time of submitting.  Completely ambiguous.
> 
> "Sender" - ok, this I accept
> 
> "Added" - what does that mean?  (In the experience of a recent submission of mine I received an "Added=no" and I had submitted a False Positive report.  And most entries say "no").
> 
> I thought the theory of this mailing list was to allow people to view their (or any other) submissions with the details yet the details they give have no use whatsoever beyond that of the 'Sender' ID and the header "ClamAV database updated..." Date. (And even then the SenderId is no good if you have done multiple submissions).
> 
> And this is all pointless anyway as there is no longer any search facility any more (I submitted a report and now must go through every entry individually, doing a CTRL-F search, looking for the Sender id of interest(!), backwards, and then backout, in to the next posting, and repeat again...and again....and again...until I find one).
> 
> Did anyone actually THINK about the point of publishing this list and whether it has any use to anyone?
> 
> I would like to see something more meaningful where:
> 
> a, 'Submission ID' is a reference that is given to the user making the report in the first place (currently the users dont get anything)
> b, 'Added' means something more meaningful that makes it clear whether a new virus signature has been created, a false positive has been removed, or whether the submission was just disregarded for some reason (making the reason clear).
> c, Bring back a SEARCH facility so that a user can search for either a signature definition (when it was added) or their recent submission (to see if it has been processed yet).
> 
> 
> Take this as constructive feedback.  But if anyone can give an answer with convincing reasons as to why this mailing list is of interest to any member of public, and how they are expected to use it, then Im all ears
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160311/6c8eb4c7/attachment.bin>