[clamav-users] clamav-virusdb mailing list - what is the use?

Fri Mar 11 16:29:49 UTC 2016

This is the list clamav users and administrators use to troubleshoot, debug, 
install, and configure the product. The support staff also participate and 
answer questions that can't be answered by reading the manual. It is intended 
for product support. The other lists are for product improvement through false 
positive handling and malware sample submissions.

dp

On 3/11/16 12:57 AM, Groach wrote:
> Hello
>
> Ok, so I understand the process:
>
> 1,  If you have a false positive or you have a suspicious file you send it to 
> ClamAV via the website and wait a few days for them to process it.
> 2,  When they do process it (in theory) you get an email back saying something 
> to the effect of :
>
> "Dear ClamAV user,
>
> The following submissions have been processed and published:
> -
>
> See http://lists.clamav.net/pipermail/clamav-virusdb/2016-March/ "
>
>
> 3,  By its referenced inclusion, you then go to 
> http://lists.clamav.net/pipermail/clamav-virusdb/2016-March to see some 'details'
>
> But what is the point of this mailing list?
>
> Because it doesnt show anything meaningful within the individual postings:
>
> Example:
>
> Submission-ID: 14926518
> Sender: Virus Total
> Sender: VirScan.org
> Sender: Anonymous
> Sender: Paul McKnight
> Added: No
>
> (and a LOT of them).
>
> "Submission-ID" - what does that refer to?  It certainly isnt a anything that 
> I received back at time of submitting.  Completely ambiguous.
>
> "Sender" - ok, this I accept
>
> "Added" - what does that mean?  (In the experience of a recent submission of 
> mine I received an "Added=no" and I had submitted a False Positive report.  
> And most entries say "no").
>
> I thought the theory of this mailing list was to allow people to view their 
> (or any other) submissions with the details yet the details they give have no 
> use whatsoever beyond that of the 'Sender' ID and the header "ClamAV database 
> updated..." Date. (And even then the SenderId is no good if you have done 
> multiple submissions).
>
> And this is all pointless anyway as there is no longer any search facility any 
> more (I submitted a report and now must go through every entry individually, 
> doing a CTRL-F search, looking for the Sender id of interest(!), backwards, 
> and then backout, in to the next posting, and repeat again...and again....and 
> again...until I find one).
>
> Did anyone actually THINK about the point of publishing this list and whether 
> it has any use to anyone?
>
> I would like to see something more meaningful where:
>
> a, 'Submission ID' is a reference that is given to the user making the report 
> in the first place (currently the users dont get anything)
> b, 'Added' means something more meaningful that makes it clear whether a new 
> virus signature has been created, a false positive has been removed, or 
> whether the submission was just disregarded for some reason (making the reason 
> clear).
> c, Bring back a SEARCH facility so that a user can search for either a 
> signature definition (when it was added) or their recent submission (to see if 
> it has been processed yet).
>
>
> Take this as constructive feedback.  But if anyone can give an answer with 
> convincing reasons as to why this mailing list is of interest to any member of 
> public, and how they are expected to use it, then Im all ears
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml