[clamav-users] clamav-virusdb mailing list - what is the use?
Joel Esler (jesler)
jesler at cisco.com
Fri Mar 11 18:12:53 UTC 2016
If it is not useful to you, then unsubscribe from it, best advice. It is for notification of updates to the ClamAV signature database.
As far as what those fields mean:
<snip>
Example:
Submission-ID: 14926518
Sender: Virus Total
Sender: VirScan.org<http://virscan.org>
Sender: Anonymous
Sender: Paul McKnight
Added: No
Submission-ID:
The number is an internal number that each sample it assigned. Meaningless to the outside world for the most part, unless you have a question about a particular malware file in that email, then you can ask, specifically using that number.
Sender: Who we have received the sample from. We have TONS of people and places where ClamAV receives malware samples from. Including your name, if you type it into ClamAV.net<http://clamav.net> (which is checked to be “anonymous” by default.
Added:
Did we add a new signature to cover this?
Added: No, means, the file that someone submitted is detected by another signature already, and this is a duplicate.
Added: Yes, means, net new detection.
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
More information about the clamav-users
mailing list