[clamav-users] ClamAV UnOfficial Database
Benny Pedersen
me at junc.eu
Fri May 5 10:14:48 UTC 2017
Joel Esler (jesler) skrev den 2017-05-05 01:39:
> We have some ideas here Benny, but nothing in the pipeline today.
+1, thats stable software :)
> If we incorporated SaneSecurity’s sigs (we need permission to do so
> from Steve), then we could ingest them, and de-dupe any hash-based
> sigs that we have that other types of sigs alert on (we do this today
> for our own internal sigs) The hash based sigs are a method for us to
> automatically get sigs out right now instead of later. As we all have
> other things we are doing.
why not just permit sig creatators to sign there own sigs ?, so it can
be used entirely as a freshclam update ?, why would that be bad ?
atleast if sig creators could sign sigs digitaly, it wont hurt to drop
bash updates that use gpg, i can make clu database files now, but still
not sign it, with imho is bad that this is not yet possible :(
the dedupe is appricated, and thats is a very good reason to make sigs
centraly, but that can be ensured in other ways imho
how to list pua catagorys ?, what about clam stats used as a sig
catagory change rule for sigs that are not in the wild, so if users not
using all catagorys will not load all sigs, but users that want to use
all sigs can do so ?
or it could be make another cvd called archived, with contains all sigs
that are considered very old and not usefull, not hitting in long time
doing nothing is not a problem for stable software, but it not makeing
it better even
lets hear Steve why he not just send sigs to sig creators maillists, i
know its a big work done even if he did not send it
More information about the clamav-users
mailing list