I seem to remember that the community signature program has aways welcomed all unofficial sig programs to join so that those sigs could be QC'd and de-duped. I think that is very generous and the only way that Cisco/ClamAV would be able to host those signatures in any official capacity. Few, if any such programs have agreed to participate, mostly due to the factors you mention.
What you are suggesting would likely result in an out-of-control situation for the ClamAV staff with uncontrolled duplication and additional work to resolve False Positives.
I'm not sure what you find unacceptable about the current script procedure that has been successfully used by a multitude of users for a very long time now. I recall having used it over a decade ago without too much effort, but found it didn't have much to add for Mac users and removed it after a short period.
But I can't speak for Joel and his team and I'm sure they will evaluate your suggestion and let you know shortly.
-Al-
Hi folks,Previously Joel Esler pointed out that ClamAV has a community signatureprogram and I pointed out that this isn't sufficient to replace theclamav-unofficial-sigs script that helps to download variousthird-party signatures and install them into the ClamAVsignatures directory.https://lists.debian.org/msgid-search/7691F66D-AC31-411E-98D6-6B53FE860208@cisco.comhttps://github.com/extremeshok/clamav-unofficial-sigsAs far as I can tell, these third-party signatures are never going tobe merged into the official ClamAV signature set, since some of themrequire an account and others are paid subscription services.I would really like to see clamav-unofficial-sigs be replaced with asimple configuration file for freshclam that adds the additionalthird-party signatures to the freshclam download process. The configfile could be shipped with freshclam itself but disabled by default.Is this something that ClamAV could support?-- bye,pabs