Clamav signature generation

Tony Johansson tony.johansson at SVENSKAKYRKAN.SE
Thu Jan 29 18:38:00 GMT 2004


These are the times when antivirus companies had a virus definition for
Mydoom.A:
(I dont know how accurate they are, I got them from a source at F-Secure)

McAfee (BETA) 2004-01-26, 22:20
F-Secure (BETA) 2004-01-26, 22:36
Symantec (BETA) 2004-01-26, 23:00
F-Secure 2004-01-26, 23:09
F-Prot 2004-01-26, 23:30
Trend Micro 2004-01-26, 23:35
Norman 2004-01-27, 00:05
Kaspersky 2004-01-27, 00:30

At our site, Clamav found the first Mydoom.A at 2004-01-26 22:02, this time
beating all the above commercial scanners. Clamav obviously did great this
time, but on other occasions they have been far behind.

Is there a way to redirect a file thats been flagged as a virus by one or
more scanners but not by clamav? It could be put in a special quarantine or
submitted automaticly to http://www.nervous.it/~nervous/cgi-
bin/sendvirus.cgi


Clamav would have the power of all scanners supported by MailScanner,
possibly never being beaten by more than on or two commercial scanners...

One could argue that theres a moral dilemma here, using the output from one
scanner to benifit another but I've seen nothing prohibiting this in the
license agreements I've read.

regards, Tony



More information about the MailScanner mailing list