This bug affects our ability to distribute complex signatures (e.g. logical signatures) with incremental updates.

So far we haven’t released any signatures which exceed this limit.
Before we do we want as many users as possible to upgrade to the latest version of ClamAV.

Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year.

This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors.

We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.

We recommend that you always run the latest version of ClamAV to get optimal protection, reliability and performance.

Thanks for your cooperation!

It’s now time to select the winner among the 10 finalists in each category.
Head over to Sourceforge website and cast your vote! Our project is listed under the Best tool for sysadmin category:

Vote for us!

We prepared a video message for all of you, to say thanks for everything you did to make this project grow: be it submit a malware sample, report a false positive, open a bug report, edit the wiki, or answer a message on our mailing-lists:

[Share it on Facebook]

Let us know if you enjoy the video :) maybe we’ll try to make more in the future.

More information on Sourceforge Community Choice Awards 2009 is available at http://sf.net/cca .

June 24 – 2:00pm
“ClamAV Basics, Common Usage, Tips & Tricks”

The presentation will provide a broad introduction to Clam AntiVirus, its main features and advantages. Tomasz will focus his remarks on the following aspects of ClamAV:
Software design and core components (libclamav, clamd, clamscan, clamdscan, freshclam);
Installation
Virus detection techniques
Detection of Phishing and Potentially Unwanted Applications
Clamscan, clamd & clamdscan in practice
Configuration tips and best practices
Troubleshooting

June 26 – 2:00pm
“Introduction to the ClamAV Engine and Signatures.”

The presentation, aimed toward System Administrators and advanced users, will be an introduction to ClamAV internals. Tomasz will discuss how the scan engine works and how to create various types of signatures, including phishing and logical signatures. Although the official virus databases are released on a regular basis by ClamAV Researchers, the ability to use in-house or 3rd party developed signatures makes the system highly flexible. Tomasz will also discuss the basic API and how it can be used to perform file scanning.

Register: http://www.dojosec.com/?page_id=37
Directions: http://www.capitol-college.edu/visit-campus/directions-campus

Abstract

About Alain Zidouemba

Alain Zidouemba was born in Ouagadougou, Burkina Faso. He studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the US. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol as a Spyware researcher. He later joined Computer Associates to work on intrusion prevention and behavioral malware analysis. Alain recently became part of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.

Abstract

ClamAV is an open source anti-virus toolkit for UNIX systems. The main purpose of this software lies in the integration with mail servers enabling mail attachment scanning before the end user receives a virus. As with other anti-virus software, the engine for ClamAV has pattern matching technology at its heart. Updates to the malware signatures are released on a regular basis by ClamAV Researchers.
However, what if no signatures are available to detect a given piece of malware, or if updates are not coming fast enough? Fortunately, ClamAV signatures are “open” and this enables the administrators to fill in the gap for themselves. This presentation covers the methods behind creating effective malware signatures for ClamAV and introduces the new malware “logical signature” format that makes it even easier to write custom detections.
The event will finish with a Q&A session of about 15 minutes.

About the Presenter

Alain Zidouemba studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the United States. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol, Inc. as a Spyware Researcher. He later joined Computer Associates to work on intrusion prevention and behavioural malware analysis. Alain is a member of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.

How to Hear The Presentation

To register for this webinar please visit https://sourcefire.webex.com/sourcefire/onstage/g.php?d=798010302&t=a.
After you have registered you will receive an email that will contain the instructions on how to listen to the webinar. For most people the procedure is to visit a URL, which will be given, enter in an password (the event password is clamav) and then either listen on the your computer’s speakers, or dial-in to listen over the telephone. The interface you get on the PC will be the same whichever audio method you choose.
The phone numbers for the U.S. and Canada are 866-469-3239 (free), 1-650-429-3300 (charged). To see the worldwide call-in numbers please visit https://sourcefire.webex.com/sourcefire/globalcallin.php?serviceType=EC&ED=111325642&tollFree=1.
To find out about the toll-free dialling restrictions: http://www.webex.com/pdf/tollfree_restrictions.pdf.
The session will be archived and available later from www.clamav.net.