The next ClamAV® Users’ Webcast will be on Wed 4th March at 1800UTC: 10 AM PST, 1 PM EST, 6 PM GMT, 7 PM CEST. The talk, given by Alain Zidouemba of Sourcefire will be an introduction to writing ClamAV Signatures. The talk will cover about an hour. The talk will be technically advanced, and is aimed toward Systems Administrators and developers.

Abstract

ClamAV is an open source anti-virus toolkit for UNIX systems. The main purpose of this software lies in the integration with mail servers enabling mail attachment scanning before the end user receives a virus. As with other anti-virus software, the engine for ClamAV has pattern matching technology at its heart. Updates to the malware signatures are released on a regular basis by ClamAV Researchers.
However, what if no signatures are available to detect a given piece of malware, or if updates are not coming fast enough? Fortunately, ClamAV signatures are “open” and this enables the administrators to fill in the gap for themselves. This presentation covers the methods behind creating effective malware signatures for ClamAV and introduces the new malware “logical signature” format that makes it even easier to write custom detections.
The event will finish with a Q&A session of about 15 minutes.

About the Presenter

Alain Zidouemba studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the United States. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol, Inc. as a Spyware Researcher. He later joined Computer Associates to work on intrusion prevention and behavioural malware analysis. Alain is a member of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.

How to Hear The Presentation

To register for this webinar please visit https://sourcefire.webex.com/sourcefire/onstage/g.php?d=798010302&t=a.
After you have registered you will receive an email that will contain the instructions on how to listen to the webinar. For most people the procedure is to visit a URL, which will be given, enter in an password (the event password is clamav) and then either listen on the your computer’s speakers, or dial-in to listen over the telephone. The interface you get on the PC will be the same whichever audio method you choose.
The phone numbers for the U.S. and Canada are 866-469-3239 (free), 1-650-429-3300 (charged). To see the worldwide call-in numbers please visit https://sourcefire.webex.com/sourcefire/globalcallin.php?serviceType=EC&ED=111325642&tollFree=1.
To find out about the toll-free dialling restrictions: http://www.webex.com/pdf/tollfree_restrictions.pdf.
The session will be archived and available later from www.clamav.net.