christhomas Posted July 27, 2010 Report Share Posted July 27, 2010 I was just wondering whether ClamAV and Immunet have same the same cloud definitions Any ideas? Link to comment Share on other sites More sharing options...
alfred Posted July 27, 2010 Report Share Posted July 27, 2010 Yes, for now, until 3.0, they are identical. Link to comment Share on other sites More sharing options...
Guest orlando Posted July 28, 2010 Report Share Posted July 28, 2010 I think however that Immunet is better than Clamav, in its database there were many false positives. Orlando Link to comment Share on other sites More sharing options...
christhomas Posted July 28, 2010 Author Report Share Posted July 28, 2010 Thanks Al for this information I followed ClamAV in their Twitter account Every hour they are adding definitions Is it added to Immunet also? Regards Link to comment Share on other sites More sharing options...
grahamperrin Posted August 28, 2010 Report Share Posted August 28, 2010 Looking ahead, … ClamAV for Windows 3.0 … November of 2010 … custom ClamAV signatures, the standard ClamAV signatures, and 3rd Party signature … http://diigo.com/0cgxp for highlights from http://vrt-sourcefire.blogspot.com/2010/08/clamav-release-announcements.html Link to comment Share on other sites More sharing options...
alfred Posted August 28, 2010 Report Share Posted August 28, 2010 I think however that Immunet is better than Clamav, in its database there were many false positives. Orlando Yes. As long as the sig is not a generic (and generally the bulk are not) we keep up to sync. We share detections and files. al Link to comment Share on other sites More sharing options...
alfred Posted August 28, 2010 Report Share Posted August 28, 2010 Looking ahead, http://diigo.com/0cgxp for highlights from http://vrt-sourcefire.blogspot.com/2010/08/clamav-release-announcements.html Yep, I am very, very excited about that. There are other features planned as well. al Link to comment Share on other sites More sharing options...
grahamperrin Posted August 29, 2010 Report Share Posted August 29, 2010 At http://blog.immunet.com/blog/2010/3/7/how-immunet-detects-threats-in-a-nutshell.html : 3. … For each of these collected (and verified malicious files) we generate a signature. … We share detections and files. Please: are the new signatures that are generated by Immunet all added to the ClamAV Virus Databases? Or will some signatures be proprietary to Immunet? Link to comment Share on other sites More sharing options...
alfred Posted August 29, 2010 Report Share Posted August 29, 2010 At http://blog.immunet.com/blog/2010/3/7/how-immunet-detects-threats-in-a-nutshell.html : Please: are the new signatures that are generated by Immunet all added to the ClamAV Virus Databases? Or will some signatures be proprietary to Immunet? I am not sure I understand your question. Are you asking if we migrate our detections back to the Unix version of ClamAV's sig db? No, currently we do not. al Link to comment Share on other sites More sharing options...
Guest Tyler Dami Posted August 30, 2010 Report Share Posted August 30, 2010 I am not sure I understand your question. Are you asking if we migrate our detections back to the Unix version of ClamAV's sig db? No, currently we do not. al Al, Clam Av seams to think that you do... I'm confused http://www.clamav.net/index.php?s=upgrading&lang=en Does ClamAV for Windows detect the same things as ClamAV? A9. The short answer is ‘Yes’ it does. We continually updated Immunet’s database with our detected samples and false positives, and they do the same for us. This allows us to have detection ‘parity’, IE if ClamAV detects it so does ClamAV for Windows. Additionally, users of ClamAV for Windows will get the same virus and malware names they are use to getting in other ClamAV products. The long answer is that Immunet’s On Access (when you open, copy, etc a file) file monitor only deals with PE files in this initial version. This means that files like PDF’s or Documents that ClamAV would normally detect won’t be scanned by this initial version. In future version that include the ClamAV engine locally these types of parity issues will be resolved. Link to comment Share on other sites More sharing options...
grahamperrin Posted August 30, 2010 Report Share Posted August 30, 2010 I'm trying to reconcile just a few things: the relationship between TETRA and BitDefender — http://www.wilderssecurity.com/showpost.php?p=1724071 — http://www.wilderssecurity.com/showpost.php?p=1728792'>http://www.wilderssecurity.com/showpost.php?p=1728792'>http://www.wilderssecurity.com/showpost.php?p=1728792 … continually updated Immunet’s database with our detected samples and false positives, and they do the same for us. — http://www.clamav.net/lang/en/support/faq/faq-win32/ Immunet / ClamAV continue to to exhange definitions, which are included in the cloud engines — http://www.wilderssecurity.com/showpost.php?p=1728792 We process (create cloud definitions) for 17,500 files a day — http://blog.immunet.com/blog/2010/2/17/the-immunet-protect-ethos-engine-a-week-in-the-life.html I don't imagine Immunet Corporation adding 17,500 files definitions a day to ClamAV databases but I do wonder about the mutual benefits. Just curiosity. I'm primarily a user of Mac OS X (occasionally with CrossOver or another flavour of Wine), secondarily I look after a few Windows boxes, and amongst other things re: http://forum.immunet.com/index.php?/topic/139-mac-support/page__view__findpost__p__1649 I wonder: a) do any of the three current engines (ETHOS, SPERO, TETRA) make any use of signatures from ClamAV databases? does investment in Immunet Protect ultimately benefit other communities/products that use ClamAV databases? — if the answer is yes, then that would be (for me) a great incentive to purchase and recommend Immunet Protect. From http://www.wilderssecurity.com/showpost.php?p=1658729 and from http://www.wilderssecurity.com/showpost.php?p=1728792 I understand that ClamAV may eventually move in a different direction from Immunet Protect but for now, I'd like to put my money and my mouth in the direction of products that take the most co-operative approach. Link to comment Share on other sites More sharing options...
grahamperrin Posted August 30, 2010 Report Share Posted August 30, 2010 I don't imagine Immunet Corporation adding 17,500 definitions a day to ClamAV databases but I do wonder about the mutual benefits. … a) do any of the three current engines (ETHOS, SPERO, TETRA) make any use of signatures from ClamAV databases? does investment in Immunet Protect ultimately benefit other communities/products that use ClamAV databases? In the clamav.net area: A4. The current roadmap includes adding ClamAV 0.96.3 as an additional engine in the ClamAV for Windows 3.0 product. This product will be released in November 2010. This will allow end users to use the more than 750K signatures in the current ClamAV for Unix db … — http://www.clamav.net/lang/en/support/faq/faq-win32/ — a useful answer, and I can do some reading between the lines, but what's in between doesn't answer my question (a). Link to comment Share on other sites More sharing options...
alfred Posted August 30, 2010 Report Share Posted August 30, 2010 Al, Clam Av seams to think that you do... I'm confused http://www.clamav.net/index.php?s=upgrading&lang=en This means that files like PDF’s or Documents that ClamAV would normally detect won’t be scanned by this initial version. In future version that include the ClamAV engine locally these types of parity issues will be resolved. Tyler, it's on how you are reading it I think. Because our current version of Free only convicts PE files there will not be parity on the convictions. I would say it is *very* close but not precisely the same and it won't be until we ship the ClamAV for Windows 3.0 in the winter. Currently the Unix version is able to convict more formats than PE files. al Link to comment Share on other sites More sharing options...
alfred Posted August 30, 2010 Report Share Posted August 30, 2010 In the clamav.net area: — a useful answer, and I can do some reading between the lines, but what's in between doesn't answer my question (a). You ask if any of the current engines use ClamAV sigs. Yes, they do is the short answer. We base our detections off the same files though, not their signatures as such. As we both have different signature formats right now we do not make use of their straight sigs. Both ETHOS and SPERO make heavy use of files from the ClamAV community. al Link to comment Share on other sites More sharing options...
alfred Posted August 30, 2010 Report Share Posted August 30, 2010 does investment in Immunet Protect ultimately benefit other communities/products that use ClamAV databases? Hmm. Well, I suppose it does because it allows the Clam team to actually deliver a free Windows based product of their own which their community can use. Porting the libclamv engine to windows is not cheap and it has to be funded somehow. al Link to comment Share on other sites More sharing options...
grahamperrin Posted September 1, 2010 Report Share Posted September 1, 2010 Currently the Unix version is able to convict more formats than PE files. (OT: I guess that something similar might currently be said of ClamWin.) … allows the Clam team to actually deliver a free Windows based product of their own which their community can use. Porting the libclamv engine to windows is not cheap and it has to be funded somehow. That's a smart enough reason for me to put some £ or $ in the Immunet/ClamAV direction. Eventually some ripple effect, which I wouldn't want to quantify, for users on other platforms. … if we migrate our detections back to the Unix version of ClamAV's sig db? No, currently we do not. OK, that's the only bit that didn't immediately gel with the ClamAV line "continually updated Immunet’s database with our detected samples and false positives, and they do the same for us". It's an interpretation issue, wrongly assuming (sorry) that answer #9 implied signatures as well. I reckon the ClamAV for Windows page should add another Q&A pair re: the signature formats, along the lines of your answer … … if any of the current engines use ClamAV sigs. Yes … detections off the same files … different signature formats right now we do not make use of their straight sigs. … and eventually (not right now) give a hint of how the signatures situation may change as 3.x approaches. For now: the 2.x situation has become pretty much all clear to me. Many thanks! Link to comment Share on other sites More sharing options...
alfred Posted September 1, 2010 Report Share Posted September 1, 2010 … and eventually (not right now) give a hint of how the signatures situation may change as 3.x approaches. For now: the 2.x situation has become pretty much all clear to me. Many thanks! When 3.0 ships for ClamAV for Windows both our and their sig formats will be in play. The ClamAV team is shooting for November to get it done. Right now, that date looks good. al Link to comment Share on other sites More sharing options...
disi Posted September 23, 2010 Report Share Posted September 23, 2010 So this is the current client: http://www.immunet.com/plus/index.html that uses the ClamAV definitions, but doesn't report back yet and in November we get a free update? Link to comment Share on other sites More sharing options...
alfred Posted September 23, 2010 Report Share Posted September 23, 2010 So this is the current client: http://www.immunet.com/plus/index.html that uses the ClamAV definitions, but doesn't report back yet and in November we get a free update? OK, I am afraid I do not understand the question. Can you clarify for me a little? al Link to comment Share on other sites More sharing options...
disi Posted September 23, 2010 Report Share Posted September 23, 2010 OK, I am afraid I do not understand the question. Can you clarify for me a little? al sure Productname: ClamAV for Windows PLUS Antivirus That's the url I get if I click on the installed client to upgrade: http://store.sourcefire.com/plus/a/index.html Productname: Immunet Protect PLUS Antivirus And this is the link on the Immunet homepage: http://www.immunet.com/main/index3.html and there in products: http://www.immunet.com/plus/index.html Well, the screenshots are the same on Immunet, which I didn't notice before :/ So it's the same product and does support ClamAV for UNIX? Link to comment Share on other sites More sharing options...
alfred Posted September 23, 2010 Report Share Posted September 23, 2010 sure Productname: ClamAV for Windows PLUS Antivirus That's the url I get if I click on the installed client to upgrade: http://store.sourcefire.com/plus/a/index.html Productname: Immunet Protect PLUS Antivirus And this is the link on the Immunet homepage: http://www.immunet.com/main/index3.html and there in products: http://www.immunet.com/plus/index.html Well, the screenshots are the same on Immunet, which I didn't notice before :/ So it's the same product and does support ClamAV for UNIX? They are both the same product and all non-generic Clam detections are supported in it. In November or thereabouts we will also let you run a straight Clam engine to write your own signatures as well. al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.