Sourcefire and the ClamAV core team are committed to improving the quality of ClamAV, but we need your help. You can play a critical role in the ClamAV project by participating in the release candidate (RC) process.

While there have been many downloads of the RC version for 0.93, feedback and bug reports on the RC release were few and far between. As you are aware, very shortly after the release of 0.93 a number of bugs were discovered and reported. We believe that most of these bugs would have been discovered earlier with a more rigorous RC process.

With that in mind, we have written a questionnaire that we are asking you all to take part in. This questionnaire should take no more than 5 minutes of your time and it would be a tremendous help to the ClamAV development team. Greater participation in the RC process will help us to discover and fix bugs earlier, avoid unnecessary patch releases and add new features faster.

The questionnaire is available at https://www.surveymonkey.com/s.aspx?sm=50jD3TV0RLtgwzPAPP4kYg_3d_3d.
You may answer anonymously or, if you choose, you may include your contact information so that I may contact you to further discuss how to improve the RC process. Any contact information provided will be used only for this purpose and will not be shared with any organisation other than the ClamAV team.

Just to say thank you, everyone who completes the survey and provides their contact information will have a chance to win one of three US$50 shopping sprees at: http://www.cafepress.com/clamav. The draw will take place on 21st May 2008.

Thank you agreeing to fill in this questionnaire. Should you have any questions please feel free to email me at nigel dot horne at sourcefire dot com, or phone me on +44 1226 241048 (UK time).

Nigel Horne

Director ClamAV Product Management

Sourcefire, Inc.

SANS Technology Institute just published an interview with ClamAV project founder Tomasz Kojm.
The interview gives the reader an insight on the origin of the project, the vision that leads its development and the current situation in the malware arena.
A recommended read!

The number of samples processed, reviewed and published by our sigmaker team today reached one million. This is a great achievement for ClamAV and a sign of how our malware detection rate has greatly improved during the years.

Sourcefire has expanded eligibility for the $10,000 Snort Scholarship Program to include ClamAV users. If you’d like more information or to apply visit: http://www.sourcefire.com/products/snort/scholarship

Sourcefire is pleased to introduce a commercial support service for ClamAV. This new service is designed to satisfy the needs of businesses and government agencies that require commercial support be available for open source products in production environments.

Read the press release.

For more information on Certified ClamAV support visit: http://www.sourcefire.com/products/clamav/support

Come see Luca Gibelli of the ClamAV team will be presenting a talk on Security Governance. The talk is part of the 5th annual Net & System Security Convention. The Conference is scheduled for November 27th, at Pisa’s Palazzo dei Congressi. A brief summary of Luca’s talk is below:

Security Governance: A Systematic Approach to Threat Management
Confidentiality, integrity and availability of information should be recognized as a critical business issue rather than the sole domain of IT. In today’s threat environment effective network security is an important part of ITs ability to support the business. IT security governance helps to make sure that the business priorities and opportunities of the company are aligned with the services offered by IT, including security projects. Turn-key solutions that cover both technical and management issues related to information security are available to facilitate a comprehensive network security program. This integrated approach is more effective when compared to occasional network audits, which often fail to account for systemic issues responsible for security weaknesses.

You may also want to see a talk by Georg Wicherski about the Nepenthes Platform: Automated Botnet Detection and Mitigation. A summary of Georg’s talk is below.

Automated Botnet Detection and Mitigation
With the Nepenthes Platform, we are able to collect malware autonomously. Centrally collecting this malware over months yielded to a vast, unmanagable, giant heap of binary data.
We show, how we managed to eventually do something useful with this data, by extracting different information using – sandboxing – recording of attacker information – botnet monitoring and introduce the functionality of the tools, we developed for these means.

The conference is free of charge, however pre-registration is strongly encouraged.

For more information on the conference visit: http://www.atsystemgroup.org/convegni/nss07/

Your last chance to vote for ClamAV as the best anti-malware solution in
the 2008 SC Magazine Readers Trust Awards
Voting ends 02 November 2007

Visit http://www.scmagazine.com/us/awards/categories/26137/best-anti-malware-solution/

In its blog at http://www.avertlabs.com/research/blog/index.php/2007/08/12/what-a-tangled-web
McAfee has been receiving inquiries from its users over the results of the Untangle test.

The “Fight Club” test at LinuxWorld was not only a test of AV products. McAfee has missed a point here: the test also demonstrated that AV tests rarely publish their methodology. A test that lacks open review of the methodology used and that as a result shows any vendor in a positive light can’t be considered objective.

The “Fight Club” test is the only test, that we are aware of, to fully publish its methodology. Vendors that don’t fare well in tests that can be scrutinised are happy to make claims based on tests conducted behind closed doors that lack published methodology and success criteria because those tests cannot be questioned.

While the methodology in this test has been debated, we believe that all tests should be as open to review as the Untangle test was!

With the release of ClamAV 0.91.2 we introduce the option to scan for Potentially Unwanted Applications. The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context.
As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is
authorized to do so. However, the same tool can be used to steal passwords from a system.

To make use of the PUA database you can use the ”—detect-pua” switch for clamscan or enable it in the config file for clamd.

At this point we DON’T recommend using it in production environments, because the detection may be too agressive and lead to false positives. In one of the next releases we will provide additional features for fine-tuning allowing better adjustments to different setups.

On August 17th, Sourcefire, the creators of Snort, acquired the ClamAV project. The full announcement is available here . We’ve also created a short FAQ that we hope will answer any questions you have.