Tom Shaw wrote: > What I would like (and I think that others that submit malware files > to clamav.net would like) is for clamav.net to provide a method for > us to programmatically query to determine if either 1) the file has > already been determined by clamav to be not malicious or 2) you have > the file in your processing queue and don't need a second copy. This > would allow us to stop resending reports to you when you are already > on top of it and also allow us to remove them from our signature > files when they are added to the main clamav database (which we do > now) or when you have determined that the file is not malware. > I'd suggest doing what virustotal does - refer to previously uploaded files by their md5/sha1 checksums. They are independent of filename and much easier to check against programmatically.
-- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml