We've completely rewritten the submission process as a result of feedback from the list. It should be functioning fine now.
As far as a "plan" for addressing Dridex. We have a lot of things in the works now that we have a completely new signature system, giving us capabilities that we did not have before. But we'll need to take a couple steps, IMO, to tidy up the community first. One step needs to be to EOL 0.97.x releases (as we should have done when we released 0.99, as per our EOL plan). As those older versions don't accept certain types of signatures. -- Joel Esler Manager, Talos Group Sent from my iPad On Mar 25, 2016, at 9:08 PM, Gene Heskett <ghesk...@wdtv.com<mailto:ghesk...@wdtv.com>> wrote: On Friday 25 March 2016 17:12:06 Groach wrote: ClamAV signatures have never caught a dridex variant for me (and they have been around a long time). You need to head to over to Sane Security and start using their definitions - they have perfect Zero-hour detections for Dridex (and other Macroware viruses). You wont be disappointed any more. I've tried to submit some of those too, but the sub mission page does NOT like me, so it never lets me get past square one. I have fussed once, maybe twice on this list but no msg indicates that has been fixed so I gave up. Is it fixed to accept new stuff now? On 25/03/2016 22:06, C.D. Cochrane wrote: Hi, I receive a Locky-ransomware variant almost every day as an email attachment. So far ClamAV has failed to detect it. Each file has had a unique signature. Does ClamAV have a detection plan and/or work in progress that will start to detect future variants of this? thanks, Chris _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
