On Tuesday, March 15th, 2022 at 00:36, Micah Snyder (micasnyd) <micas...@cisco.com> wrote:
> Starting with our own new language would let us maintain do that but make it > easier for new analysts to train up on ClamAV. I don't see at all the advantage of using a different, less used language. I don't know many people looking forward to learn a new language that is quite specific to one software and used more or less nowhere else. One big reason I like to use ClamAV is that it's possible to add other sources of signatures. Lots of people use the sanesecurity ones. I add a lot of my own. I suppose there's a big amount of people who would love to add more (ie YARA) sources. Is the goal for KDL to replace all of the existing ClamAV formats? I guess the transition would be a whole lot of effort from a LOT of people. > What would be every more cool would be to be able to have an archive alert > because we found weak indicators in several of the contained files. I love the idea of weak indicators. But then, I'd like to have a more fine grained result in case of a hit. Something less binary but more something like a score. So that the amount of false positives could be more chosen. This would mean my paranoid customers could be as happy as the ones jumping to the roof at the first FP. Best regards, Laurent S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
