I don’t speak in behalf of Cisco anymore and I haven’t been there in nearly four years!
The signature system is extremely complex and anything in the chain of events can get separated and signatures may not publish. I don’t want to speak for them, but I know how hard they work and how automated some of the systems are, and I would be hard pressed to believe that the Talos folks don’t have anything to put out. I will say there is still the opportunity for anyone to become a “Detection Partner”: https://www.clamav.net/contact#partners This was a program that I established during my tenure, that allows signatures to be submitted to Cisco Talos for QA, certification, signing, and distribution. Submitters get full credit for their signatures, they will be signed, and the bandwidth and headache of distribution is off your shoulders. Plus everyone is using your detection. While the above program is for submission en masse, one off signatures can also be submitted: https://www.clamav.net/reports/signature As far as phishtank. I hope it comes back to life. I’d love to do something with it if I owned it. I know exactly what I would do, and have the bandwidth to do it. — Sent from my 📱iPhone > On Oct 5, 2025, at 09:06, Arnaud Jacques via clamav-users > <[email protected]> wrote: > > Hi, > >> Le 05/10/2025 à 14:09, Benny Pedersen via clamav-users a écrit : >> Arnaud Jacques via clamav-users skrev den 2025-10-05 13:19: >>> There is a lot of new (detected) malwares on our side : >>> https://www.securiteinfo.com/clamav-antivirus/published-updates/ >> any plan to make it as cld or cvd file ?, signed or not :=) >> hope to see freshclam do gnupg check on 3dr party dbs > > Why? > Our customers can choose the signature databases that interest them. > For example, securiteinfoandoid.hdb isn't of interest to a Windows file > server administrator. It's very useful for those who don't have a lot of RAM. > A cld or cvd file doesn't allow this. > Furthermore, signature verification by freshclam is only performed with the > latest version of freshclam. However, our customers often have (very) old > versions. > So we will implement this feature when the minimum version for downloading > our signatures is 1.5. That's several years from now. > >> i have no official sigs anymore, got nearly 1.5G more free ram on a low mem >> install of clamav >>> I don't know why ClamAV team publishes so few signatures every day. >>> When I was an official sigmaker, I published a ton of signatures every day. >>> Clamav team : do you have enough sigmakers/malware analyzers ? Do you need >>> help ? >> who cares of urls in phishtank ? > > We care of all phishing URLs. If you got mails with phishing URLs, please > send them to [email protected] > >> i still report phishes there, hope to find someway to make YARA rules from >> phishtank data, its just hard when api is not possible anymore, i got my >> phishtank account before bots maked it impossible, same happens to >> spamassassin bugzilla >> hope some can help me help others >> i will check my freshclam.conf if it needs updates > -- > Cordialement / Best regards, > > Arnaud Jacques > Gérant de SecuriteInfo.com > > Téléphone : +33-(0)3.60.47.09.81 > E-mail : [email protected] > Site web : https://www.securiteinfo.com > Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 > Twitter : @SecuriteInfoCom > Writing signatures for ClamAV antivirus since 2006 > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
