The next ClamAV® Users’ Webcast will be on Wed 4th March at 1800UTC: 10 AM PST, 1 PM EST, 6 PM GMT, 7 PM CEST. The talk, given by Alain Zidouemba of Sourcefire will be an introduction to writing ClamAV Signatures. The talk will cover about an hour. The talk will be technically advanced, and is aimed toward Systems Administrators and developers.

Abstract

ClamAV is an open source anti-virus toolkit for UNIX systems. The main purpose of this software (Read more...)

Some of you may have heard of a current major outbreak of a virus known as Downadup that has been reported at http://news.bbc.co.uk/1/hi/technology/7842013.stm and http://news.bbc.co.uk/1/hi/technology/7832652.stm. It has been estimated that move than 9 million PCs are infected across the world.

ClamAV detects Downadup, also known as Conficker, as Worm.Downadup. Once on a system it downloads components that ClamAV detects as members of the Trojan.Downloader- family of signatures.

The virus primarily exploits MS08-067; it can also spread through USB sticks. Since the virus is not spread by email we don’t expect to see much activity in our core user-base, which tends to use ClamAV to scan emails. We are, nevertheless, keeping an eye out for it through freshclam’s statistics gathering system – we are yet to see any obvious spike of activity from it. If we hear anything we’ll let you know.

Today, 27th January 2009, ClamAV’s signature team investigated and identified Trojan.Agent-70954, the 500,000th entry in its database. Well done to all the team for working so hard to produce a quality database.
From time to time we are asked to keep the size of the database down by trimming old signatures; but, as the statistics-gathering program has shown, old viruses never die. SomeFool (a.k.a Netsky) is still alive and kicking 5 years after the ClamAV team spotted the first variants! Today two variants of that virus are in the top 10 most active malware amongst our users that send us statistics.

Notifications of ClamAV signature updates are now available via our
Twitter feed at http://twitter.com/clamav. The notifications include information about the number of signatures added and the total number of signatures in the ClamAV database.
We hope to include other information on that feed later so please feel free to let us know (Read more...)

There is one new feature in this release. This feature allows ClamAV users optionally to submit statistics to us about what they detect in the field. We will then use this data to determine what types of Malware/Viruses are the most detected in the field and in what geographic area they are.
It closes the following bugs from http://bugs.clamav.net:

684,777, 828, 832, 954, 1046, 1085, 1092, (Read more...)