Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Re: Interest in training and certification for ClamAV?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


bperry.volatile at gmail

Mar 28, 2008, 8:22 AM

Post #1 of 5 (291 views)
Permalink
Re: Interest in training and certification for ClamAV?
On Fri, 2008-03-28 at 11:57 +0000, G.W. Haywood wrote:
> Hi there,
>
> On Fri, 28 Mar 2008 Mike Guiterman wrote:
>
> > ... Please provide your opinions on the three questions below.
> >
> > Would you attend an online ClamAV training course?
>
> Not if it cost money, and probably not even if it were free,
> although I'd definitely want to read the syllabus.
>


Agreed.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


dfs at roaringpenguin

Mar 28, 2008, 8:26 AM

Post #2 of 5 (282 views)
Permalink
Re: Interest in training and certification for ClamAV? [In reply to]
Brandon Perry wrote:

> Agreed.

I think ClamAV alone is too small and simple to build a whole course around.
If it were one component of a larger security course, it would be more
useful.

Regards,

David.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


rostetter at mail

Mar 28, 2008, 11:31 AM

Post #3 of 5 (277 views)
Permalink
Re: Interest in training and certification for ClamAV? [In reply to]
Quoting "David F. Skoll" <dfs [at] roaringpenguin>:

> I think ClamAV alone is too small and simple to build a whole course around.
> If it were one component of a larger security course, it would be more
> useful.

My first thought also. Though it might be tempting if it was expanded to
cover all the "common" bases:

* ClamAV (general)
* ClamAV (on Mac OS X)
* ClamAV (on Windows)
* ClamAV (on Unix/Linux)
* ClamAV-milter
* Writing and using your own signature databases
* Using freshclam with 3rd party signature databases
* Integrating ClamAV with common mail programs (sendmail milter, postfix,
MailScanner, exim, procmail, etc)
* Integrating ClamAV with web servers/proxies
* AntiVirus Best Practices
* Effective (good) and Ineffective (bad) AntiVirus policies, and how to
write/.implement/enforce them

and so on...

ClamAV is pretty simple in itself. But integrating it with the OS, with
Mail, with 3rd party signatures is more complicated. Writing your own
signatures even more so. So, like others, I would need to see what
the course would cover before I could say yes/no to the idea.

> Regards,
>
> David.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html


--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


Jason.Haar at trimble

Mar 28, 2008, 2:15 PM

Post #4 of 5 (283 views)
Permalink
Re: Interest in training and certification for ClamAV? [In reply to]
I don't know of any commercial AV product that offers training courses.
I thought AV is marketed as "set and forget"? Certainly no company I've
ever worked for has sent people on "AV training courses". And if they
did, it would be for Windows-based Enterprise solutions - central
consoles with auto-push of "always on" client scanners - a role ClamAV
does not cover (today).

ClamAV offers some advantages over commercial products (namely the
ability to write your own sigs), but that isn't enough cause to create a
course for. Good documentation should cover that.

Just my 2cents worth...

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


dennispe at inetnw

Mar 28, 2008, 2:38 PM

Post #5 of 5 (277 views)
Permalink
Re: Interest in training and certification for ClamAV? [In reply to]
Jason Haar wrote:
> I don't know of any commercial AV product that offers training courses.
> I thought AV is marketed as "set and forget"? Certainly no company I've
> ever worked for has sent people on "AV training courses". And if they
> did, it would be for Windows-based Enterprise solutions - central
> consoles with auto-push of "always on" client scanners - a role ClamAV
> does not cover (today).
>
> ClamAV offers some advantages over commercial products (namely the
> ability to write your own sigs), but that isn't enough cause to create a
> course for. Good documentation should cover that.
>
> Just my 2cents worth...
>
>
There are some circumstances that would benefit from best practices
coaching if not out right training. Among them: Local db mirror(s),
centralized and clustered av farms, integration with various mailers and
milters, user space scanning of file servers (Windows/Linux/Unix),
integration with proxy cache servers and ftp/http drop boxes, pattern
overrides (whitelisting), custom db files, scoring, libclamav coding,
reporting, compiling and packaging.

There are some good and some bad ways of writing patterns. Unanchored
patterns, for example, need to be handled with some care. I haven't dug
deep enough into it, but some patterns need go no further than the
subject line, for example, and I wonder if patterns can be anchored to
headers and envelop elements. Do I wonder enough to sign up for a class?
Probably not, but if it were still my responsibility to deal with this
at the enterprise level I'd more likely to be interested. But... I think
enterprises more and more are going to turn to postini/messagelabs and
appliances rather than pay somebody to duplicate effort that is
commercially available. This in fact is why I'm no longer doing
enterprise mail. It was outsourced (and I really don't miss it).

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.