Bug #2674

[clamav] Virus signatures licensing

Anonymous - about 3 years ago - . Updated about 1 year ago.

% Done:



ClamAV is antivirus software and it uses virus signatures to detect malware. Most malicious software is non-free so there might be non-free signatures in the database.



Updated by Anonymous about 3 years ago

Should be Freedom issue, not Bug.


Updated by freemor about 3 years ago

IIUC virus signature are just small strings unique to the virus not who9le chuncks of code and thus considered too trivial to be copyrightable. Or it looks for heuristics. tries to create these files in this location, ergo most likely bad. Again not the actual code from the virus. Virus signatures aren't executed. They are a set of conditions to match against.


Updated by freemor about 3 years ago

  • Priority changed from bug to discussion

Updated by Zuss about 1 year ago

Here's the documentation relating to signatures:
They looks pretty non trivial to make and as freemor said, they're just conditions to be matched against.

You can verify yourself by unpacking the .cvd file clamav distributes with "sigtool -u main.cvd" which will then show all the files and signatures within them.

I don't think there's much of an issue and ClamAV should be able to stay in the repos

Also available in: Atom PDF