ClamAV Users —
Please take a look at the newest OpenSource project from Cisco Talos, entirely released towards the ClamAV audience, the BASS Automated Signature Synthesizer.
A short preview to the blog post linked above, is the following:
BASS (pronounced “bæs”) is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters. It is meant to reduce resource usage of ClamAV by producing more pattern-based signatures as opposed to hash-based signatures, and to alleviate the workload of analysts who write pattern-based signatures. The framework is easily scalable thanks to Docker.
Please note that this framework is still considered in the Alpha stage and as a result, it will have some rough edges. As this tool is open source and actively maintained by us, we gladly welcome any feedback from the community on improving the functionality of BASS. You can find source code for BASS here:
Please check out our project, check it out, play with it, use it, and help us improve it.