Have you ever wanted to write your own anti-virus signatures, but didn't know where to start?

A new version of the Immunet anti-virus (a/v) solution is now available that lets end users write their own custom signatures while providing continuous cloud updates for new signatures. The Immunet 3.0 release is the first since Immunet was acquired by security vendor Sourcefire earlier this year for $21 million.

The Immunet 3.0 solution is the latest evolution of a product that was already being jointly developed by Immunet and Sourcefire prior to the acquisition. Originally known as ClamAV for Windows, the product used Sourcefire's open source ClamAV technology. The product has now been rebranded as Immunet 3.0 powered by ClamAV and more tightly integrates ClamAV into the solution for offline scanning.


One of the key benefits of the Immunet 3.0 release is the new cloud recall feature. While the Immunet solution has always offered cloud-based scanning, with Immunet 3.0 there are some new enhancements. Alfred Huger, vice president of development at Sourcefire, explained to InternetNews.com that cloud recall provides continuous file processing. So if a user encounters something that isn't in the Immunet cloud database when it is first scanned, but is then added to the cloud database at a later point, the system can retroactively quarantine any affected items.

"We constantly review all the data we have to constantly review if we've made the right decisions," Huger said. "We keep a map of everything you've ever asked us and then we reconsider every four to six hours as new information emerges. So at any given time you'll know as much about the threat landscape as we do."

Huger added that Immunet 3.0 also enables system rollback in the event that an erroneous update is made.

With the Immunet 3.0 release, there is now also offline scanning available to free users of the product. There is also a paid version of Immunet which offers support as well as rootkit scanning capabilities not included in the free version. Offline scanning had previously only been available to paid users.

As part of the integration of ClamAV, Immunet 3.0 enables users to write their own a/v signatures. Huger noted that the ability to write a/v signatures is important as new customized and targeted threats emerge.

As part of the Immunet 3.0 release there is a command line as well as a wizard which Huger noted will enable even average users to be able to write signatures. The core open source ClamAV technology now enables users to write their own a/v signatures with just the command line.

Moving forward, Immunet will be evolving under Sourcefire ownership with the addition of an enterprise product that is now being developed. The enterprise product will provide scalability and management features to the product. Huger noted that Immunet has traditionally been focused on the consumer market while Sourcefire has an enterprise focus.

"It's definitely our goal to move Immunet into the enterprise," Huger said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.