Clam Sentinel Wiki
Brought to you by:
dynclient,
sentinelguy
Menu
▾
▴
Home
Clam sentinel is a program that detects file system changes and automatically scans the files added or modified using ClamWin. Require the installation of ClamWin. For Microsoft Windows 98/98SE/Me/2000/XP/Vista (tested) and Windows 7.
Project Members:
- Andrea Russo (admin)
- Robert Scroggins (admin)
Discussion
Where can I download the source code?
Hello:
Check the ClamWin FAQ link on the main web page for info regarding source
code download. You could also do a search on the ClamWin site for "source
code" "source code download" or something like that. If all else fails,
get in touch with Alch/Sherpya, ClamWin developers, and ask them via the
contact info on the main web page. If you come up with any improvements,
be sure to let them know about it so other users can benefit.
Thanks for being a ClamWin user!
Regards,
Bob Scroggins
On Mon, Nov 27, 2017 at 5:58 AM, Ubirajara Bandeira Jr <kokbira@users.sf.net
Sorry.. I thought you were asking about the ClamWin source code. You can
read about the Clam Sentinel source code by looking at the Code item in the
main menu. You had better hurry because Source Forge is soon making a
change--buy the end of November, I think.
Regards,
Robert Scroggins
On Mon, Nov 27, 2017 at 9:47 AM, Robert Scroggins sentinelguy@users.sf.net
wrote:
No, I am talking about ClamSentinel, not ClamWin.
ClamSentinel is so interesting because it makes ClamWin do a proactive
protection, but it would be improved to do more things and merged with
ClamWin to become a complete solution.
I would like to see the ClamSentinel code to see if I can contribute in
some way.
2017-11-28 12:59 GMT-03:00 Robert Scroggins sentinelguy@users.sf.net:
Hello:
If you will give me another email address, I will send you a 7-zip file of
the Clam Sentinel code.
Regards,
Robert Scroggins
On Tue, Dec 12, 2017 at 8:55 AM, Ubirajara Bandeira Jr <kokbira@users.sf.net
kokbira@gmail.com
2017-12-12 14:35 GMT-03:00 Robert Scroggins sentinelguy@users.sf.net:
Hello:
I have tried to sent you the files I have several times--as a 7zip file, a
tarball file, and a Gzip file, but both Gmail and Yahoo Mail treat them as
malicious and do not deliver them. Do you have a file repository somewhere
on the web that I can sent them to so that you can get them from there?
Regards,
Robert Scroggins
On Wed, Jan 17, 2018 at 10:17 AM, Ubirajara Bandeira Jr kokbira@users.sf.net wrote:
Hello Ubirajara,
I get the ClamSentinel source code through CVS:
Hello:
Very good!
The real-time (resident) module is the most important one. I do not think
it needs any change right now. The heuristics module needs some change
(add detection of PE file sections that have entropy of 95% or greater, add
heuristic detection of certain JavaScript files or certain JavaScript code
in html files). The heuristic scoring method needs to be improved. The
memory scan needs to be discarded--users can do a memory scan with ClamWin
if they want to, and the ClamWin scan is faster. The 120 default file
extensions for a ClamWin scan are too many--it needs to be changed to
accept the extensions that the user has already set up in ClamWin. These
are some of the suggestions I have.
Please let me know if I can help you further.
Regards,
Bob Scroggins
On Wed, Jan 24, 2018 at 6:44 PM, Eduardo Oliveira <jaysponsored@users.sf.net
This software is just what I was looking for - open source/privacy respecting/real time.
A few questions:
1) I have selected "Detect suspicious files only".
I have gotten on several occassions numerous notices about this:
"Modified Folder
Folder: C:\Users[me]\AppData\Local\Microsoft\Windows\UPPS\
File: UPPS.bin
[Time of day]"
I haven't been able to find out what this file is or why it is suspicious.
How do I verify it?
The popup warning on the lower right will say "Verify" or something like that, but there is no link to the file and I don't know what to do if I could find it.
I've also had multiple warnings also for:
"File with invalid PE format.
Please verify this suspicious file:
Folder: C:\Windows\CbsTemp\30739476_2946417796\Windows10.0-KB4494441-x64.cab\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.503_none_7e4a68b076309782\
File: gdiplus.dll"
"Please verify this suspicious file:..."
How?
Also how do I get the popup to not come out rapidly 15 times in a row?
I didn't see any "OK" or similar button to let it know that the message was received.
2) I've selected "Notify of new versions".
I get that message daily.
Does that mean it's a daily Database update of ClamWin, or a new build?
Thank you.
Hello Mark:
Thanks for using Clam Sentinel; however, you are about 5 years too late!
The project was discontinued in 2014. Developer Andrea Russo of Italy
abandoned it. I worked with him on the Clam Sentinel heuristics, and I
have been checking the web site now and then.
Clam Sentinel has its own heuristic detections to generically detect
Windows malware, and it also uses ClamWin and its signature database to
detect specific malware. The heuristics are for malware that existed from
2012 to 2014, and malware has changed a lot since then, so the heuristics
can not detect most of today's malware. I believe that ClamWin is about to
be discontinued by the developer. Furthermore, the ClamWin signatures are
not sufficient to provide good protection for Windows users--Clam Av gets
about 1,000 signatures each day, but more than 300,000 new malware variants
are released each day.
You need something better than ClamWin/Sentinel. I recommend the following
free antivirus programs: Microsoft's Windows Defender (Security Essentials
is the version for Windows 7 and older operating systems) or Fortinet's
Forticlient. Most other "free" AVs will attempt to make money from their
users in some manner unless you pay for them. If you want to pay for an
AV, I recommend Bitdefender or Kaspersky. I use Forticlient personally.
As for your questions, I will try to answer them here.
If you get a message from Clam Sentinel about a modified file, it could be
for many different reasons. Check the quarantine folder to see if it was
quarantined. If it was not quarantined (Verify message), don't worry about
it. If it was quarantined, the text file accompanying the quarantined file
will tell you the folder where it was originally located. The Sentinel
quarantine folder is the same as the ClamWin quarantine folder. It is
located at C:\ProgramData.clamwin\quarantine. You can check files out at
the Virus Total web site. If Clam AV is the only AV on Virus Total
detecting a file as infected, it is a false positive.You can whitelist
(exclude) a file in ClamWin if it is only detected by Clam AV on Virus
Total. You should whitelist a false positive detected file in Clam
Sentinel also, but stop Sentinel until you whitelist the file and restore
it.
The Verify messages are for files that are not quarantined--just warned
about. You are supposed to check the files on Virus Total as mentioned
above, but they are seldom infected, so don't worry about them.
I don't know of any way to stop the 15 times in a row verify messages other
than to disable Clam Sentinel heuristics. This will make Clam Sentinel use
only the ClamWin virus signatures--there will be no heuristic scan.
There will be no new versions of Clam Sentinel, so you can de-select that
notice.
Thanks for giving ClamWin/Clam Sentinel a try. Windows Defender or
Forticlient and the built-in Windows firewall will provide all the
protection you will need as a personal computer user. If you are a
business user, you have lots of choices. Keep Malwarebytes Free for an
occasional scan as well.
Regards,
Bob Scroggins (GuitarBob)
On Sun, May 19, 2019 at 1:28 PM Mark Miller rigidgrubby@users.sourceforge.net wrote: