Been using CS for about a month and I'm getting used to it.
It hogs a whopping 50% easily on my oldish x61s, so it made me wonder if using console based, so maybe somewhat 'lighter' clamav would be a better choice than clamwin, since ClamWin GUI is not needed anyway?
Other question-request would be - why wouldn't CS have an option to update clamwin sig database? Running ClamTray just for it to run db updates seems somewhat redundant, could CS take up this task or provide a menu 'shortcut' to this task, since it's always running anyway, and save some system resources?
Anyway, thanks for CS.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for using Clam Sentinel. I am sure that developer Andrea Russo
will answer your question, but I want to take a crack at it first.
A strictly console application based on Clam AV would probably save
memory/code, but I think there would have to be some changes to the code
due to Clam AV being developed for Linux email scanners. The code would
have to accomodate the various versions of Windows, which would entail some
precious time/effort--and it would have to be continuing as new features
are developed by the Clam AV team. ClamWin was originally selected for the
Clam Sentinel scanner because it is widely used and already supported
various Windows versions. Memory usage is not such a big problem on the
newer Windows machines. Also, we hope that ClamWin will at some point
update to a modern version. There is not much that can be done, as Clam
Sentinel is a separate project written in Delphi, and ClamWin is written in
Python/C ++.
There is no option to update the ClamWin (Clam AV) database in Clam
Sentinel because it would duplicate the ClamWin update code. Just set
ClamWin to update hourly, and that should be fine. Clam Sentinel is a very
lean program since it uses the ClamWin scan code. Clam Sentinel was
originally set up to use only the ClamWin scanner, but it now has its own
heuristic scanner (system monitor) that is not dependent upon ClamWin and
the Clam AV signatures for identifying malware. The Clam
Sentinel heuristics will spot most Windows PE malware before signatures are
even developed by the Clam AV sigmakers, which can take a week or longer.
It appears that ClamWin is becoming a backup to Clam Sentinel!
Been using CS for about a month and I'm getting used to it.
It hogs a whopping 50% easily on my oldish x61s, so it made me wonder if
using console based, so maybe somewhat 'lighter' clamav would be a better
choice than clamwin, since ClamWin GUI is not needed anyway?
Other question-request would be - why wouldn't CS have an option to update
clamwin sig database? Running ClamTray just for it to run db updates seems
somewhat redundant, could CS take up this task or provide a menu 'shortcut'
to this task, since it's always running anyway, and save some system
resources?
Anyway, thanks for CS.
ClamSentinel don't uses ClamWin, uses only the ClamScan.exe that differs very little from the same program that it's released with ClamAv.
If you want to have an entry for to update the ClamWin signatures add this line in the ClamSentinel.ini file:
UpdateClamDB=1
With this option you can update the signatures manually (but not automatically).
Andrea Russo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Wow, thanks for all the infos. The .ini update key works really nicely.
In the .ini there was a key UseLocalIniFile=0. Is that same as "use .ini in program folder"?
PS. Something I noticed - does CS tag all UPX-packed executables as 'very suspicious'?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The UseLocalIniFile setting tells Clam Sentinel where its .ini
(configuration) file is located. Zero means it is located in the %appdata%
roaming folder. If it is set to 1, that means it is located in the local
(Clam Sentinel program) folder.
Clam Sentinel only detects a file as suspicious if it has a virus
profile--the packer/compressor used does not matter. Unfortunately, some
"good" files have such a profile. Clam Sentinel tries to allow for this by
looking for more than one profile in certain situations, but some "good"
files will still meet more than one virus profile.
Wow, thanks for all the infos. The .ini update key works really nicely.
In the .ini there was a key UseLocalIniFile=0. Is that same as "use .ini
in program folder"?
PS. Something I noticed - does CS tag all UPX-packed executables as 'very
suspicious'?
Been using CS for about a month and I'm getting used to it.
It hogs a whopping 50% easily on my oldish x61s, so it made me wonder if using console based, so maybe somewhat 'lighter' clamav would be a better choice than clamwin, since ClamWin GUI is not needed anyway?
Other question-request would be - why wouldn't CS have an option to update clamwin sig database? Running ClamTray just for it to run db updates seems somewhat redundant, could CS take up this task or provide a menu 'shortcut' to this task, since it's always running anyway, and save some system resources?
Anyway, thanks for CS.
Hello:
Thank you for using Clam Sentinel. I am sure that developer Andrea Russo
will answer your question, but I want to take a crack at it first.
A strictly console application based on Clam AV would probably save
There is no option to update the ClamWin (Clam AV) database in Clam
Sentinel because it would duplicate the ClamWin update code. Just set
ClamWin to update hourly, and that should be fine. Clam Sentinel is a very
lean program since it uses the ClamWin scan code. Clam Sentinel was
originally set up to use only the ClamWin scanner, but it now has its own
heuristic scanner (system monitor) that is not dependent upon ClamWin and
the Clam AV signatures for identifying malware. The Clam
Sentinel heuristics will spot most Windows PE malware before signatures are
even developed by the Clam AV sigmakers, which can take a week or longer.
It appears that ClamWin is becoming a backup to Clam Sentinel!
Regards,
On Thu, May 29, 2014 at 4:54 PM, goldencut goldencut@users.sf.net wrote:
ClamSentinel don't uses ClamWin, uses only the ClamScan.exe that differs very little from the same program that it's released with ClamAv.
If you want to have an entry for to update the ClamWin signatures add this line in the ClamSentinel.ini file:
UpdateClamDB=1
With this option you can update the signatures manually (but not automatically).
Andrea Russo
Wow, thanks for all the infos. The .ini update key works really nicely.
In the .ini there was a key UseLocalIniFile=0. Is that same as "use .ini in program folder"?
PS. Something I noticed - does CS tag all UPX-packed executables as 'very suspicious'?
The UseLocalIniFile setting tells Clam Sentinel where its .ini
(configuration) file is located. Zero means it is located in the %appdata%
roaming folder. If it is set to 1, that means it is located in the local
(Clam Sentinel program) folder.
Clam Sentinel only detects a file as suspicious if it has a virus
profile--the packer/compressor used does not matter. Unfortunately, some
"good" files have such a profile. Clam Sentinel tries to allow for this by
looking for more than one profile in certain situations, but some "good"
files will still meet more than one virus profile.
Regards,
On Tue, Jun 3, 2014 at 5:45 PM, goldencut goldencut@users.sf.net wrote: