Clam Sentinel / Feature Requests / #13 Disable suspicious origin

#13 Disable suspicious origin

Milestone: Next Release (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2014-05-10

Created: 2014-03-20

Creator: Transferring Account

Private: No

Disable suspicious origin

Robert Scroggins - 2014-03-21

I am sure that Clam Sentinel developer Andrea Russo will also see your
request, and below is just my opinion only, although I am a bit familiar
with Clam Sentinel heuristics.

The suspicious origin detection is designed to detect files that are not
properly documented to the Windows operating system. Many malware files
are not properly documented. Unforutunately, many dll files (and
occasionally other files) are also not properly documented to the Windows
operating system, and they should be. The developers may be lazy, do not
care about proper documentation, or do not even know about it. All they
care about is using the dll file to install/operate their program. It is
difficult to tell the difference between such developer files and malware
files. Because of this, Clam Sentinel tries to make allowances and does
not quarantine such files unless they also have other malware
characteristics, unless they are Windows system files.

If an AV has no false positives, it will also not have many positive
detections. Perhaps in the future Andrea Russo will take another look at
suspicious dll files, but I think the best thing for you to to do at this
point is to whitelist such suspicious origin files (or whtelist their
folder if this often occurs in the same folder).

Thank you for using Clam Sentinel.

Regards,

Robert Scroggins

On Wed, Mar 19, 2014 at 8:59 PM, Timberwolf Programmers twprogrammers@users.sf.net wrote:

[feature-requests:#13]
http://sourceforge.net/p/clamsentinel/feature-requests/13/ Disable
suspicious origin*

Status: open
Group: Next Release (example)
Created: Thu Mar 20, 2014 01:59 AM UTC by Timberwolf Programmers
Last Updated: Thu Mar 20, 2014 01:59 AM UTC
Owner: nobody

Disable suspicious origin

Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/clamsentinel/feature-requests/13/

To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/

Related

Feature Requests: #13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Transferring Account - 2014-03-27

My problem is that all MSI installers have their files quarintined, that is if I have quarintine set, for suspicious origin, even Microsoft's. And any download gets it, the download could be anything from an image to a simple text file let alone an exe. I am a programmer and when I build something, it gives it the same status. I think it would be better if it scans anything with supicious origin, rather than auto-assume that it's infected.

Sincerely,
Patrick Thomas (Timberwolf)
Timberwolf Programmers Owner & Founder

Last edit: Transferring Account 2014-03-27

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Transferring Account - 2014-05-10

Anything? Updates? Something?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Disable suspicious origin

Group

Searches

Help

#13 Disable suspicious origin

Related

Discussion

Disable suspicious origin

Related