Activity for Robert Scroggins
-
Robert Scroggins posted a comment on discussion Open Discussion
Thanks! That old post brought back some memories. Good luck with Xylent. I'll check it out. Keep it as simple as you can. Regards, Robert Scroggins On Sat, Apr 27, 2024, 5:46 AM Emirhan Uçan hydradragonav@users.sourceforge.net wrote: Goodbye ClamSentiel long live Xylent! Goodbye To Clam Sentinel! https://sourceforge.net/p/clamsentinel/discussion/976132/thread/7f3a2f19/?limit=25&page=1#b25d Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/clamsentinel/discussion/976132/...
-
Hello Lukas: Here I am. I relocated my signon information for Clam Sentinel forum. Good that you are able to do something with Python For the Sentinel heuristics, the main one was the calculation of the entropy of a file. Entropy is the measurement of the "randomness" of a file. A file that is heavily obfuscated with other software will be very random, while a file that performs legitimate useful activities will be direct and to the point, not showing much entropy. Maximum entropy is 7.0. We set...
-
I get gmail all the time with no problem. If you are sending from a server, perhaps Google is blocking your server. I personally only block a handful of commercial spammers, but I do automatically delete lots of subjects/words used by spammers though. I don't use anything but gmail for communication, and I also don't use any social media websites. Regards, Robert On Thu, Aug 31, 2023 at 10:06 AM Lukas ksexvedd@users.sourceforge.net wrote: Robert, the problem is I can't email you. I got a return from...
-
Hello Lukas: I think that is it. Andrea told me it was undocumented. but maybe he decided to document it. Early on, he also had an option to only use the Clam A V daily signatures so that scans would be faster, but he only used it for a month or so. Regards, Robert On Thu, Aug 31, 2023, 9:15 AM Lukas ksexvedd@users.sourceforge.net wrote: I don't know if you mean the Clam Senintel.conf file in %appdata% which has a section Path = 3 - all on 2 - sentinel portable 1 - heu only Goodbye To Clam Sentinel!...
-
Hello Lukas: Email is fine with me. I didn't realize messages on the Clam Sentinel forum took so long. I never check the forums now. I also didn't realize the Sentinel code was so small. I guess that is why Andrea used delphi. Regards, Robert On Thu, Aug 31, 2023, 9:17 AM Lukas ksexvedd@users.sourceforge.net wrote: The sentinental source code is only 3Mb, and 500kb when compressed. Believe me, I could telegram it to you haha. I will email you future messages so as not to clutter the forum or if you...
-
Hello Lukas: My email address is rscrogg@gmail.com for source code and future email. There may be a limit on size for attachments. I hope you can do something on CS. I have been thinking of taking a look at Python. Regards, Robert Scroggins On Thu, Aug 31, 2023 at 8:39 AM Lukas ksexvedd@users.sourceforge.net wrote: Hi robert. I wish you had received my message two weeks ago. It seems to show me that it is waiting for moderator verification. Coming back, I'd be happy to send you the source code. Tell...
-
Hello Lukas: I have looked, and I can not find the information I had on that undocumented CS option to use ClamWin or Clam Sentinel or both for Sentinel scanning. I got a new computer about 6 months ago, and I think the information was on it. I may have also put something about it on the ClamWin forums or on the Clam Sentinel web site. The Clam Sentinel configuration file may have something about a scanning opton. Seems like the default for both CS and CW was 0 (zero), and there were options for...
-
Hello Lukas: Yes, I would like the source code, if it is not too much trouble. I know that there is an undocumented CS option to use either ClamWin or Sentinel's heuristics or both, and the default is set to both. I will check my CS notes and get back to you later today. Do you think anything could be done with ClamWin from Python--maybe a GUI with some additional functionality? Regards, Robert Scroggins On Wed, Aug 30, 2023, 12:48 PM Lukas ksexvedd@users.sourceforge.net wrote: Hi robert. I don't...
-
Hello Lukas: Andrea just used ClamWin for scanning. I always assumed he used a permanent cache for both signatures and any custom user file extensions. I use Lenox Mint mostly, so any Windows viruses are no problem. There are still not many Lennox viruses, and they are mainly for servers. I scan daily with Clam AV. When I helped him develop the heuristics, the heuristic scan was much faster because we looked for a small number of file attributes, not thousands of signatures. He told me that he had...
-
Hello Lukas: To shorten my previous email, using permanent caches for the virus signatures and extensions to scan will speed up ClamWin. Just dropping the code in ClamWin to delete the caches when a scan quits may work--I'm not sure. You would lose the caches though when the computer is turned off, and the first scan after turning it on again would be slow. I don't know what to do about heavy resource use though. Someone once said to make ClamWin a Windows service to fix this. There are some posts...
-
Hello Lukus: Andrea is a professional programmer who works for a university near Venice. He wrote Clam Sentinel in a few days while commuting on the train into Venice. ClamWin is mostly Clam AV with a GUI and some accommodations for running on Windows, Clam Sentinel is mostly ClamWin with permanent caches for the virus signatures and extensions to scan instead of dropping them after scanning. Andrea told me that Alch could use the Sentinel code to make ClamWin better, but, as I said, Alch isn't a...
-
ClamWin was actually started in 2006, I believe. There was someone else working with Alch then who did some programming, but they basically made the Clam AV code able to run in Windows and added a GUI to it. He was there for about 2 years. Alch is good at putting things together, but he doesn't seem to be a programmer. Any time ClamWin needs some substantial programming, he has gotten or tried to get a qualified programmer. I started using ClamWin when the AVs started dropping support for Win 98....
-
Hello Lukas: Thanks for being a loyal user. I used Clamwin from July 1998 until about 2 years ago and Sentinel from 2012 until 2017. I still have ClamWin on my Windows computer but don't use it, relying upon MS Defender instead. I use Linux Mint more than Windows now. I have been unable to get on the ClamWin forum for a while. Alch may have dropped me from it due to my posts. He is not really an antivirus person, and I am hardcore AV. Regards, Robert Scroggins On Fri, Aug 11, 2023, 9:41 AM Lukas...
-
Both ClamWin and Clam Sentinel have outlived their usefulness. They have not really had much improvement in years. Andrea Russo and I quit the Clam Sentinel project in 2012. The viruses did not quit, and they have been improved greatly. Clam Win is on its last legs. Developer Alch has only passed through a few very basic improvements made by the Clam AV project, which is still active and has also been greatly improved. He has not passed any Clam AV code through to the ClamWin code in over a year....
-
Robert Scroggins 12:05 PM (1 hour ago) to me Hello: There will be no more changes to Clam Sentinel. It is dead! ClamWin is also nearly dead too! It's time to move on to another AV that provides better protection than ClamSentinel/ClamWin. For free AVs, I recommend Windows Defender, Fortinet's Forticlient, or Kaspersky's free version. For paid AVs, I recommend Emsisoft, Kaspersky, or Bitdefender. Clam Sentinel was discontinued in 2014, and Andrea Russo has no further desire to work on it. The ClamWin...
-
Hello: Clam Sentinel uses ClamWin to scan with the ClamWin signatures, but before the ClamWin scan, Sentinel performs a heuristic scan with its own engine. The heuristic scan is very fast and does not depend upon ClamWin signatures. The heuristics look at Shannon entropy, the PE file header, file size, file location and several characteristics of malware that was being used during 2013-2014. Malware has changed since 2014, however. Most of it is very professional now, and it uses infection techniques/methods...
-
Hello: Clam Sentinel was discontinued back in 2014. There has been no further development since then, and as far as I know, there will be no more development. Clam Sentinel is unable to detect most of the malware since 2014. You should use another real-time antivirus. Further development of ClamWin is also in doubt. The main developer, Alch, has been unable/unwilling to prepare program updates since 2018 for over a year now. Regards, Robert Scroggins On Sat, Oct 12, 2019 at 4:03 AM dma dmasc@users.sourceforge.net...
-
Hello Mark: Thanks for using Clam Sentinel; however, you are about 5 years too late! The project was discontinued in 2014. Developer Andrea Russo of Italy abandoned it. I worked with him on the Clam Sentinel heuristics, and I have been checking the web site now and then. Clam Sentinel has its own heuristic detections to generically detect Windows malware, and it also uses ClamWin and its signature database to detect specific malware. The heuristics are for malware that existed from 2012 to 2014,...
-
Hello: Very good! The real-time (resident) module is the most important one. I do not think it needs any change right now. The heuristics module needs some change (add detection of PE file sections that have entropy of 95% or greater, add heuristic detection of certain JavaScript files or certain JavaScript code in html files). The heuristic scoring method needs to be improved. The memory scan needs to be discarded--users can do a memory scan with ClamWin if they want to, and the ClamWin scan is...
-
Hello: I have tried to sent you the files I have several times--as a 7zip file, a tarball file, and a Gzip file, but both Gmail and Yahoo Mail treat them as malicious and do not deliver them. Do you have a file repository somewhere on the web that I can sent them to so that you can get them from there? Regards, Robert Scroggins On Wed, Jan 17, 2018 at 10:17 AM, Ubirajara Bandeira Jr kokbira@users.sf.net wrote: kokbira@gmail.com 2017-12-12 14:35 GMT-03:00 Robert Scroggins sentinelguy@users.sf.net:...
-
Hello: If you will give me another email address, I will send you a 7-zip file of the Clam Sentinel code. Regards, Robert Scroggins On Tue, Dec 12, 2017 at 8:55 AM, Ubirajara Bandeira Jr <kokbira@users.sf.net wrote: No, I am talking about ClamSentinel, not ClamWin. ClamSentinel is so interesting because it makes ClamWin do a proactive protection, but it would be improved to do more things and merged with ClamWin to become a complete solution. I would like to see the ClamSentinel code to see if I...
-
Sorry.. I thought you were asking about the ClamWin source code. You can read about the Clam Sentinel source code by looking at the Code item in the main menu. You had better hurry because Source Forge is soon making a change--buy the end of November, I think. Regards, Robert Scroggins On Mon, Nov 27, 2017 at 9:47 AM, Robert Scroggins sentinelguy@users.sf.net wrote: Hello: Check the ClamWin FAQ link on the main web page for info regarding source code download. You could also do a search on the ClamWin...
-
Hello: Check the ClamWin FAQ link on the main web page for info regarding source code download. You could also do a search on the ClamWin site for "source code" "source code download" or something like that. If all else fails, get in touch with Alch/Sherpya, ClamWin developers, and ask them via the contact info on the main web page. If you come up with any improvements, be sure to let them know about it so other users can benefit. Thanks for being a ClamWin user! Regards, Bob Scroggins On Mon, Nov...
-
It is time to let Clam Sentinel go. It was written in 2012 when executable Windows malware was the predominant type of malware, but executable malware has changed, and Clam Sentinel can not detect much of the the current Windows executable malware. In 2017 the majority of malware is javascript malware, which Clam Sentinel can not detect either. Clam Sentinel therefore has to rely mostly upon ClamWin's malware signatures, which are developed by the Clam AV project. Clam AV does not currently produce...
-
Clam Sentinel no longer works on Windows 10 computers. Also, its heuristics are designed to detect malware that is in executable Windows PE files, but most malware now initially uses script files--like javascript, power shell, and command script, so it no longer provides good real-time protecton. Finally, with the developer gone (Andrea Russo), we can not provide adeqiuate user support. I recommend you use another antivirus. Regards, Robert Scroggins On Sun, Oct 8, 2017 at 11:09 PM, mabra manfbraun@users.sf.net...
-
Here Is How To Protect Yourself From 90% Of Computer Viruses Keep Windows updated--use automatic updates. Keep important software Updated--Office software and web-facing software like PDF/chat/etc.). Run a real-time AV scanner that updates often (use ClamWin/Sentinel for 2nd opinion scans). Backup important files (documents/photos/music/data) a couple of times each month on USB. Verify links by hovering your mouse over them to see if it agrees to the written link. Do not download unknown files--ask...
-
Hello: The downloaded .exe file from the Clam Sentinel web site has everything you need to install Clam Sentinel. However, ClamWin must be installed before Clam Sentinel can be properly installed. I would not recommend you install Clam Sentinel on a Windows 10 machine. I have tried it on my wife's Win 10 computer and it works okay with just an occasional program exit, but Windows 10 has much better security already with the Windows Defender default antivirus. You do not need Clam Sentinel. If you...
-
There was a widespread notice of new ransomware on May 12 that took advantage of a vulnerability in Windows computers. The vulnerability had been patched a month ago by Microsoft. Thousands of unpatched computers were infected. The ransomware spread rapidly like a worm by taking advantage of the vulnerability on unpatched computers and older computers (like Windows XP) for which Microsoft stopped patching some time ago. The malware scans a computer and if it is vulnerable, it contacts a certain web...
-
Ransomware Update It appears that in 2017 the smart ransomware authors plan to attack...
-
No antivirus can detect 100% of all malware--even if does detect it on a test. You...
-
2017 Security Is Up To Us! The weakest link in the security chain is, and always...
-
Detection and remediation of malware are equally important. Detection can prevent...
-
Exploits kits consist of malware that takes advantage of vulnerabilities in popular...
-
Malware has now gotten to the point that it is an epidemic. However, it still primarily...
-
Hello: I am using Forticlient on my home computer, so I don't have any problems like...
-
Hello: Yes, the Clam Sentinel Project has been discontinued as of around July 2014....
-
There is no one available to do any further work on Clam Sentinel. The ClamWin people...
-
Even though so-called "fileless" malware itself is not in a traditional file, it...
-
HOW TO BE SAFE ON THE WORLD WIDE WEB Scan all files downloaded (whether from email...
-
I don't see any problem with Clam Sentinel, so I don't think I can help you. Regards,...
-
In addition to ransomware, Malvertising is another type of rampant malware. Malvertising,...
-
Ransom viruses are the hottest malware right now, and it looks like they will be...
-
Other new extensions that are being used (especially in ransomware) besides ps1 are...
-
Some malware, expecially malware distributed by exploit kits (ransomeware primarily)...
-
Hello Fred: Andrea Russo is no longer supporting Clam Sentinel so my answer was the...
-
Thank you for using Clam Sentinel. I do not know of any way to configure proxy settings...
-
Clam Sentinel was never designed for use with DOS. There have also been some problems...
-
Sentinel automatically invokes the current ClamWin DB on a periodic basis, so the...
-
For the Clam Sentinel real-time scan, the system monitor looks at files that have...
-
If Clam Sentinel gives you too many false positive detections on DLL files in your...
-
If Clam Sentinel gives you too many false positive detections on DLL files in your...
-
If Clam Sentinel gives you too many false positive detections on DLL files in your...
-
Hello Pedro: I'm sure that Andrea could change his code to accommodate a bunch of...
-
Please read the Clam Sentinel Simple Guide about using Clam Sentinel and ClamWin...
-
I also registered. Like Alex said, looks good. Any idea about a timeline or time...
-
Clam Sentinel monitors USB/drives for executables and files with Clam AV signatures....
-
Yes, let me know if there's anything I can do to help also. Regards, On Thu, Mar...
-
The original 1.0 version of MSE was written in Israel--don't know if it was contract...
-
Nixory looks interesting, but a lot of AVs don't bother with tracking cookies--preferring...
-
Hazard Shield For Windows might be interesting--the writeup said it is easily customized....
-
The Open Antivirus project was the predecessor to ClamAV. When the Clam team decided...
-
That sounds good, Kennedy. I hope you can do all that without getting burnout! That...
-
That's interesting about MSE but not surprising. It was evidently designed to be...
-
Re: Kaspersky signatures--They are proprietary, and I wouldn't touch them with a...
-
Good: I've wondered why the ClamWin developer didn't do anything with it when I showed...
-
There is some information about filter drivers at https://msdn.microsoft.com/en-us/library/windows/hardware/dn641617...
-
Well, let me know if there's any way I can help also. Re: those Kapsersky hooks,...
-
Watch out for that Kaspersky--it has more hooks than a clothesline. I don't know...
-
Hello: You can prevent Sentinel asking this question by unchecking the setting "ask...
-
Hello: As I said in the ClamWin forum, I think you should see what the Clam Sentinel...
-
This would have to be done (and could be done) at the time of installation of Clam...
-
Hello Alex: Developer Andrea Russo actually has a few Clam Sentinel beta testers...
-
There is an undocumented option (the NS (No Scanner)) option to exclude ClamWin from...
-
You can verify files by uploading them to the Virus Total online scanning service...
-
Good idea! I usually post a notice on the ClamWin forum (General section) when Andrea...
-
This is a false positive. I reported it to Clam AV some days ago. For the moment,...
-
Download only from reputable web sites. Verify downloads before installation by uploading...
-
Perhaps you could do something with a ClamWin batch file. After all, the Clam Sentinel...
-
The UseLocalIniFile setting tells Clam Sentinel where its .ini (configuration) file...
-
Hello: Thank you for using Clam Sentinel. I am sure that developer Andrea Russo will...
-
There was an error in my previous whitelisting instructions. It should have read:...
-
Some users who download programs a lot have trouble with false positive detections--especially...
-
I am sure that Clam Sentinel developer Andrea Russo will also see your request, and...
-
EICAR is harmless. It is merely a test. It is not executable and therefore can not...
1