Goodbye To Clam Sentinel!

Emirhan Uçan — Sat, 27 Apr 2024 10:46:17 -0000

Goodbye ClamSentiel long live Xylent!

Goodbye To Clam Sentinel!

Robert Scroggins — Sat, 02 Sep 2023 21:10:23 -0000

Hello Lukas:

Here I am. I relocated my signon information for Clam Sentinel forum. Good that you are able to do something with Python

For the Sentinel heuristics, the main one was the calculation of the entropy of a file. Entropy is the measurement of the "randomness" of a file. A file that is heavily obfuscated with other software will be very random, while a file that performs legitimate useful activities will be direct and to the point, not showing much entropy. Maximum entropy is 7.0. We set our entropy heuristic at 95% of maximum--6.65. We eventually had to reduce it a bit because some malware writers caught on to this and reduced their file entropy below 95%. Entropy is sometimes called "Shannon entropy".

We also had a few common sense heuristics--like double extensions where the first extension was .exe or some other executable extension--such as : filename.exe.txt or similar, where the exe was the extension that was executed. Later on, Andrea added some heuristics based on examining the Windows executable file structure detail. Another heuristic was one that looked at files placed in common folders where malware was often placed.

We gave points for the heuristics and set Sentinel to quarantine a file when a certain number of points was reached. I for get where it was set.

Please let me know if there is anything I can do to help.

Regards,
Robert

Goodbye To Clam Sentinel!

Lukas — Sat, 02 Sep 2023 01:18:34 -0000

Hi Robert. I guess you're not answering my forum posts and emails haha.
If you read this, I would like to inform you that I managed to create a simple script in Python for the latest clamav engine. When running, it can scan with clamscan any file in the selected folder for any clamav signatures, and if so, it quarantines and encrypts it. It's not something "amazing" but I'll keep working tomorrow. I am planning to do:
-on-demand scanning
- work on mistakes
- create a heuristic
-develop a graphical interface (for now everything is in cmd ^^)
If you are interested in this or would like help with testing, please contact us.
Greetings ;)

Goodbye To Clam Sentinel!

Robert Scroggins — Fri, 01 Sep 2023 14:00:18 -0000

Hi Robert, I don't know if you read but I sent you an email with a link to download 7z. Let me know when it arrived.

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 20:04:48 -0000

Robert, unfortunately google doesn't allow you to send any zip archives, 7zip etc...
Could you download the file via torrent? I'd give you a signature to create a file and download it directly from me. qBittorent is good

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 16:46:45 -0000

Robert, the problem is I can't email you. I got a return from my server that you have some kind of block.

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 15:06:14 -0000

Robert, the problem is I can't email you. I got a return from my server that you have some kind of block.

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 14:17:48 -0000

The sentinental source code is only 3Mb, and 500kb when compressed. Believe me, I could telegram it to you haha.
I will email you future messages so as not to clutter the forum or if you prefer we can use something like bitmessage

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 14:15:03 -0000

I don't know if you mean the Clam Senintel.conf file in %appdata% which has a section Path =
3 - all on
2 - sentinel portable
1 - heu only

Goodbye To Clam Sentinel!

Lukas — Thu, 31 Aug 2023 13:39:52 -0000

Hi robert. I wish you had received my message two weeks ago. It seems to show me that it is waiting for moderator verification.
Coming back, I'd be happy to send you the source code. Tell me what you would like, email, torrent or maybe something else. I'm open.

As for CS and CW itself, I'm a very basic programmer and I can't tell you much about it. I agree that it is possible to disable CS heuristics (which is more difficult) and disable CW scanning (easier).
Clam Sentinel works in such a way that it reads what is written in the .conf of CW, which means that it is heavily dependent on it. In .conf CW you can change the default ClamAV engine files 'freshclam.exe' and 'clamscan.exe' or paste them manually in the installation folder + some libraries. The problem is that clamin is not just a frontend and it reads different versions of clamav differently. ClamAV has also changed over several versions.
There is currently no problem with signature scanning as clamav version 0.103.2.1 supports downloads *for now.
The problem is that it's been two years since the clamav engine was last integrated into clamwin, and the newer engine after the first one is more optimized, segregates signatures differently and has major vulnerabilities patched.
From what I've looked at sentinental's code, it's more 'simple' than CW, hah
Python is a fairly easy language. I'll try to mess something up.

My dream was to release CS 1.23 on github :)

Recent posts to Discussion

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!

Goodbye To Clam Sentinel!