ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
xqrzd


Joined: 18 Feb 2013
Posts: 43
Reply with quote
Yeah that was me. Now that I'm done with school I can start working on this again.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4385
Location: USA
Reply with quote
That's great! I'm sure that whatever you guys come up with--together or individually will be helpful to ClamWin and the open source community. Let us know if there's anything we can do to help--testing, suggestions....

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Another suggestion I thought of, it would be nice if you could find a way for ClamWin to have a real-time protection and still be compatible with other AVs, this way it can be used as a primary or still be used as a secondary.
View user's profileSend private message
xqrzd


Joined: 18 Feb 2013
Posts: 43
Reply with quote
Compatibility shouldn't be an issue, unless we start using hooks.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Here are some providers if you want to use passive protection.

For HOST files, you can use MVPS: http://winhelp2002.mvps.org/hosts.htm There use to be another one called "HP host" but I can;t find them so I think they shut down.

For IP filters, you could probably just snatch some from iblocklist here: https://www.iblocklist.com/lists.php

For bad sites filter, I would just use Google bad sites and use the updates ClamAV offers because I think ClamAV adds some more stuff to it themselves or you can also use the one off Malware Domain. I know Chrome and Firefox browsers both use Google bad sites and IE uses a smart screen filter and active x filter, as well, so maybe a bad sites filter might not be needed.

If you wanted to, you could use easy list and easy privacy for ad blockers, but that is optional. Some of the IP filters on iblocklist and the HOST file from MVPS are also capable of blocking ads, too.
View user's profileSend private message
xqrzd


Joined: 18 Feb 2013
Posts: 43
Reply with quote
Windows 10 is going to be a pain,
https://www.osr.com/blog/2015/03/18/microsoft-signatures-required-km-drivers-windows-10/

Not sure what to do about this. I have a standard code signing cert from Global Sign that I've used for Hazard Shield's driver, but I doubt an individual will be able to get an EV certificate.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4385
Location: USA
Reply with quote
You could do some blocking via web context. For reference, see the Sophos technical paper at http://www.sophos.com/en-us/why-sophos/our-people/technical-papers.aspx on the web from 2013. This is in keeping with the Clam Sentinel simple heuristics concept, but I never could get either developer Andrea Russo or the ClamWin team interested in it. I was particularly interested in the use of TLD names, etc. to detect "bad" sites. This would be like frosting on the cake, however--the real-time filter, basic PE file heuristics, and overt web site blocking should probably come first.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
You can probably just hold back on Windows 10 for awhile. Some AVs usually wait a few months before doing a newer OS so they can prepare first before jumping the gun.

By the way, where were you getting your signatures for Hazard Shield? Did you find them yourself or were you getting them from VT or other AV companies? I know anti-spyware software usually have a easier time finding signatures then AVs do because spyware and adware are less common.
View user's profileSend private message
xqrzd


Joined: 18 Feb 2013
Posts: 43
Reply with quote
I would just create them myself. Most samples I got from user submissions and crawling through sites like malc0de.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
You can also try MalShare. I like using that site because they give you the MD5, SHA1, SHA256 and SSDEEP hashes already. When I signature make for ClamAV, I go to that site.

Do you have plans to start Hazard Shield up again?
View user's profileSend private message
xqrzd


Joined: 18 Feb 2013
Posts: 43
Reply with quote
I'm still working on Hazard Shield while I'm waiting for Platonic details, although probably Hazard Shield's functionality will just be integrated into Platonic/ClamWin.
View user's profileSend private message
Hi guys
stormzy


Joined: 09 Mar 2015
Posts: 3
Reply with quote
Sorry I took so long to reply, i've been fixing Pc's at a local clinic and one of them is giving me a hectic time with the internal hard drive.

xqrzd: I appreciate sharing of your sources.
My project currently is aiming at adding realtime scanning to ClamWin, and if am not mistaken, I think that Hazard Shield must already have this feature.

EDIT:
xqrzd:I almost forgot, the entire project is opensource and C/C++ should be just fine anywhere within the system, I usually don't like using other languages especially Python,Delphi(which I find in UI's of most antiviruses),this makes me lazy to go back to C/C++, I think they are somehow too objective oriented and cannot also be used for System Level Developement.

So here is how I think we should go about this issue.
We make the User Interface in QT library and call this the Platonic User Interface, which should include themes plugins etc. Then we use Hazard Shields Realtime Monitoring Engine to monitor application activity which should be equivalent to ClamSentinel in terms of perfomance, lastly we use ClamAv's scanning engine (still running as a daemon)which I think will need some work since it's not as efficient as I would have wanted it to be. As in false positives and scanning time/Perfomance.

I think that our main objective should be coming up with at-least a different look to the whole User Interface, and Implementing realtime monitoring plus a few more features/tweaks, If we improve scanning perfomance (Clamscan) it should at-least match Essentials or be better, I think this should make our anti-virus more popular and thus we will be able to get more support from the open source community.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
As long as the project remains open-source and you share your coding with the rest of the Clam family, you have my support on this. Let us know when beta testing is ready and I will help test out before the first public release.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Another idea would be some self-protection. Clam Sentinel does not have this because we felt it was unneeded due to how small it is and many malware aren't bothering, but I feel we should not underestimate malware writers and take all per-cautions. The Clam family is growing and I feel it should be done, sometime.

Also, have you thought about naming it apart of the clam family, like ClamPlan or something? I know there is Clam Sentinel, ClamWin, ClamAV, ClamTK, and GPM Clam already (also Amiti Anti-virus is apart of the Clam family but doesn't use Clam name), but maybe you could the same? Just an idea to be an official Clam family. I figured ClamPlan would fit since you are using this for the future of the Clam family and all the ideas/plans are being built here.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4385
Location: USA
Reply with quote
Re: self protection, at the present time, I would just do an automatic scan of the AV program folder upon startup. You could include this self-scan anytime a scan is required/requested. This will not detect injecting Trojans, but I think that is unlikely. The AV will not be on any malware radars for a while. It is more likely it would be killed via a registry change by malware.

Regards,
View user's profileSend private message
On-access protection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 3 of 4  

  
  
 Reply to topic