ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Your Own ClamWin Virus Signatures
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
See my March 5, 2022 posts about how to make your own ClamWin signatures. They are not really hard to do. One signature is for the entire malware file and another signature is for a section of the file, using information from Virus Total.

Regards
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
WOW, looking at the posts for the virus defintions, there sure is a lot of malware that you are doign with the signature files. Just out of curiosity, do all those everntually make their way inot the daily updates.
How are you doing with linux Bob.
I have just realized why clam makes my windows 98/win 2000(768 memory) groan all day - it is the amount of mamory it is using while harldy any cpu is touched. Funny thing on win 2000 hard drive in that machine - it groans a little less. Also seeing it now groaning more on XP with 4gig memory
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
It's nice to hear from you!

In case ClamWin has some Ukranian users, I'm trying to help with signatures for Russian malware targeted to them, but I also run across other important malware. Clam AV (and consequently ClamWin) doesn't have these signatures and never will. Clam AV only prepares about 1,000 mostly automated signatures per day from Virus Total feeds, but there are several hundred thousand malwares released daily. Additionally, Clam AV concentrates upon Linux email servers, who don't have to worry about operating in a dynamic Windows environment, although their signatures are mostly for Windows malware that the servers will distribute to their Windows users.

Linux Mint is going well. It's very secure and has frequent updates that users can elect to install (or not). One small problem is that it is hard to get information to help you solve a problem or do anything other than basically just run software. The Linux industry/user groups seem to me to assume that every user is a techie. I also detect a certain amount of elitism among some (not all) Linux knowledgeable users.

You need a lot of memory to efficiently run any AV today. There's no substitute for it, even on old computers. Although ClamWin doesn't run in real-time, the Clam AV scan engine is doing a lot of things as it scans.

Regards,
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
Always a pleasure to hear from you Bob

YeAS for my memory- it is maxxed out with the 768 Sad and on occasion I stop the clap sentinel if I need to use the machine quickly. Now my poor machine's email - we use the subscription office365 and I use Thunderbird on it. Now I can do everything with email but send as sit no longer supports the protocols so I save as draft and then send form the windows 7 machine using the web based outlook.
Glad you are having a good time with Linux if not trying to get answers t questions.
Keep me posted. Inquiring minds want to know
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
If using Clam Sentinel, I recommend that you uninstall it, which might help you a bit. Development was stopped in 2014 and it no longer supports some Clam AV capabilities that were included in ClamWin. I use only ClamWin to keep my hand in and as backup to Windows Defender now on my wife's computer.

I was sorry to have to uninstall Clam Sentinel. I really enjoyed working on the project, designing detections and testing it for developer Andrea Russo. We worked together on it for about 2 months and had 33 different versions. I didn't get much sleep, and he developed a lot of it while commuting on the train between Venice, Italy and his home in Portogruaro. It was a bit unique and good for the time, but it only lasted about 2 years. An AV must constantly update its detections, and that's hard to do unless you work full-time, in which case you should be paid.

Regards,
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
Yes using Clam Sentiel - on hte 2000 hard drive in the computer it stops chugging away after 5 hours and the 98 hard drive in the computer it does not stop chugging. I will admit to at times stopping the scan and clam does its behind the scenes thing I guess as sometimes there is still a light chug. On the windows 7 computer i have the clam and sentinel and also the Immunet which that will suck up all the cpu and memory at times. 7 does have windows defender, the eset on line scanner which you manually run, and the f-secure on line which you manually run. Always dreadful to see something you put your heart into stop
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
ClamWin, Sentinel, Immunet and Windows Defender are too much for one computer. I have never liked Immunet, and, as I mentioned, Clam Sentinel is not very useful anymore. I run Windows Defender and ClamWin on my wife's Windows 10 computer. I have excluded all ClamWin files from Win Defender's scans. I do scans a couple of times each month with Eset's Online Scanner. I quit using F-Secure's online scanner a long time ago--it is good, but it does put files on your computer, despite what they say. Eset is better.

Regards,
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
I think eset does too - definitely saw it in the registry
Funny thing is eset says one time use but you can keep clicking and it will run.
I downloaded from an xp machine an older version and that showed two exes in the dir--EsetSmartInstaller.exe and onlinescannerapp.exe. Have not tried installing it.
Once tried panda as well still some files on machine.
I know I am at overkill with immuent and clam along with everything else : - )
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
Some AVs used to have two exe files running at the same time. They don't usually do that now, so I wouldn't use one that does.

Immunet had some good possibilities at first. They tried a paid version, but it wasn't supported very well.

I wish ClamWin would implement a permanent signature cache upon startup and some in-house heuristic detections to supplement the too-few, too-little Clam AV signatures. Cisco can't do that to Clam AV because it would compete with their paid security software.

Regards,
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
As I scroll through everyday directories of folders, I do see more than one exe depending on what it is doing and sometimes clicking on it temporaily makes dos box flash up for a moment. Maybe one day things will change with the clam av
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
Hi Guitar

I might now have the opportunity to toy with Linux on a stronger computer.
a hard drive crashed on a 20`` HP Pavilion Slimline. Funny the mother board has 6 sata slots yet the skinny power supply has cabling only for a cd rom and a hd. I wanted to try to install win 10 on it, download the iso while on a xp machine (the only way you can get it without the media creation tools.) I figured I would try to put it on a hard drive. If that did not work then I was going to install back the windows 7 home premium and then try to upgrade. I see you should wait till the end rather than at the beginning to put in the windows 7 keys. I see now that microsoft took off the download iso of previous operating systems when you input your key. Also discovered that even if I could, since it was an OA, then I would need to get the os or a recovery by paying HP. So will wind up most likely installign a couple of different versions onto it. Puppy should be great on it , but might try some of the newer ubuntu. On a side note I found a great little burn iso to usb as bootable program. Technically ypu do not install and you just select your usb and the file and thats it. Program was discontinues in 2014. It is called wintopcic.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
You can't go wrong with Ubuntu if it will work for you. Linux Mint seems to basically be Ubuntu with a Windows-type GUI.

Regards,
View user's profileSend private message
cubbettee


Joined: 18 Sep 2020
Posts: 48
Reply with quote
Thanks, at this point all I have done was to download the manual and windows drivers, and put it a ntfs formatted used HD
Now to see what happens when I have a chance
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4872
Location: USA
Reply with quote
I was really surprised when I got my Ubuntu machine that all the drivers worked with no problem.

Regards,
View user's profileSend private message
Your Own ClamWin Virus Signatures
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic