Hello!
I am wondering how I can stop ClamWin/ClamSentinel from intercepting these files; they are used in an internal sendmail service.
ClamSentinel is quarantining them which is a bit of a show stopper.
My only solution for the moment is to "STOP" Clam before running the process that invokes this sendmail, and restart it after. It would be nice to be able to exclude.

I tried, by wildcarding the filename as follows (the filename suffix is generated at run time)



However, the following appear in clam Quarantine and I then need to recover the libeay32.dll and ssleay.dll before attempting a rerun.


the contents of the last are:




the contents of the last are:


Any help will be appreciated!

Thanks
David
Trujillo, Peru

"Suspicious Origin" is a Clam Sentinel heuristic detection. Whitelisting the file in Clam Sentinel's Advanced Settings, Files or Paths Not To Be Scanned should have excluded it. I suppose the % and * are screwing things up.

Try whitelisting only libeay32.dll--maybe that will work. As a last resort, consider whitelisting *.dll--it might reduce security if you exclude all dll files, but a dll malware must be called by an executable. If you can detect the executable file, there is no problem.

Thanks for using ClamWin/Clam Sentinel!

Regards,

Thanks, that seems to have fixed it. Process runs cleanly and libeay etc not quarantined.

My guess was that the wildcard in the folder name causes the problem but I will defer to your expertise.

Much appreciated
thanks.
David

You are probably right. Clam Sentinel is supposed to handle wild card file names, but I don't know about its use in folders.

I hope you are also using another, real-time AV. Some malware is becoming too tough for small file-based AVs like ClamWin/Clam Sentinel to handle all by themselves. It takes an organization with resources and research to keep up with it.

Regards,

I am using a bunch of different "detection engines". Funnily enough ClamWin is currently catching stuff that the others are missing, but "YMMV", sometimes I find stuff in another quarantine so overall I think am better protected from this multiple defence in comparison with a single program. When I moved off Avast the other engines found stuff that it had missed. So yes you are correct!

Thanks for the help.

For the record, am currently running

ClamWin + ClamSentinel
Malwarebytes
Microsoft Security Essentials
Emsisoft

on Windows 7.

Some of these don't work on Windows 10 (my other laptop) pffffft!!

Anyway, thanks very much for the prompt help, MUCH appreciated.

David

MSE and Emsisoft are both real-time AVs and I hope you are not running them back to back as this can cause conflicts.

I have always found running multiple engines is just a waste of resources. Safe browsing, not clicking on suspicious links, and keeping software up-to-date will keep you protected from 85-90% of infections on the web. I only use Windows Defender and most of the time I even think that is useless.

Soon I will be switching to ReactOS as a permanent operating system, which is a open-source Windows replica. Not sure if windows malware are capable of running on it, yet, but at least I don't have to worry about vulnerabilities/back doors in Windows (which is usually where the other 10 - 15% of infections come from). Of course, it will still have some in it as that is usually next to impossible to avoid, but since it's open-source and has tons of eyes looking at it, the amount and severity is a lot lower.

Thanks! I will see how I get on. At the moment I have the occasional hang but tbh is probably mostly Windows. Am running an out of date Win 7 (because a "Windows Update" broke a year or so back), which one day I will have to deal with. But that is my particular bit of fun. Mostly performs OK. I take your point about conflicts but am seeing how it goes. Nothing obvious as yet and as I mentioned the various scanners pick up different suspected infections and not each other

The ReactOS is interesting; the last time I looked was around 4 years ago when I left the UK and was running a bunch of OpenBSD service boxes. I will have another look. Getting off Windows would be nice but I have a bit of a commitment to OpenOffice for my Accounts so a move to Linux may be my only alternative.

I will have a look at ReactOS... thanks for the suggestion.