Clam Sentinel version 1.22 has been released. This version has implemented some new detectiions, decreased some false positives, and provides new language support. Clam Sentinel now has support for English, French, Italian, Japanese, German, Spanish, Polish, Russian, Portuguese, Bulgarian, Azeri, Dutch, Indonesian, Hindu, and Galician. Some instability on Windows 8.0/8.1 machines after recent Windows patches has also been addressed by this version.

Clam Sentinel enables the use of ClamWin in real-time as files are added, modified, or copied on your computer. It also has its own heuristic scan engine to detect malware for which there is no ClamWin signature. It is a separate project from ClamWin, but ClamWin must be installed/configured on the computer before Clam Sentinel is installed. New users should read the Simple Guide before installing it.

A thank you is due to Clam Sentinel developer Andrea Russo of Italy for his work in extending the functionality of ClamWin. Visit the Clam Sentinel web site a couple of times each month to keep up with the project, address any problems, and submit your suggestions for improvement.

Regards,

Was using ClamSentinel 1.22 beta versions, nothing to report on my side.

I mentioned in another topic, I had submitted PDF and javascript samples to Andrea and Robert to improve their heuristic module. They are currently studying the samples and should have it delivered in a few months, if everything goes alright.

Now, we just wait for ClamWin .98.4/.5.

Did your samples include a trojan horse? Looks like the program was completely abandoned after you sent those samples.
Just kidding, of course, but it is a shame because this program had such potential.

Well, they were PDF/javascript malware, so you are not entirely wrong, haha. They were packed in a zip file with a password.

Anyways, I haven't heard from Andrea since then myself, either. Both Bob and Andrea decided that doing non-PE heuristics was a waste of time and that companies should instead take better care of their program and close security holes and all

Bob wants to work on improving the heuristics in Sentinel. He is currently trying to learn Pascal. Sentinel is still decent as it is now. It will offer someways in protection but without updates, that is slowly declining.

No progress on Sentinel to report at this time--still studying Pascal. Sentinel heuristics are still good but they are based on 2014 and earlier malware. Malware has moved on--there's lots of JavaScript stuff now and even some malware that only resides in RAM--after it is injected by a hard-to-detect script. In addition, Sentinel is resident, but there is no file control to prevent a file from executing until it has passed heuristics and signatures as being okay.

At the present time, I think that Yara signatures are the way to go.

Regards,