 |
 | How to enable PUA on v 0.94 ? |  |
|
Sumer1
| Joined: 22 Sep 2008 |
| Posts: 0 |
| Location: Paris |
|
|
 Posted: Mon Sep 22, 2008 10:39 pm |
|
 |
 |
|
|
I use the latest updated versions of clamwin 0.94 with XP home SP3. I want to enable the option to detect Potentially Unwanted Applications but I do not find the option on tab Advanced under Preference. How can I do that ? because I really need this option enabled.
I saw on Clamav.net that categories are available (Packed,Pwtool,NetTool...) in database. But when I try on my virus/pua collection, Clamwin 0.93 detect PUA but not Clam 0.94. On Virustotal,they are flagged. May be I can use a switch or modify the ClamWin.conf ?
Please help me.
|
|
|
|
Theoracle117
| Joined: 18 Sep 2008 |
| Posts: 0 |
| Location: san diego |
|
|
| Posted: Mon Sep 22, 2008 11:42 pm |
|
|
|
|
|
clamwin .94 is still in its early form. Until version 1.00 comes out there still wont be resident protection or real time scanning.
go check out winpooch, its associated with clam win and offers resident protection
|
|
|
 |
| | |
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Sep 23, 2008 12:25 am |
|
|
|
|
|
In version 0.94, Clam AV changed their PUA category to enable the user to decide whether or not to allow certain PUA categories, but the ClamWin developers decided not to have any PUA option. My guess is that would have required more significant coding than they could do and get out ClamWin version .94 in a reasonable time frame. Perhaps there is a flag you could set in ClamWin's additional scanning paramaters in the advanced configuration tab, and maybe someone will address that here.
Actually, the PUA designation is in a state of flux at Clam just now. They are trying to come up with some standard PUA categories to "tighten up" the designation, so not too many PUA signatures are being written at the moment. There is a large backlog of PUAs that need to be addressed.
Regards,
|
|
|
|
| | |
|
Sumer1
| Joined: 22 Sep 2008 |
| Posts: 0 |
| Location: Paris |
|
|
| Posted: Tue Sep 23, 2008 12:29 am |
|
|
|
|
|
| Theoracle117 wrote: |
clamwin .94 is still in its early form. Until version 1.00 comes out there still wont be resident protection or real time scanning.
go check out winpooch, its associated with clam win and offers resident protection |
Thanks you Theoracle117 for your reply.
But I don't ask about realtime/resident protection. My Question was only about "On demand scan" with PUA detection enabled. |
|
|
|
| | |
|
Sumer1
| Joined: 22 Sep 2008 |
| Posts: 0 |
| Location: Paris |
|
|
| Posted: Tue Sep 23, 2008 12:44 am |
|
|
|
|
|
| GuitarBob wrote: |
....Perhaps there is a flag you could set in ClamWin's additional scanning paramaters in the advanced configuration tab, and maybe someone will address that here.
........
Regards, |
Thanks you GuitarBob. I hope somebody give these additional scanning param or an other solution.
I find a switch �—detect-pua� on http://www.clamav.net/index.php?s=pua. But I can't figure out how this can work with ClamWin.
Regards |
|
|
|
sherpya
| Joined: 22 Mar 2006 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Tue Sep 23, 2008 1:16 am |
|
|
|
|
|
you can add it in prefs -> advanced -> additional clamscan cmd line params
we decided to remove it from gui because the option was misleading some users believing some files were virus
(pua matches are like virus matches)
it's intended as an advanced feature so users wants to use it, they can add the option in the advanced tab
|
|
|
|
Sumer1
| Joined: 22 Sep 2008 |
| Posts: 0 |
| Location: Paris |
|
|
| Posted: Tue Sep 23, 2008 2:01 am |
|
|
|
|
|
| sherpya wrote: |
you can add it in prefs -> advanced -> additional clamscan cmd line params
we decided to remove it from gui because the option was misleading some users believing some files were virus
(pua matches are like virus matches)
it's intended as an advanced feature so users wants to use it, they can add the option in the advanced tab |
Hello sherpya,
Thank you. But it is very sneaky; the syntax is not "—detect-pua" but "--detect-pua". After a lot of try, I found this streaky "--".
Regards |
|
|
|
| | |
|
sherpya
| Joined: 22 Mar 2006 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Tue Sep 23, 2008 7:57 pm |
|
|
|
|
|
you can call clamscan --help from cmdline
Clam AntiVirus Scanner 0.94
(C) 2002 - 2007 ClamAV Team - http://www.clamav.net/team
--help -h Print this help screen
--version -V Print version number
--verbose -v Be verbose
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--bell Sound bell on virus detection
--show-progress Print progress indicator for each file
--tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps Do not remove temporary files
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load
all .cvd and .db[2] files from DIR
--log=FILE -l FILE Save scan report to FILE
--recursive -r Scan subdirectories recursively
--remove Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=PATT Don't scan file names containing PATT
--exclude-dir=PATT Don't scan directories containing PATT
--include=PATT Only scan file names containing PATT
--include-dir=PATT Only scan directories containing PATT
--detect-pua Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured Detect structured data (SSN, Credit Card)
--structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--no-mail Disable mail file support
--keep-mbox Don't delete/rename mailboxes
--memory Scan loaded executable modules
--kill -k Kill/Unload infected loaded modules
--unload -u Unload infected modules from processes
--no-phishing-sigs Disable signature-based phishing detection
--no-phishing-scan-urls Disable url-based phishing detection
--heuristic-scan-precedence Stop scanning as soon as a heuristic match is found
--phishing-ssl Always block SSL mismatches in URLs (phishing module)
--phishing-cloak Always block cloaked URLs (phishing module)
--no-algorithmic Disable algorithmic detection
--no-pe Disable PE analysis
--no-elf Disable ELF support
--no-ole2 Disable OLE2 support
--no-pdf Disable PDF support
--no-html Disable HTML support
--no-archive Disable archive support
--detect-broken Try to detect broken executable files
--block-encrypted Block encrypted archives
--mail-follow-urls Download and scan URLs
--max-filesize=#n Files larger than this will be skipped and assumed clean
--max-scansize=#n The maximum amount of data to scan for each container file (*)
--max-files=#n The maximum number of files to scan for each container file (*)
--max-recursion=#n Maximum archive recursion level for container file (*)
--max-dir-recursion=#n Maximum directory recursion level
(*) Certain files (e.g. documents, archives, etc.) may in turn contain other
files inside. The above options ensure safe processing of this kind of data.
|
|
|
|
|
| | |
|
Sumer1
| Joined: 22 Sep 2008 |
| Posts: 0 |
| Location: Paris |
|
|
| Posted: Wed Sep 24, 2008 2:54 am |
|
|
|
|
|
| sherpya wrote: |
you can call clamscan --help from cmdline
Clam AntiVirus Scanner 0.94
(C) 2002 - 2007 ClamAV Team - http://www.clamav.net/team
--help -h Print this help screen
.......
--detect-pua Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
....
|
|
Thank you sherpya. Now, Clamwin work perfect for me.
By the way, what is the meaning of CAT (category) ?
Regards |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
| |
