How does simply moving a file into a folder prevent the virus from activating? Most other antiviruses encrypt the file, but i do not understand how Clamwin's procedure of simply moving a file into a folder prevents it from activating.

Well, can someone please explain?

Generally speaking, malware is just a computer program like notepad.exe. It has to either be started by the user (typically tricked into starting it via social engineering) or by loading automatically at startup via Windows startup mechanisms. One of these startup mechanisms is the "Startup" folder on your start menu. If you drag a shortcut to notepad.exe into your startup folder, it will launch notepad shortly after your desktop appears on your screen.

By moving the detected file to a different location, these "startup" locations no longer refer to a valid file.

Other AVs tend to encrypt the file to prevent *OTHER* AVs (or even themselves) from re-detecting the virus contained within their quarantine.

Okay, Theo, I'll give it a try--perhaps the developers are both busy.

I guess the assumption is that no one will run/execute a file that is in quarantine. Any file placed there by ClamWin has clearly been renamed "infected." Also, you might want to restore a file that had a false positive malware recognition, and it would be inoperable if you "mangled" it. Tis way, all you'll have to do is delete the "infected" part of the name and then restore it to it's directory.

If this isn't sufficient, then perhaps you could do something to the quarantine directory to prevent the execution of any file placed there.

Regards,

ok thanks