ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Please, provide an AUTOMATIC FIX to this
tcucinotta


Joined: 21 Nov 2010
Posts: 3
Reply with quote
Hi there,

I'm just seeing 11818 files in the ClamWin quarantine folder of a laptop that is now simply useless for the upcoming Monday working day!!

I'm completely surprised that the developers thought to suggest (looking at various posts in this forum) to:
-) recover manually the files, checking the logs for the original locations
-) use the QRestore utility, which is not advertised no-where on the website (I'm not even sure about which one
is the latest version -- is it 1.1 ?)
-) set ClamWin into "report-only" mode, instead of quarantining -- I would have suggested to uninstall the tool, instead!

Now some constructive ideas and suggestions:
1) advertise this on the front-page of the ClamWin website as a major issue that has potentially affected ALL THE USERS!!
2) SUGGEST TO ALL USERS TO REINSTALL CLAMWIN from a clean new download from your website
On this PC, ClamWin quarantined its own executable as well, letting it become unusable!!!
3) provide clear pointers to a receipt for fixing the problem
4) consider that NOT ALL USERS are ICT-experts, so you must consider also how to deal with them
5) PROVIDE AN AUTOMATIC PROCEDURE AS PART OF THE NEXT CLAMWIN UPDATE, to be released ASAP (now!!!!);
The recovery procedure is relatively simple to build:
a) scan all the log files present on the system, and build a map of the quarantined file paths, along with the original location
b) scan all the quarantine folder files, rescan them with the new version/virus-db which does not have the problem, and,
if the file is not infected, then restore it into its original location, possibly asking the user to confirm the action


I hope the developers do something to address this in a professional way. And, IMHO, trying to blame users of ClamWin because they didn't properly backup their systems, is NOT a professional way of dealing with the issue.

My 2 cents.

Tommaso
View user's profileSend private message
Re: Please, provide an AUTOMATIC FIX to this
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
tcucinotta wrote:
Hi there,

I'm just seeing 11818 files in the ClamWin quarantine folder of a laptop that is now simply useless for the upcoming Monday working day!!

I'm completely surprised that the developers thought to suggest (looking at various posts in this forum) to:
-) recover manually the files, checking the logs for the original locations
-) use the QRestore utility, which is not advertised no-where on the website (I'm not even sure about which one
is the latest version -- is it 1.1 ?)
-) set ClamWin into "report-only" mode, instead of quarantining -- I would have suggested to uninstall the tool, instead!

Now some constructive ideas and suggestions:
1) advertise this on the front-page of the ClamWin website as a major issue that has potentially affected ALL THE USERS!!
2) SUGGEST TO ALL USERS TO REINSTALL CLAMWIN from a clean new download from your website
On this PC, ClamWin quarantined its own executable as well, letting it become unusable!!!
3) provide clear pointers to a receipt for fixing the problem
4) consider that NOT ALL USERS are ICT-experts, so you must consider also how to deal with them
5) PROVIDE AN AUTOMATIC PROCEDURE AS PART OF THE NEXT CLAMWIN UPDATE, to be released ASAP (now!!!!);
The recovery procedure is relatively simple to build:
a) scan all the log files present on the system, and build a map of the quarantined file paths, along with the original location
b) scan all the quarantine folder files, rescan them with the new version/virus-db which does not have the problem, and,
if the file is not infected, then restore it into its original location, possibly asking the user to confirm the action


I hope the developers do something to address this in a professional way. And, IMHO, trying to blame users of ClamWin because they didn't properly backup their systems, is NOT a professional way of dealing with the issue.

My 2 cents.

Tommaso


Please do not double post - becomes difficult to follow. I responded in your first post:
http://forums.clamwin.com/viewtopic.php?p=13230#13230
View user's profileSend private message
Re: Fixed with log file in temp directory
beui


Joined: 19 Nov 2010
Posts: 2
Reply with quote
bill_chatfield wrote:
I was able to find the log file in a temporary file in my temp directory: c:\Documents and Settings\userid\local settings\temp. Make sure you look under the userid which runs ClamWin.

And I wrote the following script which copied everything back into place. I couldn't use Java or Perl because their executables and dlls were quarantined by ClamWin. So JavaScript seemed like the next easiest thing to use. Copy and paste the script in to a file named RestoreClamWinFalsePositives.js and then run it like this: cscript RestoreClamWinFalsePositives.js logfilename.txt



Thanks for the script! For some unknown reason WinXP or greater is required for the other script.
View user's profileSend private message
Multiple Threads
grahamcropley


Joined: 19 Nov 2010
Posts: 10
Reply with quote
Just thought people viewing this thread on the false positive problem would be worth viewing my other post in the other thread...

http://forums.clamwin.com/viewtopic.php?p=13250#13250 http://forums.clamwin.com/viewtopic.php?p=13250#13250
View user's profileSend private message
Re: Windows server 2003
pascalvp


Joined: 15 Apr 2010
Posts: 5
Location: france
Reply with quote
lasersoft wrote:
Where is the log file on Windows Server 2003. There is a file ClamScanLog.txt in the c:\documents and settings\all users\.clamwin\log but doesn't have information about the quarentined files. It seems to come a day before the problem occurred, as if the program didn't finish writing. Can I just return the files to where I think they came from?


Hello if like me you have discovered thousands of files in quarantine following the problem of false positive
with a log file clam nonexistent or incomplete
I give you a temporary solution that allowed me to restart my databases.

1 rename your files by removing the extension. Infected (before removing duplicates)
2 state in the system PATH the path or file is stored in your quarantine.

Beware it only works for DLLs it will put the executable file in the correct directories by hand

--
Bonjour si comme moi vous avez découvert des millier de fichier en quarantaine suite au probleme de faux positif
avec un fichier de log de clam inexistant ou incomplet
je vous livre une solution temporaire qui ma permis de redémarrer mes bases de données.

1 renommer vos fichiers en supprimant l'extension .infected (supprimer avant les doublons)
2 indiquer dans le PATH du systeme le chemin ou sont stocké vos fichier en quarantaine.
Attention ca ne fonctionne que pour les DLL il faudra remettre les fichier exécutable dans les bons repertoires a la main
View user's profileSend private message
worldofrugs


Joined: 09 Dec 2010
Posts: 6
Reply with quote
Lost over 7000 files into guarantine....
Restore tool does not work on WIn2000 (NT) server --> not a valid win-32 application.
I think(!!), I found the log-file....
Any way I can automatically recover instead of doing it manual?
View user's profileSend private message
worldofrugs


Joined: 09 Dec 2010
Posts: 6
Reply with quote
Anyone???
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4655
Location: USA
Reply with quote
I think you will have to go the manual route if Alch's script is no help. If DB folders are involved, seems like someone had a post somewhere about that.

Regards,
View user's profileSend private message
worldofrugs


Joined: 09 Dec 2010
Posts: 6
Reply with quote
Thanks for the reply 'Bob',
The script would work fine if on my XP machine... I copied the log file there and ran the script...
On win-nt however it does not work... (If only it did!)
Hope someone has a solution to this, as doing it manual is going to take weeks!
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
worldofrugs wrote:
Thanks for the reply 'Bob',
The script would work fine if on my XP machine... I copied the log file there and ran the script...
On win-nt however it does not work... (If only it did!)
Hope someone has a solution to this, as doing it manual is going to take weeks!


When you save the script do that as ANSI (dropdown in Notepad)
View user's profileSend private message
worldofrugs


Joined: 09 Dec 2010
Posts: 6
Reply with quote
Not sure how to save "the script" ??
I have the log file (ansi file), and the small program qrestore, that I cannot run on the server (not a valid win32 app.).
Just to see if it would work, I copied both to an XP machine and it works fine there. (Of cos I could not restore, as the files / destination folders are not located on the XP machine)
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
Please read this sticky post:
http://forums.clamwin.com/viewtopic.php?t=3096&start=0

after point 6:
Quote:

If you need to restore files using the log from another machine then QRestore 1.1 can produce a batch file instead of copying. Follow the steps 1-5 and click File-Create Recovery Script. When you see the batch script in the Notepad, be sure to save it as ASCII or Windows will have troubles running Unicode BATCH files.

Download QRestore1.1 here:
http://files.clamwin.com/QRestore1.1.zip


You can create a batch script for your NT machine on the XP by copying the log file and running qrestore 1.1 and save a batch script (remember to save as ANSI file).
View user's profileSend private message
quarantine folder filled with 25,000 files
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 4 of 4  

  
  
 Reply to topic