ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Excludes using clamscan
sg08234


Joined: 06 Apr 2019
Posts: 3
Location: Berlin
Reply with quote
I found many different answers on how to exclude filres and/or directories:

Why does the follwoing command (test example) does not exclude the files/directories as entered:

"c:\r_sps\progs\ClamWinPortable\bin\clamscan.exe" "c:\Program Files (x86)" --recursive --memory --stdout --database="c:\r_sps\progs\ClamWinPortable\db" --infected --exclude="c:\Program Files (x86)\AutoIt3\Uninstall.exe" --exclude="c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe" --exclude-dir="c:\Program Files (x86)\AOMEI Backupper" --exclude-dir="c:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.6" --exclude-dir="c:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit" --exclude-dir="c:\ProgramData\Package Cache\{F7AADEDA-233A-1079-CD15-03AEB050F0C6}v10.1.14393.0\Installers" --exclude-dir="c:\r_sps\progs" "c:\Program Files (x86)\Advanced BAT to EXE Converter PRO" --exclude-dir="c:\Program Files (x86)\AOMEI Backupper" --exclude-dir="c:\Program Files (x86)\AutoIt3" --exclude-dir="c:\Program Files (x86)\Windows Kits\10" --exclude-dir="c:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 6.6" --log="d:\temp\clamscan.log"

Many thanks - Michael
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
I'm not much of batch programmer, but I suggest that you exclude the files you want in the ClamWin GUI and then check the exclude section in the Clamwin configuration file. Below is mine:

excludepatterns = *.tbb|CLAMWIN_SEP|*.pst|CLAMWIN_SEP|*.dat|CLAMWIN_SEP|*.log|CLAMWIN_SEP|*.evt|CLAMWIN_SEP|*.nsf|CLAMWIN_SEP|*.ntf|CLAMWIN_SEP|C:\Users\Bob's LG Gram\AppData\Local\Programs\Opera\57.0.3098.110\installer.exe|CLAMWIN_SEP|C:\USERS\BOB'S LG GRAM\APPDATA\LOCAL\PROGRAMS\OPERA\57.0.3098.116\INSTALLER.EXE|CLAMWIN_SEP|C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\INSTALL\AM_DELTA_PATCH_1.*.EXE|CLAMWIN_SEP|C:\USERS\BOB'S LG GRAM\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\*|CLAMWIN_SEP|C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\*

Does this give you any ideas? There is a |CLAMWIN_SEP| between each item excluded.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
sg08234


Joined: 06 Apr 2019
Posts: 3
Location: Berlin
Reply with quote
Thanks to your suggestion I established an tested the following rules:

:: --- _R_VIRENSCAN_EXCL_FILES (--exclude): Exclude-Strings (Dateinamen/-patterns in Hochkommata, relative Pfade, \\ statt \, durch "," getrennt)
:: Beispiele: "*.tmp"
:: "*.tmp","LoadDrv.exe"
:: "temp\\virus.tmp"
:: Leer oder nicht definiert: Kein File-Exclude
:: --- _R_VIRENSCAN_EXCL_DIRS (--exclude-dir) : Exclude-Strings (Verzeichnisnamen/-patterns in Hochkommata, relative Pfade, \\ statt \, durch "," getrennt)
:: Achtung: Subdirectories werden nicht berücksichtigt!
:: Beispiele: "temp\\Test_Virenscan\\*"
:: "temp\\Test_Virenscan1\\*","temp\\Test_Virenscan2\\*"
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
I'm glad it worked for you..

Remember that the ClamWin developers recommend that we use ClamWin only as a backup scanner to a real-time antivirus for best protection when you are on the web. ClamWin is not doing much development (at the moment it is several versions behind the Clam AV engine we use), and the signatures we get from Clam AV are primarily for Linux email servers.

By the way, do you think it is possible to write a new GUI for ClamWin using a scripting language (like Python maybe)?

Thanks for using ClamWin!

Regards,
View user's profileSend private message
sg08234


Joined: 06 Apr 2019
Posts: 3
Location: Berlin
Reply with quote
Yes - I use clamwin (clamscan) only as a backup scanner to a real-time antivirus.

I already encountered the problem that the signature seem to be old respectively not Windows-adjusted. Can you recommend another backup scanner?

As I am only interested in using clamwin vir CLI (clamscan) I can't say anything conerning a new GUI for ClamWin. My main interest is an actual public malware Windows based scanner (see above).

Regards - Michael
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4552
Location: USA
Reply with quote
The Clam AV signatures are just not enough to provide users with good protection against today's malware. It is getting harder for a true free AV to keep up with it, so I think that ClamWin will probably be the last public malware Windows based AV scanner. I do not know how much longer it will be around--probably not long. Almost all of the other "free" AVs target their users for something (ads, browser installs, GPS location, software used information, etc.)

Microsoft's free (for personal/light business use) Windows Defender (Security Essentials on older computers) is a good scanner, and it is being constantly improved behind the scenes. If you still want to use it with another primary AV, you can schedule a Windows Defender scan from the Security Dashboard interface via the Windows Defender Antivirus Options. It is just as good as most of the other AVs. Another good backup scanner is Malwarebytes Free. Also, Dr. Web's CureIT can clean up almost any infection. It is free, but it is not updated after installation, and you have to download a new version every few days.

Regards,
View user's profileSend private message
Excludes using clamscan
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic