ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Email clients that store msgs in a single file
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Hi - I use Outlook Express as an email client and am new to ClamWin. In reading the user manual for ClamWin it indicated that some email clients store all messages in a single file. And If Clam Win finds a virus attached to an email it will consider the entire file to be infected and either removed to sent to quarantine. I am not sure about Outlook Express and whether it stores in a single file or a separate file. The Clamwin user manual said the user may wish to set the filters in the configuration so that single files are not scanned. When I looked at the instructions for Filters in the configuration, it said that by default the .dbx files used by Microsoft Outlook Express to store emails are excluded from Virus scans. So does that mean I do not have to set an additional filter?

Thanks!!!
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
I was not aware of that default, this is the first I have heard of it. I do not use any on-machine email software, preferring to use Gmail or Yahoo email. Qiarrantiining the entire email file was a problem in the past, but I have not heard of it for some time now. Of course, I think that use of ClamWin has gone down quite a bit in the last couple of years. There has been no update of the Clam AV Linux engine for going on two years now, and it has had plenty of updates on the Linux side. In addition, the virus signatures provided by Clam Av are just not enough. There are roughly 500,000 new viruses each day, and Clam Av only prepares about 1,000 daily signatures. In addition, if you are accessing the web on a computer, you need to have a real-time scanner that has at least some behavorial detection and heuristics. I hope you are using one and employing ClamWin as a backup.

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Hi - I was using Avira, but learned that they discontinued allowing updates this month for Win XP. So searched for a new anti virus, and ClamWin was the only one that would download. If you have other suggestions, I'd be happy to hear what they are.

Also, I am not quite sure how the filters work. (not extremely tech saavy!) I want to exclude a back up folder from drive C, but not sure how to list that in the filters.

Thanks!!
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
There should be some information about excluding files from scans in the ClamWin help/documentation, I don't have ClamWin on this machine, but basically you go to the Filters tab and on the left side select the blank square icon, which lets you type in the file/folders you want to exclude. Then select to Save. Example: FolderName/* for a folder or FolderName/SubFolderName/Filename.extension for an extension.

It's hard to find an Av (especially a real-time one) for XP machines. I suggest that you look at the No Virus Thanks website. Their OS Armor should provide some good protection. Their SysHardner also might help. also, if these two on-demand scanners will work on XP, they are very good: Kaspersky's TDSSKiller and Eset's Online Scanner (it's not really online). They are both free and you do not have to install them--just download them to a USB and run when you need them. I run them both every couple of days on my Win 10 computers.

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Hi yes there was some info in the user manual about filters, but it was all Greek to me!! Someone else set up my antivirus in the past and he is no longer available to help. So, am trying to figure this out and get the right exclusions set.

Thanks much for the info about the antivirus programs. Appreciate it!

Linda
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
You might do some searching here on the ClamWin site for information about excluding files or whitelisting files.

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
I use Malwarebytes, so not sure if the OS armor would clash with that?

Was looking at the Avast 18.8 version. After doing some searches online, it seems that you can download that prior version of Avast, and it will not try to update to a new version of the software, but will update virus definitions. Have you worked with Avast?

Thanks
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
There was an older version of Avast that worked on Win 98 machines--I supposed that is the one you mentioned. Avast is a good AV, but they have had a recent problem with snooping on users' computers. They have their hands full now, as they also own AVG.

OS Armor will usually not conflict with other AVs. If it does, you can exclude the two executables (OSArmorDevCfg.exe and OSArmorDevSvc.exe) from AV scans.

I used Malwarebytes for a long time when I was preparing virus signatures for Clam AV. I don't like the track they are taking now--they seem to be emphasizing enterprise/business customers, but most AVs are doing that now. It is still a good product, but their test results on AV Test now tell me they are struggling a bit against today's high tech malware.

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Gees - I wouldn't want any software snooping into my computer. What is up with that?

I'll take a closer look at OS Armor. And also see if I can figure out how to exclude those executables you mentioned. As I said, I'm only slightly tech savvy! Smile

I use the Malwarebytes cause my former tech helper guy recommended it. He set it up on my machines. What malware software do you use/recommend now? Or does the OS Armor include malware scanning?

Thanks!!!
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
LKRSB wrote:
Gees - I wouldn't want any software snooping into my computer. What is up with that?

I'll take a closer look at OS Armor. And also see if I can figure out how to exclude those executables you mentioned. As I said, I'm only slightly tech savvy! Smile Would I remove the ClamWin if deciding to go with OS Armor? I always thought you should have only 1 virus software program running.

I use the Malwarebytes cause my former tech helper guy recommended it. He set it up on my machines. What malware software do you use/recommend now? Or does the OS Armor include malware scanning?

Thanks!!!
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
Malwarebytes is okay to use alongside another AV--say Microsoft's Windows Defender. They provide very good protection together. If you do that, you can safely uninstall ClamWin. Either one by itself provides much better protection than ClamWin.

Microsoft has really improved Windows Defender to the point that it now meets or exceeds any other AV in detection. It has more false detections than some other AVs, but that might be due to the testers using some exotic files that mimic viruses, but most users will not have to worry about that as a practical matter. I put it number three behind Bitdefender and Kaspersky, but they are paid AVs.

I also like Forticlient from Fortinet. It is free, not quite as good as the above AVs, but it has the best protection against "bad" web pages of any AV--don't know why, but I guess they have good telemetry from their corporate users that are subjected to lots of bad/maliciious/phishing web pages each day.

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Thanks Bob.

My goal is to get the antivirus thing resolved this week. I'm glad you mentioned it would be OK to remove ClamWin w/o a problem. I did do a few scans with it since installing, and know it put several things in quarantine. So, my concern is something that was listed in the user manual about storing messages in a single file (which I think Outlook Express does). It said "if ClamWin finds a virus attached to an email it will consider the entire file (all emails in that file) to be infected. Therefore the entire file will be moved to Quarantine." I'd hate to remove ClamWin only to find out that some of my email files are gone. And I am not sure I'd recognize those files if I went through the scan reports. Hmmm.

I don't think Windows Defender can be used on XP. Am almost sure I checked into that last week when looking for an AV. Unless you know of a version that will work. Do you think Windows Defender is better than OS Armor or Fortinet?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
Windows Defender is better than both OS Armor and Fortinet as far as virus detection. OS Armor is only a behavior-based detector/preventer that offers additional protection to an AV. Fortinet offers the best protection from malicious web pages, but you might be able to get a browser extension that will do just as well. I use uBlock Origin, which stops popups, ads, and malicious web sites on Chrome-based browsers. There are several other good browser extensions, but most of them seem to be for Chrome/Firefox. The Microsoft built-in browser protector for Internet Explorer/Edge is also pretty good.

I think Fortinet might work on Win XP. If not, there are some commercial AVs that still support XP. If you don't want to pay for AV, then go with OS Armor and a browser extension for XP--think that will provide you with 80%-90% protection against most malware, which is pretty good. You could supplement this with occasional scans with Kaspersky's free TDSSKiller and Eset's free Online Scanner (just download them to USB--you don't need to install them).

Regards,
View user's profileSend private message
LKRSB


Joined: 30 Jan 2020
Posts: 13
Reply with quote
Question for you. So, I have adobe reader on my XP. Since installing the Clamwin and running a few scans, the reader won't work. If I try to open a PDF file, I get a screen telling me I can open it with protection mode disabled. If I try that, I get an error that says it cannot open the file. So I checked the quarantine for Clanwin and it has the following entries. Do you think those files being removed are causing me not to be able to open PDFs?

Adobe reader upd11013.msp.infected
Adobe reader upd11014.msp.infected

Also the following files are quarantined from Acrobat reader
acrobroker.exe.infected
acroext.exe.infected
acrord32.dll.infected
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4570
Location: USA
Reply with quote
Those quarantined Adobe/Reader files are probably the reason why you are having the problem. Restore them via the QRestore program located in the ClamWin program folder. You could scan them on Virus Total to be 100% sure, but I think they are probably okay.

I suggest you uninstall ClamWin after you restore those files, and use one of the AVs mentioned here at https://www.cnet.com/news/still-running-windows-xp-antivirus-products-put-to-the-test/ on the web. This article mentions other AVs that support Win XP.

Regards,
View user's profileSend private message
Email clients that store msgs in a single file
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  

  
  
 Reply to topic