Hi, this quick guide tries to explain how to set up MSN or Live Messenger to scan incoming files with ClamWin AV automatically each time a file is received.
It's important to remember that Clam and it's windows port clamwind don't have "on access" or "realtime" scanning ability yet, therefore you have to scan the files you download. It's also good to remember that the support for some archive format is buggy or missing; after all, it's still not a 1.0 release. I assume that if you are reading this you are at least a minimum familiar with command line interface (the command prompt) in windows. I'll try to be as clear as possible anyway.
With these things in mind let's get started.
The first step is to install the latest version of ClamWin, maybe you already did, but just in case, point your browser to http://www.clamwin.com/ http://www.clamwin.com/, go for the download section and download the latest version. Install the package (you need to have administrator privileges in Windows 2000/XP to do that and to upgrade it later) and let it download the latest virii signatures.
If everything went well, you should have a new icon in you notification tray (low right on the screen) like this one:
Likewise you should have a folder inside your C: hard drive containing the clamscan.exe program and another one containing the signatures. You need to know both of them for this to work, so double click on the new icon in your tray and start ClamWin.
When ClamWin starts you will see a window pretty similar to this one containing the list of the drives in your
system. Go to the "Tools" (second from the left) menu and select Preferences (first item above). Now you are in front of the page containing all the details that will be used when you invoke ClamWin; these settings are passed to clamscan when its launched to scan a drive or a file or a directory from the context menu in Explorer.
What we need is in the "File Locations" page. This tells us where ClamScan.exe is located and where to read the virii signatures from.
Open Notepad. In the white page, paste the content of the "ClamScan Location" box. If the path contains spaces, you need to put it between quotation marks, else the command interpreter won't be able to understand and fail when we launch our script.
Now write --database= and paste the content of the "Virus Database Folder" box. Again, if there's any space wrap in quotation marks.
Ok, this is the very minimum our script needs to know to start working. Program, virus database. Now we need to tell it what to scan.
Add a %1 to the script.
Leave a space between the executable, the --database string and the %1
Save that to a folder of your choice, c:\windows or somewhere else in the system path would be a good idea. Just remember the complete path to the script.
Now let's tell Messenger to use this script. Start it and from the main windows choose the "Tools" menu, "Options" item.
Here, go to "File Transfer" and check the control "Scan Files with this Antivirus". In the box, write the script name complete with path.
There we go. Now Messenger should run this script every time a file is received. It won't do anything if it finds an infected file, though.
Now we need to choose between two options. We can quarantine the file in the hope of repairing it or we can toss it. The two options are --remove to have the program delete the file right away or --move=DIRECTORY if we want it to move the infected file to the DIRECTORY of our choice.
Add the options you prefer best and remember to create the DIRECTORY if you choose the second option.
If you happen to receive a lot of archive files, remember that the support of RAR in v0.88.4 is rather poor. You might want to download from http://www.winrar.com http://www.winrar.com the latest free decompressor (unrar) and put it in the same folder as the script (again, the execution path would be best).
Then you need to add a --unrar parameter to the script, this way if the internal decompressor can't cope with the archive, the external routine will be called to handle the file.
Here are two example scripts working for me. They're tailored for the italian version of Windows XP Pro, so some paths might differ from yours, adjust to fit your installation if you cut and paste them.
The first, very basic, uses a file in my documents folder to store the log of operations, deletes any infected file and uses a custom specified directory for temporary files.
"c:\Programmi\ClamWin\bin\clamscan.exe" --unrar --log="%userprofile%\documenti\clamscan.log" --database="C:\programmi\clammail" --remove --tempdir="%userprofile%\impostazioni locali\temp" %1 %2
|
The second does the same things but only prints out infected files in the status output and uses --recursive option to scan in subdirectories (good if an archive contains a directory structure). This is the one my messenger runs.
"c:\Programmi\ClamWin\bin\clamscan.exe" --unrar --log="%userprofile%\documenti\clamscan.log" --database="C:\programmi\clammail" --tempdir="%userprofile%\impostazioni locali\temp" --infected --recursive %1 %2
|
Here it is, hope it will be useful
Vanni
