I am trying to run your own excellent offline scanner alongside
the (beta) online/cloud-based ClamAV for Windows product.
There's been a glitch and I'm getting absolutely nowhere
probably because the ClamAV for Windows people don't
really know about the functionality of your own product.
You both appear to be using the same backend database.
Please would you be good enough to liaise with them to
arrange mutual compliance between the AV products?

Would you like a copy of the precipitating file?
If so to whom should I submit it?

[issue]
Every time ClamWin scans the uninstaller file of my
email client it 'causes' ClamAV for Windows to alarm
citing the perceived W32.Dropper "threat".
This is nonsense of course:
https://www.virustotal.com/analisis/69b9dd6160524e0eb44905224f5b1747dfce43243c00c11c87f5c2ec55102876-1271803859

[background]
precipitating file :: C:\utility\Agent\UNWISE.EXE
your product :: ClamWin (mature v0.96.0.1)
other product :: ClamAV for Windows (beta v1.0.26) :: https://www.immunet.com/user/new/
my workstation :: M$ Windows 7 Ultimate 64bit
my email client :: Fort?© Agent (mature v6.00/32.1186) :: https://www.forteinc.com/agent/download.php

ClamWin and Clam AV for Windows are separate projects/products and are not connected with each other. There has been no contact between the two, and, as far as I know, no contact is contemplated. If you have conflicts using both of them together, you may have to decide which one you want to use.

ClamWin scans all file types, while Clam AV for Windows presently only scans Windows executable files. I used Clam AV for Windows on my XP computer for about a day but, believe it or not, I had printer problems until I unistalled it.

You can use the Clam Sentinel front-end product to provide partial real-time protection using ClamWin. Sentinel enables ClamWin to scan files as they are placed on your computer or modified. Sentinel is set up to scan 120 file file types, and you can customize the file types yourself. The Sentinel project is at https://sourceforge.net/projects/clamsentinel/ on Source Forge.

Regards,

Thank you for your good natured honesty and easy acceptance of
my explanation of the... situation. Sensitive toes on both sides;~)

So far the two products have 'got along' save this one anomaly.
My workaround option looks like being to specifically define that
precipitating file's path in the exceptions to ClamWin's autoscan.

In due course I will investigate your Sentinel suggestion, thanks.

I have had no particular reason to need anything else but your
excellent ClamWin and dollops of good sense for many years.
Recently it is becoming increasingly obvious that the dynamics
of threat have changed ~ zero day issues, so-called drive-by
exploits and more. My personal opinion of activities launched
from 'clouds' comes with more than a little suspicion particularly
after inspecting my server's logs;~/ So ClamAV for Windows'
use of a cloud to dynamically address community attack activity
in real time (allegedly) was apropos and not a little ironic.

Looks like I shall need some lengthy confidence trials;~)

Thank you again for your considered words, cheers.

You wrote:

"I have had no particular reason to need anything else but your
excellent ClamWin and dollops of good sense for many years.
Recently it is becoming increasingly obvious that the dynamics
of threat have changed"

Yes, ClamWin is a good free product that has provided decent file protection for users who do not engage in "risky behavior" on the web. By itself, however, it is probably insufficient--when you look at the new threats on the web--poisoned web search pages, drive-by downloads, exploits in application/system software, etc.. In addition, malware is repacked/compressed very frequently now, so it can evade most AVs until they get a signature, which could take hours or a few days. That's why AVs are going to the "cloud" to speed up signature processing and reduce their window of vulnerability. This will help some, but I prefer to maintain control over my own security as much as possible.

I recommend using only one (frequently-updated) AV and pairing it with a behavior blocker. I also have my eye on BLADE (see https://www.blade-defender.org/ on the web), which is a heuristic drive-by download blocker from Georgia Tech that is undergoing testing now and should be released in a free version soon. And, as you said, dollops of good sense provides pretty good protection also.

Regards,