Next time, MAYBE, you should test the database updates with the current stable versions before release them..., just a simple suggestion.

Virus database updates are done by ClamAV team (AV engine for Unix) and their stable version was one above ours.

This is the first time it happened that we were behind in updating the ClamAV engine in ClamWin due to some bug fixing in clamwin code and it had to be subjected to Murphy's law...

That false positive has also been dropped from the Clam signature database as an accomodation to ClamWin.

Regards,

A word to the wise; if you have Clam Sentinel installed, do un-install it before doing the upgrade from 0.96.2 to 0.96.4, it will save you a lot of aggravation as, for some reason, the upgrading procedure corrupts ClamWin and Clam Sentinel. Once the upgrade done, you can re-install Clam Sentinel.

Now, if I could only follow my own advices!

Hi alch,
as seen on
https://forums.clamwin.com/viewtopic.php?t=3094 and
https://forums.clamwin.com/viewtopic.php?t=3091&postdays=0&postorder=asc&start=15
you have troubles with the last database - me too.

In my case I lost 2.600 files - and most of them are system-files...

As to see in the last log there is nothing logged - the last entry was made after I reinstalled the newest version, means, there were proofed two files detected by clamwin but no result after new proof...

Please be so kind to give us a batch to recover the files - we need it really urgent (as any other here...).

You all seem pretty lucky so far, I've had 7610 infected files.. And again, most of those were Windows Server 2003 files, and SQL Server files, and even ClamWin files.

To make it worse all our server that were affected are in a datacentre, and all remote access such as RDP of course is missing their DLL files too.


Come on ClamGuys, Such a school boy mistake... The first thing my server will allow me to do, will be to uninstall ClamWin.

Some how I'm starting to think that I would have RATHER been hit by a virus....

The batch file is no good if there is no log

There is still a chance it would be in your TEMP folder. It should start with tmp and look like this:

C:\Documents and Settings\user\Local Settings\Temp\tmp0bx8st on XP
or
C:\Users\alex\AppData\Local\Temp\tmp0bx8st on Vista/7


Let me know if you manage to find useful log files, then we can restore the quarantined files.

It's one of those unfortunate accidents - the database updates are done by another team (ClamAV) and they test the database for false positives on the current version, which was one ahead of clamwin as we had issues with porting the code. So the database update works fine on 0.96.4 but yielded a lot of false positives on 0.96.2

We reacted as soon as we found out about the problem and ClamAV team dropped the signature but it was unfortunately too late for some. I know it is providing little comfort, but that's the story.

But this nodb-version also has no recovery-function - or?

Is it so heavy to read the original path from the *.infected-files? In this case a batch could recover all our files to the right path back...

the path is stored in the log file - see above

there is definitely no logfile - clamwin didn't write one...

What alerted me to the issue, was the 1.7Meg report.txt I had emailed to me this morning.

Is that the log file you're talking about? If anybody wants it I can upload it somewhere.

alch: Thanks for your reply, Long live ClamWin!, and Booo to the ClamAV guys for not thinking of their Microsoft buddies.

But this wouldn't pass to others deleted files...

Hold on to that report file, I am writing an app that will restore the quarantined files based on the report/log file. If you zip email the log to me to clamwin at clamwin.com, I'll be able to test the app with your file and email you back the app when it is ready (a few hours).

It's not quite like that. It is just an unfortunate coincidence that clamwin was one point release behind due to code-porting issues when that happened. No clamav team's fault really.