I have 3 antivirus programs loaded on a secretaries system at work. Avast Free Ver., ClamWin and AVG Free Ver.. This morning Avast popped up a window stating that it has found a worm LOVELETTER, and naming the file location. The log states the following:

13/06/2006 08:50:29 AM SYSTEM Sign of "VBS:LoveLetter" has been found in "C:\docume~1\secret~1\locals~1\temp\clamav-c7397cbe8fd8e3c8\script.html" file.

14/06/2006 09:13:38 AM Seretary Sign of "VBS:LoveLetter" has been found in "C:\docume~1\secret~1\locals~1\temp\clamav-71123026b98965e4\script.html" file.

Can someone explain why a virus/worm would be in a ClamWin file? Should I worry? Should I allow Avast to transfer file to its vault? Should I delete the file?

Why do you use multiple AV-products at once? I hope you atleast have disabled their on-access protection.

You should not register more than one listener on a system event only intended for one listener.

EDIT: To answer your question, no, I don't think you need to worry. I think you should worry about that you use multiple AV-products instead.

you can use clamwin together with another AV product, as clamwin doesn't have a on-access scanner so there will be little conflict. You may disable on-access scan in the other AV product when you are doing a clamwin scan, because another AV is likely to block access to an infected file. However this is not mandatory as the goal would have been reached anyway - a virus-infected file detected.

The infected file found by AVG in the TEMP dir was most likely a result of an error in the .chm file (compressed html help) unpacking in the clamwin where a /html file was left behind. Nothing to worry really. We will do better TEMP dir cleanup in V1.

Yes, but Avast and AVG should not be used together. Atleast not with their on-access scanning feature on. Just to make it clear to Toaster.

I didn't notice there were 3 . It would be a problem if 2 on-access filters are activated, however if one is disabled it is okay.

Thanks to all for their response and support.

"The infected file found in the TEMP dir was most likely a result of an error in the .chm file (compressed html help) unpacking in the clamwin where a /html file was left behind. Nothing to worry really. We will do better TEMP dir cleanup in V1."

Wheeeew!!

With reference to me having two other AV running, I really haven't noticed too much of a problem, but I'm no techie. The most I have seen is the system hang up once in a green moon, and I concluded that it must have been the two AVs. In my non technical mind I thought that running at least two AVs (with ClamWin) would be better and the occassional glitch was worth the added protection. Am I wrong? Is it that risky to the system to run two AVs (and ClamWin)? What should I do? Uninstall one? What is on-access scanning and how do I disable it? Should I disable it in Avast or AVG or both? Please respond in layman's terms.

Thanks again for the support.

Toaster

Hi,

On-Access scanning or Realtime scanning means that everytime you open a file (execute a program or open a document), that file is scanned by the AV. This is done using a special system driver that traps the event of opening a file. If this event is trapped by 2 drivers, there could be interference.

What you should do is look at the settings of Avast and AVG, and disable on-access scanning in one of them (doesn't really matter which). On-Access scanning is often enabled by a setting like "Auto-Protect" or such (don't know the specific terms for Avast or AVG).

budtse

Well, since ClamWin is only operative upon demand and isn't resident, has no hueristics, no intrusion detection, isn't allied with a firewall, is very slow in scanning an entire hard drive, is resource intensive for those of use with older systems, and is still in development, I can certainly understand why someone would run another antivirus program alongside it. I'm willing to give it a year or so, but there's some very good antivirus software already out there with a steady, ongoing process of development.

Regards,

Still getting Avast popping up warning about Loveletter. No one really answered what I should do. Delete the file, ignore it, smile at it as it greets me in the morning as I reach work?

On the matter of the multiple AV programs, I have taken the expert advise and I have disabled the on-access scanning by AVG. Thinking of deleting AVG and Avast! for AntiVir which I saw got very good reviews and I have been using on my DELL laptop since the Norton expired.

Anyone had experience with AntiVir?

Anyone found that their system ran really slow with Avast!.

Regards

Antivir is good. You can delete those files found by clamwin - they are temporary files left over after extracting an archive. Generally you can safely delete files in TEMP folder

Thanks for the reply. Much appreciated.

i am new here and i to have multiple av progrmas i took the advice and disabled avg free and noly have avast runing on when my computer starts so woould that be a problem if i have other av programs

You can have any othe AV together with clamwin - it's won't conflict because clamwin does not have on-access scanning yet. However it is advisable to susopend on-access scanning in your other AV if you are doing a full disk scan with clamwin. This way the files won't be checkled twice and may result in faster scannning speed.

so like if u had 4 av progrmas and only had 1 on real time scanning would that be fine and wouldn't it slow your computer.

that would be ok