Currently, our server has the following roles:

Domain Controller
DNS
DHCP
Terminal Services
File Server
Routing and Remote Access

It also runs a secure Openvpn server configuration and has 2 databases running in sql server express 2005 edition.

The server is a xeon quad core, with raid 5 configuration, and 8 gb's of ram

After several phone calls with several corporate antivirus companies, I have decided to give ClamWin a spin.

My only problem is correctly adding files and extensions to the exclusions tab in ClamWin.

The following 2 articles seem to address my concerns:

https://support.microsoft.com/kb/822158

https://support.microsoft.com/kb/309422

But I do not understand how I should type these exclusions in the exclusions tab of ClamWin. I know how to make a new entry and noticed that the default exclusions all start with an asterick. Not sure what it means, but should I for example type the following to exclude my sql databases: *.mdf *.ldf *.ndf

Also, should I just copy and paste the full file paths provided in the articles into the ClamWin Exclusions tab?

Another thought, is that the ClamWin will be scheduled to scan at say......midnight. No one will be using the server at this time and most of the accounts have restricted logon times.

What are the chances that my server will god forbid....bsod or stop working if I do not put these extensions and files in the exclusions tab?

Any advice would be appreciated.

I have no experience with using ClamWin in a server environment, but I'll give this a whirl.

First of all, ClamWin is primarily designed for use in a one desktop computer, but it is used in server environments.

If you set up a custom set of extensions to scan, instead of scanning all extensions, you may not have to do as much excluding--just do not include the extensions you do not want to scan in your extension set. If yu want to exclude entire folders, exclude the full file path and use a slash to make it include all sub-folders--like this: C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\*. (no period--that's just the end of my sentence). If you only want to exclude certain extensions in certain folders, insert the *.extension: like this: C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\*.mdb. (no period--that's just the end of my sentence).

An advantage of using a custom set of extensions to scan is reduced scan time, but that will not matter much if you scan at midnight when the computer is not active.

I do not think you will have any problems if you do not put some extensions and files in the exclusions tab; however, as I said, if you use a custom set of extensions to scan and do not include extensions mdf, ldf, and ndf, they will not be scanned anyway.

One caveat: when you scan a single Windows file with ClamWin from the right context menu of the mouse, ClamWin will scan the file without considering the custom set of extensions to scan. It does consider custom extensions to scan when scanning a folder.

Welcome to ClamWin--I hope it meets your expectations. Please give us your feedback.

Regards,

Thank you for your response. It has helped me figure out what to type. I think I will test this ClamWin on a test server first with the exclusions that I think I would need and see how it functions.

Good idea to test first.

By the way, Clam Sentinel is a separate project from ClamWin that lets you use ClamWin as a resident scanner when files are added, modified, or copied to a computer. Clam Sentinel also has its own heuristic scanner to detect malware for which there is no ClamWin signature. Clam Sentinel is also free/open source and is available at https://sourceforge.net/projects/clamsentinel/ on the web. Like ClamWin, it does not have any overt support for networked environments--it is primarily intended for use on single Windows computers, but it does support multiple users on a single PC. I think the Sentinel heuristics are much better than you would expect for a free, open source AV product, although you will get some false positives on "sloppy" DLLs and installers. Sentinel scans for about 130 extensions with ClamWin--regardless of what extensions you have set up for ClamWin to scan. In fact, since Sentinel has those 130 extensions, I just use a few ClamWin extensions for my daily ClamWin scan (class, dll, eml, exe, htm/html, js, pdf, scr, swf, tmp, and zip). Sentinel scans a file first with its heuistic scanner and then it scans with ClamWin using those 130 extensions. ClamWin just provides a "safety net" with its daily scan.

Regards,

https://postimg.org/image/hzx5c7uuh/

please help me understand the syntax... please see pic because if I paste stuff here it truncates special characters...

thanks!

Check out Configuration in ClamWin's Help menu option. Look for the information about Filters.

Always refer to Help for information about a program if it is available. You can learn a lot.

Thanks for using ClamWin. It is free and open source, but it does not have a real-time scanner, so you should only use it as a backup to a real-time AV.
I do not recommend ClamWin as an antivirus for a commercial business. Recall that Target was hacked because one of its contractors was using the free version of Malwarebytes, which did not scan in real-time.

Regards,

Guitar Bob,

I have pasted the instructions from the help file under filters because it is very unclear to me. your answer is really not helpful at all, since the question refers to the help file.

thanks

OK:

Exclude one file everywhere - clamscan.exe

Exclude One file in one folder - C:\Program Files (x86)\ClamWin\bin\clamscan.exe

Exclude an entire folder - C:\Program Files (x86)\ClamWin\bin\*

ClamWin is supposed to accept wild cards (*, ??), but I suggest you just use it like I have shown--to indicate all files in a folder.

It is best to use the full folder description for a file--otherwise, there could be a malware that calls itself by the filename (say clamscan.exe), so the full folder description will stop that.

You might want to look at the Clam Sentinel project, which adds a real-time capability to ClamWin when files are added/modified/copied, but it does not offer true on-access protection. Clam Sentinel is free, open source like ClamWin. Their site is https://sourceforge.net/projects/clamsentinel/ on the web.

Regards,