First time user of this software, a scan with default settings says:

----------- SCAN SUMMARY -----------
Known viruses: 3766743
Engine version: 0.98.6
Scanned directories: 41658
Scanned files: 207171
Infected files: 4
Total errors: 2
Data scanned: 54899.07 MB
Data read: 78792.34 MB (ratio 0.70:1)
Time: 25145.158 sec (419 m 5 s)

I checked the report and these are the four found:

C:\Documents and Settings\...\AppData\Local\Google\Chrome\User Data\recovery\101.3.21.141\ChromeRecovery.exe: Win.Worm.Chir-1456 FOUND
C:\Documents and Settings\...\AppData\Local\Google\Chrome\User Data\recovery\101.3.21.141\ChromeRecovery.exe: Win.Worm.Chir-1456 FOUND
C:\Users\...\AppData\Local\Google\Chrome\User Data\recovery\101.3.21.141\ChromeRecovery.exe: Win.Worm.Chir-1456 FOUND
C:\Users\...\AppData\Local\Google\Chrome\User Data\recovery\101.3.21.141\ChromeRecovery.exe: Win.Worm.Chir-1456 FOUND

I submitted two last ones to https://virusscan.jotti.org/ and clamwin is the only one of 22 to spot these files as infected. Any advice? Is that service still maintained, couldn't tell. Can I get clamwin to quarantine these specific files without redoing a complete scan?

I assume that you have the ClamWin infected file option set to Report--not to Quarantine or Remove (never use this option). If this is true, then whitelist the files that were falsely detected (Configure, Filters, Exclude Matching Filenames). Then go to the folder that contains the 2 actually infected files and rescan that folder\subfolder.

You can restore falsely detected files that have been quarantined by running the QRestore program in the ClamWin program\bin folder. Before you do, however, whitelist them per above. Clam AV furnishes the scan engine and virus signatures used by ClamWin. There is a chance that Clam AV will received a notice of a false detection from Virus Total to correct their false signature. To be sure, however, you can submit falsely-detected files to direct to Clam AV at their web site.

I hope this answers your question. Please post again if it does not. Thanks for using ClamWin!

Regards,

Thanks GuitarBob.

So basically, once Clamwin finds infected files with the "report only" setting, repeat the scan on only the subfolders found, this time with "quarantine". I saw in the Window Start menu that you can manage quarantined files via Quarantine Browser, that's cool.

But the above process is error prone because you have to find the items by searching the scan results and then you have to navigate to each path manually. Plus it is somewhat dangerous to open a folder that contains an infected file, because the various Windows options like preview etc could cause the virus to activate. Sorry if this has been asked a 100 times, but could clamwin be extended to ask user to quarantine automatically at the end of a scan?

Also, any plan on having clamwin give the user the option of making use of a service like virustotal.com (by google) or virusscan.jotti.org to provide further data on a scan's positives?

ClamWin can only quarantine at the time of an infection--if you have it set to quarantine. It is pretty easy to restore something form quarantine with the quarantine browser (QRestore.exe).

I don't believe there are any plans to enable any on-line scan like Virus Total from within ClamWin. I let ClamWin quarantine what it wants and then upload to Virus Total from there.

ClamWin has some protection from false positive quarantines in that it will not quarantine valid Microsoft system files, so your system is protected.

Regards,