On my system, Malware, Viruses, etc. are automatically quarantined. I have 4 email spools that were backed up from my Sendmail server, and have been Quarantined.

I have a scheduled daily scan. Every morning, there is a warning that a Virus was detected, review the reports. But it is referring to those 4 quarantined spool files.

It would be nice if any warnings excluded previously handled detections.

Thanks

Hello and welcome to the forums.

Alch has not updated that email notifications in a long time (I am surprised it even still works). I have never used it before so I don't know much about. When beta testing comes around, I will notify Alch of this so he can fix it. Thank you for using ClamWin.

If the spool/files are in quarantine, and ClamWin is picking them up from there during a scan, what about just whitelisting the quarantine folder from ClamWin? An alternative might be to whitelist the spool/files.

Regards,

This is something I realised a LONG time ago. I whitelisted the quarantine folder to stop it being scanned. But it still does make me wonder why scanning a quarantine folder which, by its definition contains the very infections it finds, was overlooked at the beginning. I dont know of any other AV software that makes this simple error. (Surely its a simple line of code like 'if current_scan_directory = clam_environment_quarantine_directory then skip' type of thing.)

Most of the ClamWin code comes from the Clam AV code, and the ClamWin developers try not to do anything to it other than port it over to Windows from the original Clam AV Linux code.

Regards,

ClamAV was designed to scan everything on your system, with a large number of supported extensions, and more recently, extensionless files. It was also designed to scan any filesize at any location. This is how the original (and current) ClamAV team wanted it to be. They want the user to be able to decide what they wanted best for their own systems, hence the reason why ClamAV is so highly configurable. It is not something I do not think was ever overlooked, I think it was just meant to be that way.

You can try to send this to the ClamAV team and see what they say about it, but as I said, I don't think this is a bug, otherwise, I think they would have had it fixed by now.

As I recall, .98 added some self-defense in the scan code for ClamAV and more was added in .99. This could be the reason, too.

How does one do that? What is the method to raise 'concerns'/queries with the clamAV team? (I wonder if linux users also have the same problem of needing to manually exclude their own quarantine folder).

Remember that by design, if you do a ClamWin scan of a single file, it will still be scanned even if the folder the file is in is whitelisted. Whitelisting only works when you do a multiple scan.

Regards,

ClamAV support can be found here: https://www.clamav.net/contact

I have a concern about sending this 'observation'/query to the ClamAV team because this is something that we (Clamwin users) are reporting. I do not know if the ClamAV linux product behaves in the same way and it could meet with resistance if I say "[This] happens on CLAMWIN...could you review" when they arent even responsible for that port and dont have the problem with their linux product. And of course ClamAV dont have a forum to search to see if others have encountered this. I say this because I did a quick search and found in a ClamXav forum that ClamXav, presumably based on ClamAV (and converted for Mac iOS), DOESNT scan its own quarantine folder and doesnt need it whitelisting. (But of course it could be irrelevant if ClamXav isnt a direct port). That said, it might be a direct port and behaves the same way as ClamAV, and it is only Clamwin that has this oversight of scanning the quarantine folder. (I hope you can see my thinking).

Interesting to see a quote from GuitarBob back in Fri Mar 23, 2007 7:29 pm https://forums.clamwin.com/viewtopic.php?p=4268#4268


Perhaps....but alas no. But intestestingly, Alch then replies

(9 years ago. Come on "Version 1"....hurry up. )

Will you still be doing this, Rocknrollkid? If so, I will defer to your more expert and considered involvement with Alch and leave you to do it (you'll probably get a better result).

ClamXAV was recently turned into a commercial product, so it's possible that they have re-modified some of the ClamAV engine to fit their commercial needs.

As Bob has said, Alch (led developer) doesn't do much more other then the Outlook plugin and porting ClamAV to ClamWin. I don't this is a porting issue, so you are better off checking in with ClamAV and see if they are getting this there. If not, I will notify Alch and see what he says then.

ClamAV 'Report A Bug' page says:

I cant read 'git code' and Clamwin is a thirdparty software. I conclude this as that page continues to give advice on how to submit various system variables and they use all Linux commands such as kernel core dumps and (therefore no provision for equivalent windows commands).

Until something is done by the developers,try whitelisting C:\ProgramData\.clamwin\quarantine\*.infected in ClamWin. That is probably what would be done to correct the code.

Regards,

Yes. From above: