Hi,

I ran ClamWin to scan my hard disk and found that ClamWin was not scanning anything and just aborting the scan with a "Scan Completed message". I checked the Comspec environment variable and there was nothing wrong with it.

Dejected, I downloaded Avast AV that was suggested in thesimpledollar.com and found that ClamWin along with the host of other utilities like freshclam were infected by the Win32 PassMail-A virus.

I looked for an analysis on this virus and found one on the sophos site. It reported that it was a simple virus that would occasionally steal passwords and mail it to a predefined email address.

I would like to contribute to ClamWin in making it a better antivirus software.

Further, Avast did a boot phase scanning and eliminated the PassMail-A virus without a trace.
The very fact that there is a lot of scope for improvement in ClamWin must motivate all of us.

Where did you get the ClamWin setup file? You are better off downloading it from the official ClamWin Web page on Source Forge. The signature files are probably okay--they are signed by the ClamAV team and verified by a process.

If you follow good security procedures, you should scan the Clamwin setup file after you download it and before you install it. Because Clamwin is a nonresident scanner, you should be using a resident scanner that is updated frequently, which will hopefully catch much of the malware you are likely to encounter. I've scanned ClamWin setup files with NOD32 for the last three or four months and haven't found any malware in them--including versions .90, .90.1, .90.1.1, and .90.2.

The developers are planning on "hardening" ClamWin. I saw a mention on the Wiki about using interns on this comming Summer of Code (sponsored by Google) to develop "hardening" code. It won't be easy to do so for an Open Source software, but they can probably come up with something.

Regards,

well... I wouldn't give such a bold title to this thread. It is like any other software vulnerable to virus infection if a user does not follow good security practices: if you download it to a infected computer - it will become infected as well.

I do agree with you. I should not have given such a bold title. Most of the applications on my computer were infected by the PassMail virus. But how couldn't the virus infect the other applications like Microsoft Visual Studio or Microsoft Office Suite.

Many viruses are set up to avoid files with certain extensions--probably to stay "under the radar" and increase their productive life. Microsoft products are frequently used and have high visiblilty.

You could help ClamAV/ClamWin by sending a copy of the little critter to the Clam virus submission page in case they don't have a signature. If you upload it to VirusTotal, they will send a copy to Clam if it doesn't spot it.

Regards,

It depends on the virus itself. It could be checking for files of a certain size, or some other criteria that those did not meet. Perhaps it does not infect files that are in a folder name that contains "Microsoft."