ClamWin Free Antivirus :: View topic - Clamwin does not delete or quarntine filles

Posted: Sat Jul 21, 2007 4:59 am

I have ClamWin running on a machine with Merak Mailserver. Clamwin is configured to scan the mail directory (.TMP files) every 30 minutes and it does indeed find infected files --- at least it finds phishing infections I haven't seen any other types of viruses yet.

However regardless of the setting (remove or quarantine) all it ever does is identify the infected file and leaves it in place. So I have to go in manually and find the infected files and manually delete them. Anyone know why it will not delete the files fo rme?

Thanks

Posted: Sat Jul 21, 2007 10:04 am

examine the scan reports and paste appropriate portion here.

Posted: Sat Jul 21, 2007 2:13 pm

Scan Started Sat Jul 21 09:30:00 2007
-------------------------------------------------------------------------------

E:\Merak\mail\icci-as.com\jsteph\20070721071821524D.tmp: Email.Phishing.RB-1017 FOUND
E:\Merak\mail\icci-as.com\jsteph\20070721071821524D.tmp: Not deleting/moving mailbox
E:\Merak\mail\icci-as.com\jsteph\200707210913405421.tmp: Email.Phishing.RB-1137 FOUND
E:\Merak\mail\icci-as.com\jsteph\200707210913405421.tmp: Not deleting/moving mailbox
E:\Merak\mail\insyte.com\kitsune\200707210440504ED8.tmp: Email.Phishing.RB-1221 FOUND
E:\Merak\mail\insyte.com\kitsune\200707210440504ED8.tmp: Not deleting/moving mailbox
E:\Merak\mail\insyte.com\kitsune\20070721070902521C.tmp: Email.Phishing.RB-1221 FOUND
E:\Merak\mail\insyte.com\kitsune\20070721070902521C.tmp: Not deleting/moving mailbox
E:\Merak\mail\panam.org\www\200707210114504C99.tmp: Email.Phishing.RB-1222 FOUND
E:\Merak\mail\panam.org\www\200707210114504C99.tmp: Not deleting/moving mailbox

----------- SCAN SUMMARY -----------
Known viruses: 139531
Engine version: 0.90.2
Scanned directories: 117
Scanned files: 923
Skipped non-executable files: 0
Infected files: 5
Data scanned: 10.77 MB
Time: 50.875 sec (0 m 50 s)

Posted: Sat Jul 21, 2007 3:20 pm

clamwin by design does not remove/quarantine rfc822 files in order to preserve Thudnerbird and other email client mailboxes. You might consider running clamscan.exe command line scanner without "--keep-mbox" parameter.

Posted: Sat Jul 21, 2007 5:17 pm

I tried creating a batch file to run clamscan:

"c:\program files\clamwin\bin\clamscan.exe" -d "c:\documents and settings\all usera\.clamwin\db\daily.inc" --recursive --remove

but when I run it I get this error:

LibClamAV Error: cl_loaddbdir(): Can't get status of c:\documents and settings\all usera\.clamwin\db\daily.inc
ERROR: Input/Output error

I am trying to run this at the base of the mailbox direcoties (hence --recursive) and from what I can tell from the obscure help information the database files are located where I have indicated.

PS, Why not just give clamwin an option to remove mailboxes?

Posted: Sat Jul 21, 2007 9:36 pm

"c:\program files\clamwin\bin\clamscan.exe" -d "c:\documents and settings\all usera\.clamwin\db\daily.inc" --recursive --remove
"c:\program files\clamwin\bin\clamscan.exe" -d "c:\documents and settings\all users\.clamwin\db\daily.inc" --recursive --remove

Fixed a typo and it now works.

Thanks

Posted: Sun Jul 22, 2007 2:25 am

your are using only daily virus db you should pass the toplevel db directory

Posted: Sun Jul 22, 2007 4:25 am

You mean like this?

"c:\program files\clamwin\bin\clamscan.exe" -d "c:\documents and settings\all users\.clamwin\db" --recursive --remove

Posted: Sun Jul 22, 2007 2:31 pm