I have now in Quarantine 4 system files, winsit.exe, svidq.exe, other.exe and win.exe, how can i clean these files and put them out of the quarantine, since my PC is a Server and can not have any down time.

Serious... Are u running a free antivirus solution on a critical server? Man... get another job if your's IT!

Good luck...

Clamwin does not disinfect files it can quarantine or remove the whole file. Besides, the filenames you mentioned appear to be real viruses and not system files ( https://www.google.com/search?q=winsit.exe )

The previous answer was quite correct if you are using ClamWin in a critical environment. It is essentially beta software, and you don't want your server depending upon beta software if it's really critical to you. If you have the files in quarantine, and the server is still running, then I''m thinking they are probably not critical files to your operation--especially if you have memory scan checked.

I suggest that you do a search on Google for each file name to see what you can find out about them. Then upload each file to Jotti for an online scan at https://virusscan.jotti.org/ on the Web and see what other antivirus programs say about them. If just a few other AVs find they are infected, it's very likely a false positive. If several other AVs find an infection (especially Avast, F-Secure, NOD32, and Sophos), it's probably not a false positive but a real infection. If there is an infection and the file is not important, delete if from quarantine and your life. Even if it is infected, if your server is still running, you can probably delete the file without any problems. For false positives, you should upload each file to Clam (separately) at https://cgi.clamav.net/sendvirus.cgi on the web, and fill out the form--making sure to check the false positive button.

It's actually better to have ClamWin notify you of infections instead of quarantining them. If it found a false positive (or a real infection) in an important system file and quarantined it, you would probably lose access to the file and to your system. Now that is critical!

Regards,

I hear what folks are saying about "free" software, and that clamav is supposedly "beta" quality, but I really cannot agree. I've seen plenty of problems with commercial software as well, so any rule-of-thumb that commercial software is always better than free software is just not supportable.

To the question of ClamWin, I agree that it should always be run in reporting mode, not quarantine. And any reported infections should be dealt with manually. This holds true for *all* anti-virus software. If you allow *any* anti-virus software to automatically modify your machine, you are asking for nasty surprises either immediately, or some time later on, regardless of whether that software is free or commercial.

In my experience, the simplest and best way to handle a reported virus infection is to restore the machine to a known good state. We save the image of all installed PCs, and simply recover from that image in the case of a reported infection. In the case of your server, you can recover the specific files from backup or recovery disk, compare them to the suspect ones, and if they're different, copy old over new. And of course, if the files don't exist on your backup, then they don't belong on your machine and you should just delete them.

For this approach to be reliable, you need to update your system backup and/or recovery disks any time you install or update software on your machine. But since it's a server, it isn't being modified on a daily basis, right?

I never spend any time in getting second opinions on reported virus files. Given how we recover from a virus, a 50% maybe is no different to a 30% maybe.

In summary, we recover non-server PCs by making an image of their C drive and copying that back if an infection is reported. For servers, we make sure that system and recovery backups are up to date, so we can manually recover individual files as needed. Of course, we also have the option of recovering a server from its image (eg, over-night, or on the weekend).

Hope this is of use.

Cheers!
Nik