We use ClamWin Free 0.94.1 on a W2K3 server for virus scanning DeskNow messaging and collaboration files. Files are scanned using the command line:
C:\Program Files\ClamWin\bin\clamscan --database=C:\ClamWin\.clamwin\db %FILE%

DeskNow checks for a single virus scanning success result code of 0 (zero) and treats any other result code as an infection. The result code can be changed, but only a single value can be configured.

This all works fine, apart from the scanning of message files containing legitimate attachments (e.g. Word, Excel etc.) with Polish, Cyrillic characters. This is a real problem for us, as we have around 100 Polish users on our system, in addition to our British users.

Is there some way of configuring ClamWin to trust attachments with Polish, as well as English character sets?

ClamWin uses the scanning engine and virus signature database maintained by Clam AV. You can tell Clam about false positives at https://cgi.clamav.net/sendvirus.cgi on the Web. Fill out the form, be sure to check the false positive block, and tell them the name of the false positive virus. Upload a copy of the file in question. If you get the same false positive on several different files, one file upload should be sufficient.

This is also where you can upload copies of files containing virues that ClamWin doesn't yet find.

Regards,

Thanks GuitarBob,

I'll try that. My only concern is that any attachment containing any Cyrillic characters seems to generate a false positive, so a sample file won't contain a specific pattern, which could be used to identify a false positive. Still, I'll post it and see what happens.


Cheers

Well, if Cryllic generates one specific virus that is false positive, they can fix it--either drop the signature or change it.

If there are different false positives involved, send the files involved one at a time to Clam with false positive information. If you are going to send more than two files in one day, however, contact Luca Gibelli for instructions.

Regards,