 |
 | Can I somehow specify "--detect-broken" in ClamWin |  |
|
russelljohnson
|
|
Online virus scans from BitDefender, Kapersky, McAfee, and Panda identified file C:\WINDOWS\SYSTEM32\TFTP4044 on my PC as a W32/Blaster.worm.a.
(Norton did not.) I tried submitting the file to the ClamWin database, but was told that it was already in the database as a "broken executable". What exactly is that? clamscan.exe successfully detected this "broken executable" when I ran it from either a batch file or the command line, when I specified (as shown in clamscan --help): --detect-broken Try to detect broken executable files as in: clamscan.exe --quiet --bell --detect-broken --recursive --database="C:\Documents and Settings\All Users\.clamwin\db" --tempdir="\ClamWin\tmp" %1 Can I somehow specify to use "--detect-broken" in my ClamWin.conf file? If so, how? The "Example config file for the Clam AV daemyes" at https://www.sosdg.org/clamav-win32/clamd.conf (and elsewhere) has the following: # With this option clamav will try to detect broken executables and mark # them as Broken.Executable # Default: no #DetectBrokenExecutables yes but apparently ClamWin.conf uses a different format. Thank you for any information you can provide. |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
broken executable is a file with damaged executable header and most likely it will not run anyway (don't try on a live system though)
clamd.conf is for clamav background service (daemon) which is not part of clamwin. I will add --detect-broken to clamwin's options (beta will be released soon) |
|||||||||||
|
|||||||||||||
|
| |
|
russelljohnson
|
|
Thank you for the clear, concise explanation of the term "broken executable".
I just looked at the parent directory of the clamd.conf file I referenced, and it looks like this particular one is for ClamAV for Win32 -- which is apparently a command-line only CygWin interface to ClamAv. Thank you for putting addition of the "--detect-broken" option into clamwin's options in your plans. I appreciate that. With that, and with the ClamWin Antivirus Glue for Firefox (https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&category=Privacy%20and%20Security&id=771), I may ultimately be able to eliminate my need for a commercial antirivus program. Thank you. |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
actually broken-executable in clamav is slightly broader then just damaged exe header. Basically any file that does not have proper PE (Portable Executable) file structure, more info here: https://win32assembly.online.fr/pe-tut1.html It can be a file that hasn't been fully downloaded or damaged in transit, etc It is unlikely that windows will execute such file |
|||||||||||||
|
|||||||||||||||
|
 | Can I somehow specify "--detect-broken" in ClamWin | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.