Winclam detects conficker...Sometimes.

The work is setting special permissions anyone can execute the file but can not read or write to it. If I scan with winclam the file is also hidden and winclam never scans it. If I cacls it and change attributes it finds it but that is too late and the machines on the lan are infected.

I hope you are not using ClamWin as your primary antivirus on a network. It is best used as a "backup" antivirus to a real-time scanner with more capability. It is strictly an on-demand file scanner.

Yes, they have improved Conficker (a. k. a. Downadup). It has some self-protection features now. You might try scanning in Windows Safe Mode--sometimes it enables you to see files that are hidden--it depends upon how well the malware program is written. I've had good luck with MalwareBytes' Antimalware scanner, which has some antirootkit capability, and it comes in a free on-demand scanning version in addition to the real-time paid version. Dr. Web's Cureit also does a pretty good job--especially at cleaning malware, but they are too small to get a signature for every virus that comes out every day.

Of course, Clam/ClamWin can only detect malware if it has a signature for that malware in its signature database, so it is very important for users to submit any malware to Clam AV if Clam AV or ClamWin do not detect it. Some malware is changed daily (or even more often) to get by the AV scanners. The AVs need more generic signatures, but it takes special training and more time to develop them, so they wind up just getting daily signatures.

Regards,