 |
 | First time user |  |
|
jennheather
| Joined: 31 May 2009 |
| Posts: 0 |
|
|
|
 Posted: Sun May 31, 2009 11:32 pm |
|
 |
 |
|
|
I just finished my first scan with clamwin. It found on infected file, a trojan. Is it automatically quarantined? Do I need to save it? Thanks
|
|
|
 |
| | |
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Jun 01, 2009 1:25 am |
|
|
|
|
|
Welcome to ClamWin!
ClamWin comes with some default options that are generally okay for the average user. The default option for Infected Files is Report Only, which just reports infections to you in the scan report. You can change it to Quarantine or to Remove (use carefully). You can change by clicking on the ClamWin icon in your system tray and selecting Configure ClamWin. Thsi opion is under the General tab.
I keep my infected files option set at Report Only, and here's why. Once in a while you get a false positive detection, which means that a file looks to ClamWin like it is infected with a virus but it's not really infected. If the file is a Windows system file, and you either quarantine it or remove it, you will lose access to your program or to Windows--it happened to me, and it took a few days to restore things. If it is a false positive in a program file, you will have to reinstall the program and hope you can access the data files again.
When I get an infection notice, I upload the file to Jotti at https://virusscan.jotti.org/en on the web or to VirusTotal at https://www.virustotal.com/ on the web. Either service will give you a free scan with multiple antivirus programs--including Clam. If several other antivirus programs besides Clam find a file is infected, it probably is. I like to see at least 5 AVs finding an infection. If there is a real infection, you can manually remove it from your computer or change the Infected Files option to Quarantine or Remove, rescan, and ClamWin will take care of it.
If the file turns out to be a false positive, you should upload it to Clam AV, starting at https://www.clamav.net/sendvirus/ on the web. When you get to the submission page, check the false positive block, tell them the name of the false positive, and tell why you believe it is a fase positive. Clam will change the signature for Clam and ClamWin.
Regards,
|
|
|
|
| | |
|
jennheather
| Joined: 31 May 2009 |
| Posts: 0 |
|
|
|
| Posted: Mon Jun 01, 2009 2:26 am |
|
|
|
|
|
Thanks for the information. I will follow this advice. Best regards, Tim
| GuitarBob wrote: |
Welcome to ClamWin!
ClamWin comes with some default options that are generally okay for the average user. The default option for Infected Files is Report Only, which just reports infections to you in the scan report. You can change it to Quarantine or to Remove (use carefully). You can change by clicking on the ClamWin icon in your system tray and selecting Configure ClamWin. Thsi opion is under the General tab.
I keep my infected files option set at Report Only, and here's why. Once in a while you get a false positive detection, which means that a file looks to ClamWin like it is infected with a virus but it's not really infected. If the file is a Windows system file, and you either quarantine it or remove it, you will lose access to your program or to Windows--it happened to me, and it took a few days to restore things. If it is a false positive in a program file, you will have to reinstall the program and hope you can access the data files again.
When I get an infection notice, I upload the file to Jotti at https://virusscan.jotti.org/en on the web or to VirusTotal at https://www.virustotal.com/ on the web. Either service will give you a free scan with multiple antivirus programs--including Clam. If several other antivirus programs besides Clam find a file is infected, it probably is. I like to see at least 5 AVs finding an infection. If there is a real infection, you can manually remove it from your computer or change the Infected Files option to Quarantine or Remove, rescan, and ClamWin will take care of it.
If the file turns out to be a false positive, you should upload it to Clam AV, starting at https://www.clamav.net/sendvirus/ on the web. When you get to the submission page, check the false positive block, tell them the name of the false positive, and tell why you believe it is a fase positive. Clam will change the signature for Clam and ClamWin.
Regards, |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
| |
