|
meridius10
| Joined: 11 Feb 2011 |
| Posts: 0 |
|
|
|
 Posted: Fri Feb 11, 2011 1:08 pm |
|
 |
 |
|
|
I have set up ClamWin so it moves infected files to quarantine. Is it safe to delete the following from quarantine?:
A011320.bat.infected
hosts.bat.infected
I was also wondering if there is a list somewhere that provides a lookup of quarantine files that are safe to delete.
Thanks
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Feb 11, 2011 1:26 pm |
|
|
|
|
|
There is no such "safe" list. I suggest visiting the Virus Total or Jotti sites on the web to upload a file there to see what multiple AV programs (including our Clam AV scan engine) say about the file. If 10 or more AVs say it is infected, it is probably true, and you can delete it from quarantine. If less than 10, I look for at least 2 of these AVs to verify an infection: AntiVir (Avira), Avast (Alwil), Bitdefender, NOD32, and Sophos.
ClamWin users of Vista/Windows 7 are protected from deletion of important Windows files--ClamWin will not quarantine them.
Regards,
|
|
|
|
meridius10
| Joined: 11 Feb 2011 |
| Posts: 0 |
|
|
|
| Posted: Fri Feb 11, 2011 4:26 pm |
|
|
|
|
|
I'm wondering if the files I mentioned earlier are system files? If a system file is corrupted, surely it would be dangerous to delete it.
If a file remains in quarantine, I am guessing it's unable to corrupt the rest of the operating system and can safely remain there?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Feb 11, 2011 10:15 pm |
|
|
|
|
|
Yes, it is safe to let an infected file remain in quarantine.
Those .bat (batch) files do not look like system files, and if your system is running ok/everything works, then it is safe to delete them. As I said, you can always upload a file to Jotti or Virus total online and see what other AVs say about them. Important Microsoft system files are usually digitally signed, and ClamWin will not quarantine something like that--you will get a message about a false positive with a suggestion that you should submit the false positive file to Clam AV so they can change the signature.
The new version of ClamWin, Version .97 now being tested, has a restore from quarantine function that is nice. It will also be able to identify malware that has a false Windows digital signature, which is becoming common now.
Regards,
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat Feb 12, 2011 1:38 pm |
|
|
|
|
|
Full protection against quarantine for Windows files digitally-signed by Microsoft is only available to Vista and Windows 7 users, I might add.
Regards,
|
|
|
