Hi,
as it seems, that a long awaited file-system real-time scanning will not be released in near fulure, I will like to ask if some of the following can be done in shorter time:

1. automaticaly detect USB mass-storage device and scan-it ... to avoid infection using autorun feature /autorun.inf/
2. scan POP3 traffic between mail client and mail server /without setting some proxy/
3. scan HTTP traffic between browser and internet

TIA
-Laco.

You might be interested in using for the moment Winpooch as an on-access, resident scanner foe ClamWin and ClamAV. It's available at Majorgeeks and is GPL, and if you search Wilders Security forums, you shall find a variety of filtersets and rulesets to make very good use of Winpooch as a means of realtime protection.

I hope that this helps.
Dave

Those capabilities are just about standard now for a commercial AV and would certainly be good for ClamWin to have as well. Unfortunately, I don't think there is time/personnel/budget for them. ClamWin depends upon the Clam AV code, and Clam is now almost to a point where ClamWin is unable to benefit fully from what Clam is developing. As for real-time scanning, I haven't heard what has resulted from an offer by a guy in New Zealand to work on the real-time scanner. Perhaps Alch will update us when he returns from a trip to England in a few weeks.

I've tried Winpooch, but I had problems with it, and I don't believe it has a steady development program either. Ditto for Moon Secure AV anything else I've seen in the free AV field. Check out a program called Autorun Eater, however from Old McDonald Farm. I've been using it to tell when a virus drops something in a USB drive, and it works quite well, but it doesn't permanenely remove the persistent ones.

Regards,

[quote="GuitarBob"]Those capabilities are just about standard now for a commercial AV and would certainly be good for ClamWin to have as well.

Some AVs that claim to have web protection scan port 80. That would seem to be easier than scanning everything placed on your computer. If you look at some of the old posts, I suggested something like this a year or so ago--using the memory scanning routine as a starting model, since that already works. Unfortunately, nothing came of it.

Until/unless further progress is made in real-time scanning, I would not recommend using ClamWin as your only scanner (especially in a business situation). The framework for ClamWin version 1.0 has been around for well over a year now, and real-time scanning (using a min-filter driver) is the big obstacle.

Regards,

Hello,

As far as I know Winpooch is not currently developed. I tested it some time ago with my machine was slowed down quite a lot. I currently use Clamwin as backup scanner and have integrated it with Threatfire. This is not replacing the on access feature of an AV but at least should prevent risk from usb infected drives.
Firefox 3 is designed to integrate with installed AV tool, so downloaded files are being scanned once they are on your machine.
Unfortunately for mail client I have no options (unless you are using MS Outlook and enable the integration of Clamwin); I generally use webmail so any attachment which is opened is treated like a downloaded file.

Hope this helps,

Antonio

As far as I known, FF3 on WINDOWS can use only AV, which is registered in Security Center. So we cann't use ClamWin, can we ?
-Laco.

Yes unfortunately. The main problem is perphas no free time for developing such functionality or few developers contributing to ClamWin.

If Microsoft in second half of year 2009 releases free anti-malware solution, as promised and IF it will be a good product, then I expect, that it may be dead of ClamWin as desktop antivirus for Windows.

-Laco.

My concern with the Microsoft solutions is: How many more gigs of ram shall be necessary for each MS solution? We'll soon need extra PC housings to mount the RAM alone. Fortunately, Winpooch is working well for me, but sadly not for many.

Dave

Hello Laco,

'As far as I known, FF3 on WINDOWS can use only AV, which is registered in Security Center. So we cann't use ClamWin, can we ? '

As far as I know Clamwin is not recognised by Windows Security Center but Threatfire is for sure (just have to tick the appropriate box). If i remember well there was a script which a clamwin user found on the web which could do this task but I remember it was running only with XP (maybe Bob has still some reference about this...). There is a FF add on for clamwin on Firefox site but working with older versions.
Threatfire usually works in background; I find it makes a good pair with Clamwin; not heavy on resources and fast when manual scan are launched. In my opinion this is worth a try; it is my current configuration on both Win machines (along with antispy and firewall).
Regards,
Antonio

Microsoft (M$) is supposedly tailoring their free Moro AV to underveloped countries, where they generally need software that is less resource intensive than some of the stuff like Norton/McAfee, et al. It should be worth looking into because they have hired some good people away from the other AV companies over the last couple of years. I suspect it will be rather basic--with coverage for viruses, spyware, and rootkits but not offering much in the way of protection while surfing except for the real-time file protection. Moro will be the bastard child that gets the crumbs from Microsoft's security efforts they will still market to business.

The Security Center fix for ClamWin is just a hack to make the Security Center quiet about ClamWin. It's not fully integrated into Security Center (no update/inoperative warnings). It does work--I tested it, but I dropped it until an "official" ClamWin fix is ready (no time soon). You can get it at: https://remstate.com/2008/06/09/integrating-clamwin-with-the-windows-securitycenter/ on the web.

Regards,

GuitarBob, your Security Center info is making MANY very, very happy!

Yrs,
Dave

Just remember that it is a trick on Windows and not an "official" integration with Security Center. If at some point you want to remove it, these instructions will help (maybe set a Restore Point first, but I've used them several times):

1. Click Start > Run and type: 'services.msc' (no quotes)
2. Find 'Windows Management Instrumentation Service' and Stop it.
3. Go to folder location c:\Windows\System32\wbem and delete the 'Repository' folder
4. Restart computer - It will reset and pick up "official" Security Center integration info from security software

Regards,

Hello Guys,

I am using clam as the only antivirus protection in the following way:

1. Addon Clamdrib for Thunderbird and clamav. Read the latest post on the Mozilla addon pages how to install it under windows. Then you have email protection.

2. Spyware Terminator with the latest clamav server 0.94.2 for realtime and spyware protection. I would prefer an open source realtime protection, but there isn't one yet.

3. Clamwin as on demand scanner.

This is my whole and all in one package.

Regards

freefighter

That's a pretty good setup. You might want to include a behavior blocker as well. I like WinPatrol. It is the original behavior blocker (primarily an informative registry scanner). It's very small and unobtrusive and informs you when files are installed to autostart. It also looks at hidden files. and makes other useful information available--active files, services, scheduled tasks, cookies, browser helper objects, and active x items. There is a paid real-time version, but the free version scans on a schedule you can set, starting at one minute on up.

PC Tools also has Threatfire, whch is a good behavior blocker. It is actually more complete than WinPatrol. I don't use it, however, because it is hard to get rid of all its traces when you delete/remove it. It also comes with an on-demand version of PC Tools' Antivirus, which makes it a bit bloated, and Clam/ClamWin have a better/more frequently updated signature database.

Regards,