First, all the desktops had to have Clamwin installed. Our office installs it whenever we set up a new pc. You may wish to do it automatically to existing pc's. There are other threads to cover this.

Second: Using our group policy computer startup script (which applies only to xp boxes via filtration), I have the system check for the .bat upon every boot. If it does not find it, it copies it from a share and creates a scheduled task to run it at 9:30pm every night

This is the group policy computer startup script:



line 3 above creates a scheduled task. I made RU a username on the network (created for this purpose) that would have access to a shared location because the actual clamscan.bat I made saves log info to that location.
line 3 also contains ">>C:\computerstartup.log 2>&1" which I used to troubleshoot syntax errors I had when making this. It may be useful but it isn't necessary.
line 4 copies the actual scan batch file to the root directory
line 5 grants full access on the scan batch file (clamsan1.bat) to the same username. I do this because the pc's are pretty well locked down for normal users. It may or may not be necessary for you.
lines 1 and 7 are there to skip if the others have already been done
lines 2 and 6 are there to record completion to a log file

Now for the actual scan batch file (clamscan1.bat):


lines 1,3 and 4 are for logging purposes only.
line 2 sets up a notify only scan on the c drive.
Everytime you see >>\\sharebox\Public\clamscans\%COMPUTERNAME%.txt, that is how I log the results to my share. Each text file is named by the system so I can track what's going on.

The only bad thing about this method is that the scans don't generate emails when viruses are found. I have to search the log folder for the string "infected:" to find real problems (you need the colon there). Here is an example using this method of a scan that found a test virus (I manually ran the scheduled task and limited the .bat to run on just 1 folder to save time:



I noticed just now that it didn't run the memory scan. I may tweak this time permitting to do that and automate clamwin updates and automate searching the log share for the "infected:" string to send an email whenever it gets a hit.

Update, there were 2 issues that prevented memory scans in some cases, one was not running the task as administrator, the other was having an old version of clamwin. I went to all the pc's remotely by putting in their systemname into explorer (\\systemname which makes their scheduled tasks available), changing the account the task runs as to an admin account. Using the remote install method on the reply below takes care of the old version problem.

When you get all the prerequisites in order, all you'll have to do is run a batch file and clamwin will install to all network pcs. THis is good for first time install or upgrade installs. Only tested on XP pro.

== Automated ClamWin Installation ==

* You need to have the latest clamwin installation executive in a network share location
NOTE: anytime you see "\\apvdbs03\Public\clamscans\" below, that is my network share. You need to replace that with your network share. This share need to have a zip file containing the clamwin install .exe file and install.bat (below). It also needs to have remoteinstall1.bat and a folder called installlogs
* You need to have psexec (Microsoft's PS Tools https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx ) installed on the system you run this from
* update the install.bat text with the file name of the current clamwin install executable
* you need to have 7-zip installed (you should have it anyway, it's great and it's open source)

What the batch files do:
* runs CopyFile2all.bat (must have computers.txt where run from). This puts the whatever file you choose onto the c:\ drive of all network desktops. The file you'll put on there in this case is remoteinstall.bat, which you'll have on the network share mentioned above. This batch file first pings and makes noreply.log for pc's it can't connect to.
* runs claminstall2all.bat. This file connects (by psexec) to each pc in the computers.txt list and runs the installation batch file. This is 2 parts. First, a zip file is pulled from the share to the root, unzipped by 7zip. That zip file contains the clamwin install exe file and install.bat. Install.bat first kills any running clamwin and then installs.
* The above batch files are all called by clamwin_networkinstall.bat which is the file you'll run. Each pc that is successful will send a log file to your share

Here are the batch files you'll need:

claminstall2all.bat:


CopyFile2all.bat:


clamwin_networkinstall.bat:



remoteinstall1.bat:


install.bat: