Yes - MBAM is a good product. I used it a lot when I was preparing signatures for Clam AV. The heuristics are great, and it enabled me to quickly locate/control a malware file when I ran it "bare" on a machine. I liked it so much that I got the Pro version after a few days. They've devoted a lot of attention to the PUA/PUP files, and that's good. It is still a niche (second opinion) product, but the size has increased quite a bit, so I would expect more (maybe a beefier real-time scan that integrates more heuristics--Clam Sentinel still detects a lot of malware that MBAM only detects with on-demand heuristics). They've also done away with the one-fee lifetime version, and I get the impression they are going for the commercial market now big-time. I'll keep a copy in my toolkit, just in case. A tech recently told me they will do an update in a few weeks.

Regards,

Out of all honesty, I have been trying to get people to help program for free. If it was a few years ago, I would have had much better luck. Now, most people have jobs, school, or just plain old don't want to do it for free. So far, I have had contact with one guy who knows programming for software. I don't know if he knows programming for AVs or if he even knows C++ or Python, yet. I haven't had any contact with him, yet, either. I am going back up to wisconsin during the summer (I am in South Carolina right now) and I will be working 3 jobs and getting pay like crazy. I will spare some money to ClamWin and even hire some professional programmers for you so we can expand ClamWin further. My skills are limited to Malware hunting and removal I do know some hacking and scripting, but other then that, programming and coding are out of my line of work.

Let me say this--don't spend your own money on an IT-type project. It is okay to donate time/suggestions, but not money--put it in savings/investment that will benefit yourself. I recently did some preliminary work with a guy trying to start a commercial AV in Poland, and he wants to spend his own money, but for an individual it's going to be a bottomless pit! After I told him that, he hasn't been in contact with me any more.

It has been estimated that Clam Sentinel at its present stage would cost about $200,000 to produce if it was commercial. That's a lot of money, and it saves even more by using ClamWin for the resident scan. The Clam AV core for ClamWin would probably cost double that $200,000 (at least), plus the cost for the GUI and the other work that have been added. So to come up with a new ClamWin from scratch would probably cost at least $600,000. That is equivalent to 6 people working full time for a year at a cheap $50/hour (maybe Indian programmers?). If you got high quality programmers, it could cost $1,000,000+. I haven't even mentioned the cost of the infrastructure to maintain/improve the AV, develop signatures and get them to the AV users. Plus there would be project administration/overhead costs. (USA money--forgive me--I'm a CPA).

Regards,

I have no issues donating a little money to ClamWin. All 3 of my jobs pay more than minimal wage ($7.25 an hour). I am not saying I would donate a lot of money to ClamWin, but I will donate something. Besides, whatever happened to $1 could make a difference?

Sure--there's nothing wrong with a small donation to help pay for admin/overhead, but keep the big money for yourself. Who knows--Windows may not be around in a few years, and there will not be as much need for an AV. I also expect there will be at least some small improvements to ClamWin within the next year. There is certainly a need for a user-oriented AV with common sense, simplicity, and intelligence built into the software--not the Cloud.

Regards,

So, for a quick scan option, I figured you can add upon the memory scan (90 to 95% malware attack ratio). You can add registry scan (40 to 50% malware attack ratios), autoruns (rouge virus and 80 to 90% malware attack ratios), and common infected extenstions, I recommend adding .exe, .dll, .sys, .cmd, .com, .cpl, .doc, .docx, .eml, .htm, .html, .inf, .js, .Lnk, .ocx, .pdf, .pif, .ppt, .rtf, .scr, .swf, .tmp, .vbs, .xls, .xlsx, .aspx, .drv, .msi, .pptx, .reg, .url, .png, .jpg, .vbe and some archive extenstions .rar, .zip, .7z, .jar, .cab. The reason why I don't recommend scanning System32/SysWOW64 or appdata is because my system32 alone is 4.12 GB and to scan that whole thing would take ~40minutes which, on traditional scanners would be a whole quick scan worth. My SysWOW64 is 1.38GB thats another ~15minutes added and my appdata is 950MB which is another ~5min to the scan which would make a totally of around an hour just to scan all 3 of those plus the time it would take to scan all autoruns, the memory, the registry, and the common virus extenstions which in my estimate, would take an hour and 30minuts to 2 hours just for a quick scan, which the term "quick" wouldn't apply here. Doing it this way would also be the easiest way to build a quick scan option.

An advantage of using another AV alongside ClamWin/Clam Sentinel is that you can greatly reduce the scan extensions--let the other AV do the heavy lifting, and use ClamWin the way the developers intended (the current version anyway)--as a backup scanner only.

Along this same line, if you just scan for 2 extensions--.dll and .exe, you will find 80% of malware! If malware does get on your machine, then it starts to using some of the other extensions, but if you keep the original downloader/dropper off, you are okay.

Additionally, if you just scan these folders only, you can find lots of malware: memory, startup, system32 drivers, and sysWOW drivers.

You could do away with all zipped/archive formats. A file is not malicious until it is unzipped--unless it is self-executing, of which they used to have some, but I never saw one self-unzipping file in 5 years of sigmaking with Clam AV. I don't think the present generation of malware writers are capable of self-unzipping a file!

Re Clam Sentinel: The system monitor scans for extensions that malware is most likely to use. This does not take much time--it will quarantine 30 malware files as they are unzipped in about 10 seconds. What takes up time is the ClamWin scan done by Clam Sentinel after the system monitor scan. If you would like a way to disable the ClamWin scan done by Clam Sentinel, let me know. I think you will not lose any protection if you do this--the ClamWin signatures are too little/too late and with no heuristics at all.

Regards,

What I am mainly saying is that scanning the System32 and the SysWOW would take too long for a quick scan, especially on a system like mine. Scanning the registry, memory, autoruns and a few extenstions would be good enough. Some DLL files can reach to GBs worth as well. You need to note that timing is also something important in every AV, esp one like ClamWin, which only uses a manual scan and not a real-time protection, like other AVs.

So today I did another scan, limits are set to 200MB file, 200MB archive size, 99999999 Files, and 999 sub_archives. I started the scan at around 3:30PM and then I had to go somewhere. When I got back at around 8:40PM, the scan was still going. It looked like it was only half way done, too. I don't understand the limits don't seem to be affecting the scan speeds at all.

Those are very large limits, RRK, and I think most files would probably be under the limit, so most files would be scanned. Most malware is found in files that are less than 1 MB (an exception might be file-infecting malware, but I don't see that very often). I have my limits set to 30 MB for files, and 30 for everything else (archive size, archive files, and sub-archives). I only have ClamWin scan the %appdata% folder and memory.

I really think you could set a 20 MB file limit and still not have to worry about missing malware.

Regards,

Switched all the values to 20 on all of them. Scan took 3 hours to complete. I guess it's just because my system is so big so it takes awhile.

It must be due to the size. I would just scan %appdata%/Documents & Settings with memory and System 32 and let Clam Sentinel protect the other folders with real-time--maybe do a complete scan weekly.

At the moment, it looks to me like the smart virus writers are concentrating upon businesses/organizations and smart phones and have backed off just a little on attacking personal computers. Of course you still have Zeus, etc., and the phishers, but I think the AVs are going a pretty good job of protecting PCs and have made it tougher so that the field is being left to the smart/connected/organized criminal elements. I noticed that even Security Essentials/Windows Defender signatures are available to be updated more often but are not being pushed out unless manually updated.

Regards,

So I have a question, more like about ClamAV though. Why does ClamAV, a Linux anti-virus, invest most of their time hunting down Windows viruses and not UNIX viruses?

It's used for email scanning on mail gateways in order to help protect the Windows machines that are sending/receiving the mail . Windows machines need the most help...lol

To catch today's frequently changed, targeted viruses, Clam AV needs more than signatures. It needs heuristics (at least), and it needs more signatures more often. It does not provide adequate support now.

Regards,