I have a server running server 2003. I have installed the clam antivirus and sentinel program. The server has no keyboard or monitor hooked up to it due to space limitations. Due to this, I am unable to login to the console, but can do so with remote administration with terminal services. Is the server protected with the "real time" sentinel program even though the machine is not logged in?
When I log in with terminal services, the sentinel program pops up in the lower right corner.
Thanks for the information.

Since this is the ClamWin forum, and Clam Sentinel is another project, for a definitive answer, you need to visit the Clam Sentinel web site. However, in my opinion, if Clam Sentinel was installed on the server, and there is some sort of a Windows OS on the server, then it is protected by Clam Sentinel. If there is no OS on the server, it is not protected--unless Clam Sentinel was installed elsewhere under an OS that the server runs under. I understand that network support was added with Clam Sentinel version 1.21.

I hope this helps.

Regards,

Thanks for the information. Do you know if a way i can test the Clam software to see if its actually working as designed? i know another AV vendor suggested downloading a file that was not a virus, but had the code of one and the software was supposed to quarantine it. if the software quarantined the file (it was harmless), you knew the program was working properly.

That would be EICAR:
https://www.eicar.org/86-0-Intended-use.html

Clam Sentinel scans for suspicious files and also uses the ClamWin virus signatures to detect known viruses. The Clam Sentinel default is set to quarantine all detected files as either "suspicious" or "infected." Infected files are detections with the ClamWin signatures. As Davey said, you can use the EICAR test file to check that the ClamWin signatures are working, but there's no good way to check the Clam Sentinel suspicious file detection except to download a virus to your computer! You should not do that, so I suggest that you verify all suspiicous file detections with the Jotti or Virus Total online scanners.

If several of the online antivirus programs (besides the Clam AV scan engine used by ClamWin) detect a suspicious file, then it is probably infected. Sometimes Clam Sentinel will falsely detect a suspicious file (a false positive detection). You should whitelist all falsely-detected suspicious files in Clam Sentinel's advanced settings, paths or files not scanned to keep them from being falsely detected again. Be sure to read the Clam Sentinel Simple Guide to make sure you understand the program.

Thanks for using ClamWin/Clam Sentinel.

Regards,