Hi,
If I use ClamWin to scan Drive C (and it includes the default quarantine folder), then all the quarantined files will be identified as virus again, like the picture below~
https://www.mamsds.net/mydata/cw.png
Is this the normal behavior of ClamWin? How can I avoid that except excluding it when scanning Drive C?

You can exclude/whitelist the ClamWin quarantine folder from scans. However, items are placed in quarantine with an "infected" extension (i.e., filename.exe.infected). If you use a custom set of extensions to scan, and "infected" is not one of the extensions, then ClamWin should not scan it.

Regards,

Thanks for the reply.
I would like to ask one more question. Why the ClamWin just do that for user? Is it its philosophy or just a result of a lack of manpower?

The "infected" extension at the end of a quarantined file prevents it from being executed, and it does not require any additional code to mangle the file to make it unusable. The user can either leave the file in quarantine, delete it, or restore it with the Qrestore utility from the ClamWin\bin folder.

Regards,

I have the same problem.

Disclaimer: I support payment processing software full-time but am a strong proponent of open-source posting here to further that.

1- The average user can't be expected to know or understand the quarantine folder needs to be white-listed. It should be a default setting (with notification) but at the very least should be a pop-up at install time.

2- The two possible remediations given are excellent. It would be helpful to know which of the multiple applications has the setting and at least a pointer to the top of the menu stack that will take the user to the setting.

Further to the assertion 'the average user can't be expected to know how to whitelist' (or that they need to do it at all).

If you are one of the enlightened cognoscenti that figures out they need to do this you still need to learn the secret handshake.

For the record the way to add to whitelist in Windows 7 is;

Start > All Programs > Clamwin AntiVirus > Virus Scanner;

Preferences > Filters;

Click 'New Item' (2nd icon from left of 'Patterns')

For folders the correct syntax is: <d>

Screenshot below;

https://postimg.org/image/l2mgmnvep/ [/img]

Science and technology are supposed to solve problems not create them.

Serious users of any software, including AV software, should read the documentation that comes with the software to become familiar with its capabilities and learn how to make good use of it.

If you set up a custom list of extensions for ClamWin to scan instead of using the default of all extensions, a scan of the quarantine folder will not scan quarantined files because they are put in quarantine with the extra extension of "infected." What custom list of extensions to use to ensure maximum coverage with minimum scan time? Do some searching on the web for "malicious file extensions", "dangerous file extensions", or something similar.

Remember that ClamWin should be used in a layered approach to security along with a real-time on-access virus scanner, firewall, and possibly antimalware software (depending upon whether or not the real-time scanner has behavior blocking/heuristics capabilities).

Regards,

I will send this to Alch next time I get a chance to talk with him, which is normally during beta testing, and see if he can fix this issue.