ClamWin is the open source Windows port of ClamAV. It comes with a graphical interface for the ClamAV backend. The software can be downloaded at http://www.clamwin.com/.
ClamWin is not as complete as Norton Antivirus 2006:
There is no integration with the Windows XP SP2 Security Center.
It can only detect viruses and spyware.
There is no on-access scanning like Norton's Auto-Protect features.
However, these differences make ClamWin easier to use and install. It runs well on smaller systems and older Windows versions (e.g., Windows 98 and Windows Me). Even if Norton Antivirus 2006 or other anti-virus software is installed, it is always good to have a second tool that can detect viruses unknown to the other software in order to double-check suspect files or suspected false positives.
Tip
ClamWin can be silently installed with the command:
c:\path\clamwin-0.88-setup.exe /sp- /silent /norestart
This is a good way to do an automatic installation in a company.
ClamWin can be integrated with Microsoft Outlook (not Outlook Express). Incoming and outgoing emails and attachments are automatically scanned by ClamWin. Since it is not integrated as a plug-in and since it displays a message only when a virus is found, you might not notice the integration with Outlook unless you check Outlook's Help menu and see the new entry "About ClamWin Free Antivirus." It is still preferable to test the integration with the Eicar test file as described earlier in the section "Installation Test."
ClamWin also integrates with the file explorer (right-click to scan a file or a directory). Two other benefits are that it uploads its database automatically, and you can schedule system scans.
The default configuration can be tweaked for better protection. Figure 16-2 shows the configuration options window, which is available by selecting Tools → Preferences.
It is preferable to move infected files to a quarantine folder to avoid executing viruses. This option can be chosen under the tab General. The files can then be removed from the hard drive if they are not false positives.
Warning
On Windows, files deleted by the user are not removed from the hard drive but moved to the Recycle Bin. The file must be manually removed from the Recycle Bin, or the Recycle Bin must be emptied.
Several exploitable file extensions are excluded from scans in the Exclude Matching Filenames list under the Filters tab. Some of these extensions are actually known to be used by malware. There are several viruses (for example, Exploit.CHM and Downloader-GG!chm) that use the .chm (Compiled HTML) extension.
Warning
Windows automatically recognizes file formats such as Word documents and executables. An infected executable could be renamed with a .dbx extension (Outlook Express mailbox, excluded by default) and Windows would still execute it. It is recommended to remove all the extensions from the default Exclude Matching Filenames list.
The virus database is updated daily. This can be changed to an hourly update from the Internet Updates tab. It is a good idea to keep the release notification enabled in order to always run the latest version of ClamWin.
You can schedule a full scan of your computer. Since there is no automatic on-access file, it is recommended to schedule a daily scan of the entire system when it is not in use.
There are file size and archives limitations for scans under the Archives tab. These are the same as described in "clamd and clamdscan." The anti-virus program can be run with additional arguments to report archives or files that hit one of these limitations (see Clamscan).