[clamav-users] Scanning files with ClamAV on Windows

[Simon Eigeldinger]

Hi,

Thanks for writing back.
Will have a look at the documentation and at the archive.

Greetings,
Simon



Am 22.04.2020 um 01:48 schrieb G.W. Haywood via clamav-users:
> Hi there,
> 
> On Wed, 22 Apr 2020, Simon Eigeldinger wrote:
> 
>> I plan to set up some ClamAV instances on Windows Servers to scan some 
>> office documents and other files.
> 
> If I were going to scan files for Windows malware, I wouldn't use a
> Windows box to scan them - but that's up to you.
> 
>> So helping the other scanner which is already installed and to see
>> if it is missing a virus.
> 
> I'd expect you'd have more luck if you used the other scanner to see
> what was missed by ClamAV.
> 
>> I have just some stupid questions :-) :
> 
> They're not stupid, but they do really only scratch the surface.
> 
>> Which signatures to use?
>> The default ones that come with the example config?
> 
> Any that you can get hold of.  There are a lot of them about.  The
> Sansecurity signatures get a good press but I use them to fight spam
> rather than protect against malware.  I personally think that if you
> can find malware on a machine, it's already too late to be looking.
> 
>> Any config i should take a look at?
> 
> There's a lot of documentation, you should read it.
> 
>> As far as i have seen ClamAV isn't scanning the whole file just a
>> part of it.  Do viruses sit at a special point of a file or do
>> traces of them exist at special spots?
> 
> It's not really like that.  Drink deep, or taste not...
> 
> ClamAV needs to know something about the different types of files, so
> it can do a better job of scanning, and there's an upper limit to the
> amount of data that ClamAV will scan in any event.  There have been
> discussions about it on this list, please spend some quality time with
> the archives.
>