Basic win32 clamav command line scanner and friends are already updated to 0.90, obviously they need to be tested,
on the GUI (ClamWin) side, some additional work is needed, some things are changed and also automatic skipping feature should
be correctly handled by the GUI.
We don't have an ETA, but we are working for you :D
- Sherpya |
|
I've branched clamav release develpoment, I've added a feature that can kill infected files that are loaded in memory (for now only in memory scan).
Killing of infected processes should be enough safe, the module unloader can easily cause crashes to the program that hosts the dll. Mainly the only program that can host infected dll is explorer, so it shouldn't be a real problem,
when it crashes it automatically restarts.
This feature will be available only win 2k/xp/2k3.
Update: I've included it in svn trunk since the new code is optional,
you need to add -k or --kill command line option.
Update: This feature is currently in testing, join the beta forum to have more infos.
- Sherpya |
|
When clamscan is interrupted it can leave temporary files in temp directory. I've implemented a trace feature in directory creation/removal.
clamscan will create a dirname.clamdir with the same name of the just created directory. This file is removed when clamscan removes the directory.
If the scan is interrupted clamwin will be able to find .clamdir files and remove the undeleted directories.
Only directories at top level of temp dir are traced, since we don't need to known about subdirs, they will be removed recursively.
This features is already implemented in clamav svn, minor mods should be made in clamwin.
Expect soon a new beta to test this functionality.
- Sherpya |
|
Some users experimented this new "feature" that allow to send crash reports when the scanner crashes (clamscan.exe.dmp files in C:\Program Files\ClamWin\Bin folder).
Since it may contain some parts of scanner memory obiviously can have virus patterns loaded in memory. To avoid this problem next release will scramble dump files by xor-in with 42.
I really don't want to encrypt user data,
it's only to avoid quarantine or deletion of crash dump files.
Also many of us have a mailserver AV that will block the report.
- Sherpya |
|
|