G.W. Haywood wrote: > Third, ClamAV _can_ be used to scan files on a machine. But that's > all it really does, it scans them and tells you if it thinks any of > them might be infected. That doesn't sound to me like what you want. > I think you want something that will 'disinfect' them. ClamAV doesn't > do that. It might tell you that a file is infected (it might even be > right about that:) but it would then be up to you to decide what to do > about it. Now if you're scanning incoming mail, the decision is easy. > You drop the mail and maybe send a message to the administrator of the > system that is scanning the mail (NOT to the sender of the mail if you > have any sense, because the address was most likely forged). When you > scan files on a computer, things are a little more complicated. If a > file is flagged as infected that might indeed mean that it's infected. > You might then think that you have to do something to the file, to > disinfect it. Or maybe just delete it. But it could also mean that > it's an important system file that just happens to look like it's > infected. This would be what we call a 'false positive'. You need to > be able to make an educated guess (er, decision) about these things, > to distinguish between genuine infections and false positives, because > if you just romp around your operating system deleting all the files > which trigger ClamAV (or any other virus scanner) you might find that > you've done more damage to the operating system than the virus would > ever have done. >
Well, other AV products face the same issue. They may ask you your decision in a messagebox instead, or take a decision for you. But all of them have false positives, and they do sometimes break your OS by decididing to remove some system file. Julie wrote: > I have been told by the computer engineers who have been helping me try to > get to the bottom of this that the virus is contained in Microsoft Office > Word 2001, and does not affect any other systems, so that sending emails is > perfectly safe and will not endanger any other computer. Yes. *As far as you don't send Office files with your email*. Tom Shaw wrote: > For 2004 and before, I can't remember what to > do for these older versions of MS Office but you can set up these to > warn you if a document contains VB Macros. > It's a program option (Tools/Options). It said something like "Ask me when I open files with macros" or "Disable files with macros". _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
