FAQ – ClamAV for Windows
Q1. Hey I went searching though the installed files from this application and didn’t find LibClamAV.dll. Where is it?
A1. ClamAV and its components are running in the Cloud, off your system. They are not located in the local installation directory for ClamAV for Windows. Future versions of ClamAV for Windows will include a local copy of ClamAV that will be used for offline (no Internet connection) virus and malware scanning.
Q2. So now that you have a “Free” Windows version of the product you’re going to close the ClamAV source right?
A2. No Sir, while it sounds like a great conspiracy theory Sourcefire, Inc. is committed to keeping all the ClamAV source code Open Source and available for everyone in the community to use, modify, and review till their heart content. Everything stays GPL period.
Q3. Where is all the code for the new GUI and all the Immunet integration, is that stuff Open Source?
A3. Immunet provides these components and they retain Immunet’s license and distribution model.
Q4. What are your future integration plans?
A4. The current roadmap includes adding ClamAV 0.96 to the local system so that it can be used for offline scanning (without an Internet connection). Additionally, in the back office we are utilizing a lot of the information from the community-based detection engines that Immunet offers to improve ClamAV’s, already stellar detection rate.
Q5. Why does support for this product redirect me to the Immunet website?
A5. Immunet is offering support for their product free of charge to make sure everyone using ClamAV for Windows has the best possible user experience.
Q6. Is “ClamAV for Windows” free for commercial use just as the Unix version?
A6. Yup, ClamAV for Windows is free for commercial use. Use it wherever you want to, home, office, servers, education facilities, non-profits, etc, etc. In fact the more places you installed it and the more systems it’s running on, the better its community-based detection will perform.
Q7. Will “ClamAV for Windows” send any sensitive data from my computer to the cloud?
A7. ClamAV for Windows sends information about the files its scanning back to the cloud. This information is in the form of SHA hashes and file heuristics. Currently, this information is only collected for Windows PE files, or in other terms what most people refer to as executable files. No information is collected for other types of files, like Word, Excel, or PDF. Additionally, in some situations the entire PE file will be uploaded to the Cloud to determine if it is malicious.
For a complete overview please see the privacy policy: http://support.immunet.com/index.php/Immunet:Privacy_policy
Q8. Are you going to make use of the Cloud in the *nix version of ClamAV?
A8. We are currently investigating the possibilities for using Immunet’s Cloud technology in the *nix version of ClamAV. Once ClamAV 0.96 releases and is integrated into the ClamAV for Windows distribution for offline scanning we will begin planning the next phase of integration. This will hopefully include some integration of the Cloud technologies in the *nix version of ClamAV.
Q9. Does ClamAV for Windows detect the same things as ClamAV?
A9. The short answer is ‘Yes’ it does. We continually updated Immunet’s database with our detected samples and false positives, and they do the same for us. This allows us to have detection ‘parity’, IE if ClamAV detects it so does ClamAV for Windows. Additionally, users of ClamAV for Windows will get the same virus and malware names they are use to getting in other ClamAV products.
The long answer is that Immunet’s On Access (when you open, copy, etc a file) file monitor only deals with PE files in this initial version. This means that files like PDF’s or Documents that ClamAV would normally detect won’t be scanned by this initial version. In future version that include the ClamAV engine locally these types of parity issues will be resolved.
Q10. Can I use ClamAV for Windows with my current AV solution?
A10. Yes. In fact it is encouraged.
Q11. Where should I report false positives or undetected malware?
A11. The same place you normally do for ClamAV: http://www.clamav.net/sendvirus/
Q12 For the really technical tester who knows what EICAR is, and is using it to test the product. Why is the EICAR test file not detected when its executed but is when its copied.
