ClamWin is a powerful Open Source Anti Virus program that rivals many Commercial Software Anti Virus products. You can find the ClamWin community forums here. ClamWUG, from Moore Works, provides the automation that automatically upgrades ClamWin when new versions become available. Click here to install ClamWUG on your current Windows Operating System computer.  (On Vista you might have to Run as Administrator to force the installation.) 

  1. Installs ClamWin AntiVirus.
  2. Applies ClamWin upgrades when they become available.
  3. Sends Hard Drive free information to Moore Works to avoid HD full problems.
  4. Sends scanning information to Moore Works to avoid scanning problems.

Once ClamWUG is installed configure ClamWin:

  1. Schedule AntiVirus scans.
  2. Move viruses to quarantine folder.
  3. Filter to exclude the quarantine folder.

Windows Vista and Windows 2008 Server bug Fixes:

  1. Run as Administrator to install.
  2. Enable the Administrator user if not already done.
  3. Schedule ClamWUG and ClamScan to run as Administrator and "Run with highest privileges".
  4. Create identifiable username for ClamWUG email then schedule as that user. Set Full permissions for that user in Logs folder.

Once ClamWUG is installed schedule a task to run ClamWUG everyday and check for new ClamWin versions. You only need to set Internet Explorer as your default web browser and create a scheduled task set to run this command line:

cmd /c "START iexplore.exe http://cms.MooreWorks.Net/ClamWUG2/ClamWUG.application" && exit

Some people installing ClamWUG use Firefox as their default web browser.  FireFox has an add-on here that allows ClickOnce which is used to give you the latest version of clam. Once installed set the 'do not ask to run' option.

Use "Run with highest privileges" when scheduling ClamWUG to run on Vista.  Windows 2008 Server might requires all that in a batch file so I put mine in "C:\Program Files\ClamWin\bin\ClamWUG.Bat".

Normally ClamWin is configured for General, Infected Files, Move to Quarantine; Filters, Exclude Quarantine folder; and, Scheduled Scans. You might create a Scheduled Task to run the following command line periodically:

Create C:\Program Files\ClamWin\bin\ClamWUGs.bat

if %1.==SCAN. goto :SCAN
pushd "C:\Program Files\ClamWin\Logs\"
del ClamWUGs.log
call ..\bin\ClamWUGs.bat SCAN >>ClamWUGs.log 2>&1
goto :END
:SCAN
pushd "C:\Documents and Settings\All Users\.clamwin\"
del clamscan.exe.dmp
"C:\Program Files\ClamWin\bin\clamscan" -v --quiet  --database=".\db" --exclude-dir=".\\quarantine" --exclude-dir="C:\\Program Files\\UltraVNC" --exclude-dir="C:\\Program Files\\RealVNC\\VNC4" --log=".\log\ClamScanLog.txt" --move=".\quarantine" --detect-pua --recursive --memory --kill --detect-broken C:\
rem "C:\Program Files\ClamWin\bin\clamscan" --quiet  --database=".\db" --exclude-dir=".\quarantine" --exclude-dir="C:\Program Files\UltraVNC" --log=".\log\ClamScanLog.txt" --move=".\quarantine" --recursive --memory --kill --detect-broken
:END

Schedule Task "C:\Program Files\ClamWin\bin\ClamWUGs.bat"
Start in "C:\Program Files\ClamWin\bin\"

--detect-pua can be added to the clamscan command line to Detect Possibly Unwanted Applications, though we have found (as of Mo 8 Jun 2009) this quarantines RealVNC VNC.exe.

Instead of "C:\Program Files\ClamWin\Logs\" 64 bit Windows Server operating systems should use: 

"C:\Program Files (x86)\ClamWin\Logs\" 

This needs to Run as Administrator on Vista... "Run with highest privileges" does not seem to work. Also, do not include the double-quotes characters around the 'Start in' field.

Visual Studio Developers avoid quarantining their programs with these exclusions:

--exclude-dir="C:\\Program Files\\Microsoft Visual Studio" --exclude-dir="C:\\Program Files\\Microsoft Visual Studio 8" --exclude-dir="C:\\Program Files\\Microsoft Visual Studio 9.0" --exclude-dir="C:\\Program Files\\Microsoft Web Designer Tools" --exclude-dir="C:\\WINDOWS\\assembly\\GAC_MSIL" --exclude-dir="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\VisualStudio"--exclude-dir="C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\VSA" 

SQL Server Business Intelligence Development Studio users seem to function without quarantining these "Broken.Executable"s, but; might benefit from it:

C:\Documents and Settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll

C:\Documents and Settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll

Scheduled Task Exit Codes can be found here.

Use 'clamscan -h' to discover all the command line options.

Older versions of ClamWUG are here (ClamWUG), and here (ClamWUG1).

clamscan.exe.dmp problems on PC Buba and PC BrainIac caused the creation of http://sherpya.netfarm.it/clamav-0.95.2-dumpfilename.zip

Changed ClamWUGs.Bat for:
clamscan -v
-v -> verbose prints before scanning
I wonder what good this "-i -> only infected, does not print after" will be?