Combine Winpooch and ClamWin to Protect Windows Clients

You probably know ClamAV the popular opensource antivirus scanner which is widely used on mail servers etc. There is also a Windows Port, ClamWin available which can be used to scan files on the Windows platform. Unfortunately, ClamWin currently lacks an on-access scanner, which is a must have for a modern desktop virus scanner.

This is where winpooch comes in. Winpooch is a API-Hooker that is it catches System calls checks them against a filter list and then proceed according to the configured action.

Therefore it can be used to pass executed files over to ClamWin which checks them for viruses, resulting in an on-access scanner. If you are extra paranoid and don’t care about potential performance issues you can even configure Winpooch to call ClamWin on every opened file.

To configure Winpooch you have to go to the configuration tab and there select ClamWin as antivirus solution. If this is done, you should test your setup with a test virus. Download eicar.com and run it, ClamWin should now detect the virus and Winpooch should ask whether you want proceed.

Winpooch also detects when a program want’s to place itself in a auto startup position, for example via the registry or a startup folder, and asks if you want to allow or deny the action.

So you get a 100% opensource and free software antivirus/spyware solution for your Windows client computers.

Marc