Recently put in some replacement servers and ran into the issue of Antivirus protection for the server. Usually this is a paid service for servers. In this case that was not an option and thus the search for a free or low cost solution. ClamWin is a free AntiVirus tool that will run on Windows Server. In this post we will discuss installing and configuring exclusions and scans on Windows Server 2008 R2 and 2012 R2. We will also cover the addition of another project Clam Sentinel to add real time scanning and several other features.
Download the latest install from http://www.clamwin.com/.
Installation as with most programs is to click and accept the defaults for installation. By default the program will install to c:\Program Files (x86)\ClamWin.
Start the installation and click next when ready
Accept the agreement and click Next.
Accept the default path for installation and quick next.
Typical installation will do the trick, click next.
Click next to aceppt Start Menu Folder location.
Click the create desktop icon if you like, by default it is unchecked.
Click Install to start the installation.
Installation will progress along.
Once the installation has completed ClamWin will update it’s virus database.
Click Finish to complete the installation.
Installing Clam Sentinel
Clam Sentinel is a system tray application that detects file system changes and scans the files modified using ClamWin. It also detects new drives added (like usb pen) and monitors these units until the program is closed or until the device is disconnected. Clam Sentinel can be downloaded from here. The current version at this posting is 1.22.
The Clam Sentinel project, which adds a real-time capability to ClamWin when files are added/modified/copied, but it does not offer true on-access protection. Clam Sentinel is free, open source like ClamWin. Their site is http://clamsentinel.sourceforge.net
- free & full-featured real-time scanner for ClamWin Antivirus
- Adds a real-time scanner to ClamWin
- Optional system change messages
- Proactive heuristic protection
- USB and removable drive protection
- Uses ClamWin quarantine folder
- Scan logs for real-time, drives, memory, and messages
- Default configuration suitable for most users
- Easy custom configuration via system tray icon
- Supports Windows 98 and newer computers
- Supports English, Italian, French, German, Dutch, Spanish, Polish, Japanese, Russian, Portuguese, Bulgarian, Indonesian and Azeri languages
- Multiple user support
Now that we have downloaded the Clam Sentinel installation we can start the installation. Double-click to start the installation.
Click OK to accept the language.
Accept the license agreement and click next.
Click the Start Clam Sentinel automatically for all users and click next.
Click next to accept the installation destination.
Click next to accept the start menu folder location.
If you want the icons select the boxes and click next.
Click install to start the installation of Clam Sentinel.
Click Finish and Clam Sentinel will start.
First thing Clam Sentinel will do is ask for the drives you want to have it monitor. Click Confirm and Clam Sentinel will appear as a shield icon in the corner. One thing you want to do is to exclude what you don’t want Clam Sentinel to look at. We do this by creating a whitelist.
Creating Exclusions (Whitelist)
Any program or file you do not want blocked will need to be added to the whitelist. As Clam Sentinel will quarantine it. To get to the dialog to make these exceptions right-click on Clam Sentinel in the status bar and move to Advanced Settings > Paths or Files not Scanned.
Clam Sentinel will present an interface to add and remove files, directories and extensions.
To add an exclusion, just type in the space provided and click add. Some examples of exclusions are listed below.
- Exclude one file everywhere – clamscan.exe
- Exclude One file in one folder – C:\Program Files (x86)\ClamWin\bin\clamscan.exe
- Exclude an entire folder – C:\Program Files (x86)\ClamWin\bin\*
It is best to use the full folder description for a file–otherwise, there could be a malware that calls itself by the filename (say clamscan.exe), so the full folder description will stop that.
Clam Sentinel also allows you to add and remove extensions to be scanned. Right-click on Clam Sentinel in the status bar and move to Advanced Settings > Extensions Scanned. Add and remove what you would like. No need for the wild card * to be in the entries, just .PS1 for example will do.
There are many other settings available under Advanced Settings menu.
- Choose disks to monitor
- Extensions scanned
- Paths or files not to be scanned (Default has 3 listed, add what you need to be excluded.)
- Paths where all files will be scanned (Set to blank, meaning whole drive defined in Choose disks to monitor setting)
- Maximum number of simultaneously active scans (Default is 1, allowed setting 1 – 10)
- Max filesize for logs. (Default is 5 MB)
there are other settings available in Clam Sentinel in the Settings selection. Right-click on Clam Sentinel in the status bar and move to Settings where you can select you want Clam Sentinel to do.
- Scan the memory when a program starts (not checked)
- Write scan activity to the log (checked)
- Detect and monitor new drives (checked)
- Ask to scan new drives (checked)
- What to do when an infected file has been found (Default is Move to quarantine folder)
- Monitor system for new malware
- Detect suspicious files and warn about system changes
- Detect suspicions files only (default)
- Notify of new versions (checked)
Other menu selections are as follows
- Memory scan
- Quarantine folder
- Sentinel Recover
- Real Time scan
- Memory Scan
- Drive Scan
- Check Latest Version
- Visit Clam Sentinel Website
With a combination of ClamWin and Clam Sentinel you now have a way to have AntiVirus and realtime protection for your small office or business.