Winpooch Watchdog

When using WinPooch with ClamWin integration, the system slows considerably
as touching the Start menu, volume control, or anything else spawns a
program that needs to wait for a ClamAV scan. To fix this, WinPooch should
keep a cache in memory of scan results and avoid rescanning.

When an Anti-Virus check on a file occurs, WinPooch should first check to
see if it knows the Anti-Virus state of the file. If it does, it should
avoid rechecking; if it does not, it should scan the file.

When an Anti-Virus scan turns up a file as not infected (or the user Allows
access -- WinPooch frequently misinterprets ClamWin's messages), WinPooch
should note that the file contains no viruses.

When WinPooch detects a file open for write, deletion of a file, or a write
to a file, it should delete any stored state of the file so that the next
rule requiring an Anti-Virus scan will actually run the scan.

When WinPooch detects a file move or copy from a known virus-free file, it
should update its internal tables to reflect the change. Copied files
should initially get marked as known virus-free; moved files should change
their path in the internal table.

WinPooch should optionally expire table entries after a time-out, in the
assumption that WinPooch is X likely over Y time to miss a write to the
file and thus its tables may not reflect the current state of the file.
Activating this option will cause more scans, but will probabilistically
catch inconsistent states caused by unhooked processes altering files.

WinPooch should optionally check the MD5 and/or SHA1 sum of a file when it
gets an Anti-Virus scan and before assuming the file has not changed. This
option will cause some disk activity and calculation on each access;
however, it will also catch files changed by unhooked programs.

When WinPooch closes, it should not store the internal consistency states;
WinPooch will start with a blank table of scan states at every run.