When using WinPooch with ClamWin integration, the system slows considerably as touching the Start menu, volume control, or anything else spawns a program that needs to wait for a ClamAV scan. To fix this, WinPooch should keep a cache in memory of scan results and avoid rescanning.
When an Anti-Virus check on a file occurs, WinPooch should first check to see if it knows the Anti-Virus state of the file. If it does, it should avoid rechecking; if it does not, it should scan the file.
When an Anti-Virus scan turns up a file as not infected (or the user Allows access -- WinPooch frequently misinterprets ClamWin's messages), WinPooch should note that the file contains no viruses.
When WinPooch detects a file open for write, deletion of a file, or a write to a file, it should delete any stored state of the file so that the next rule requiring an Anti-Virus scan will actually run the scan.
When WinPooch detects a file move or copy from a known virus-free file, it should update its internal tables to reflect the change. Copied files should initially get marked as known virus-free; moved files should change their path in the internal table.
WinPooch should optionally expire table entries after a time-out, in the assumption that WinPooch is X likely over Y time to miss a write to the file and thus its tables may not reflect the current state of the file. Activating this option will cause more scans, but will probabilistically catch inconsistent states caused by unhooked processes altering files.
WinPooch should optionally check the MD5 and/or SHA1 sum of a file when it gets an Anti-Virus scan and before assuming the file has not changed. This option will cause some disk activity and calculation on each access; however, it will also catch files changed by unhooked programs.
When WinPooch closes, it should not store the internal consistency states; WinPooch will start with a blank table of scan states at every run.
Log in to post a comment.