Jump to content
Sign in to follow this  
greenknight

ClamWin?

Recommended Posts

Bitdefender 8 Free Edition that I had for a backup scanner expired on me (the download page didn't say it was trialware, but it is), so I decided to try out ClamWin - Clam being the only other free AV without realtime protection I'm aware of (since 2 virus shield can interfere with each other, I won't risk having more than one installed, even if one shield is disabled).

I have yet to complete a scan with it, it seems to be pretty slow. Any thoughts?

Share this post


Link to post
Share on other sites

Avast has excellent real-time free protection and detection.

I've used Portable ClamWin from my pocket hard drive nad it seems to have a decent cleaning algorithm, however I didn't feel like it really did much.

Share this post


Link to post
Share on other sites

ClamWin is a Windows antivirus software application that uses the ClamAV engine. ClamAV is made for Unix-like systems such as Linux, but it has been ported to Windows, but I think that the performance of the Windows port is slower.

Future versions of ClamWin is planned to introduce some sort of caching to increase performance.

Interesting things are in development for ClamAV too, which will result in that ClamWin will get better.

ClamWin and the ClamWin website is available in many language, and accepts contributions from translators who might be willing to translate it into a language they know. If interested, you can get in contact with developers at #ClamWin on irc.freenode.net

Share this post


Link to post
Share on other sites

Even if I were to switch to Avast, I'd still be interested in a backup scanner. In AV comparison tests I've read (and I've read every one I could find), the detection rates of Avast and AVG are very similar; I can't see enough gain from switching to make it worthwhile.

ClamAV scored reasonably well in some tests, though not in some others. I hope this is because it's getting better with time - in any case, I like to support open-source projects, so I'm trying it out.

One thing I do like about it; by default it runs at low priority, and I've found I can let it run in the background while I'm doing other things without slowing things down much. I haven't found this possible with other malware scanners. It hangs up in one particular folder, though - my sister's Family Tree Maker program makes it grind to a halt repeatedly. Weirdly, if I open the folder and scan the files individually it does fine. Apparently it's gonna take some tweaking - if nothing else works, you're supposed to be able to set a filter to make it skip individual files or folders. I'm going to try reinstalling from a fresh download, just in case something went wrong the first time. If I'm still having problems then, I'll try the ClamWin help forum.

Share this post


Link to post
Share on other sites

You can also get help at #clamwin on irc.freenode.net

You can disable scanning of certain file extensions, such as .mp3, .avi or .mpg if you want.

I'm not fond of using irc, but I'll bear that in mind.

Filtering file extensions is easy, but it's not what I need. Thanks anyway.

Share this post


Link to post
Share on other sites

Anyway, the Web site say the preferred place to get help is the forum. Wherever I get it from, help is definitely needed. Even though I've excluded the folder where it was hanging the worst, scanning is incredibly slow. I started it at 4:09 scanning C: drive, which has 14.8 GB in use (minus that one 61 MB folder I excluded). At 10:00, I wanted to go online, but it was still a long way from finished (it had a long list of errors, too). I hoped to finish a scan and save the report (thinking it would include the error messages), so I left it running in the background and went ahead with online stuff.

It just now finished, over 11 hrs after it started. Though it was running in the background for almost half of that, that's still way too long - and it didn't save the error messages, should've taken a screenshot I guess. Gonna take some tinkering - but that's the fun of open source. <edit> I spoke too soon about filtering out some file types, that seems to be the primary recommendation on the help forum for speeding up scans. Of course, I didn't know it would be that slow...<end edit>

If I can't make some major improvement on that, I may try out the one they have on MajorGeeks, ClamAV/SOSDG (stands for Summit Open Source Development Group). It says it has "a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning", and "The SOSDG has taken the latest ClamAV from the CVS tree, compiled it against the current stable Cygwin DLLs, which provide a full UNIX/Linux compatibility layer for Windows operating systems." Sounds like it could be faster, and I can live without the cool GUI ClamWin has if it scans faster.

Share this post


Link to post
Share on other sites

Yeah, as I said its pretty slow. I agree with you, its slow, I've mentioned it many times to the developers, heh. :happybday:

When you try out that thing you mentioned, if its any faster, please tell me, I really want to know.

Share this post


Link to post
Share on other sites

I'll be sure to post all about it.

I've filtered out some file types in Clamwin, it still seems painfully slow. I'm planning to try a little more tinkering with it, try adding more filters, see if I can find out what the error messages mean; but I'm not very hopeful. It would take a really drastic improvement in speed to make it worth keeping. :happybday:

Share this post


Link to post
Share on other sites

Last time, I used ClamWin, I set it to only scan .exe files and did a quick scan of my Downloads\ folder and \Windows and \Windows\System32\ folder.

"Bitdefender 8 Free Edition that I had for a backup scanner expired on me", it really sucks that they call it a free edition, then it expires. So much for free, hmpft. When something is trialware, it should be made very clear. Companies/software like that should be added to list along with other of their deceiving kind.

Share this post


Link to post
Share on other sites

Yes, it does suck. What's really stupid is, there's another download link on the same page for "Trial version". But you get a trial version, whichever link you use.

I got a response on the ClamWin forum, said the next release will skip scanning binaries and media files, so it should be faster. I hope so, the current release is too slow for scanning anything but a limited amount, like you did. With filtering, I got it down to where it took under 76 min. to scan the Documents and Settings folder. That's still way too slow.

Share this post


Link to post
Share on other sites

I installed the SOSDG port to try it out, can't get it to run. The syntax is simple enough, but I keep getting an incorrect syntax message when I try to run it. There's a forum link on the program's home page, but it's broken. :happybday:

Do you mean sherpya? He's a mod on the help forum (and from Italy) - that's who told me about the next release. I asked when it's coming, he didn't answer.

Share this post


Link to post
Share on other sites

I just tried the SOSDG port out.

I had no problem to get it to run.

C:\clamav-devel\bin>clamscan c:\stuff

The SOSDG port appears to be slightly faster than the clamav shipped with ClamWin.

----------- SCAN SUMMARY -----------

Known viruses: 87291

Engine version: devel-20061102

Scanned directories: 1

Scanned files: 15

Infected files: 0

Data scanned: 2.88 MB

Time: 6.589 sec (0 m 6 s)
----------- SCAN SUMMARY -----------

Known viruses: 87291

Engine version: 0.88.7

Scanned directories: 1

Scanned files: 15

Infected files: 0

Data scanned: 2.88 MB

Time: 8.522 sec (0 m 8 s)

Share this post


Link to post
Share on other sites

That's the syntax you used? Because this is what it says to use in the Quickstart doc that comes with the program:

C:\clamav-devel\bin\clamscan.exe <path to file to scan>

Please note that because of oddities between Windows and UNIX/Linux standards,

you must do one of the following with your paths you specify to ClamAV:

1. Replace \ with / in your paths - ie: C:/clamav-devel/test/clam.exe

2. Double your backslashes - ie: C:\\clamav-devel\\test\clam.exe

3. Use Cygwin Cygdrive notation - ie: /cygdrive/c/clamav-devel/test/clam.exe

4. Quote your normal Windows paths - ie: “C:\clamav-devel\test\clam.exe” -

Note that this does not work right in the configuration files!

Yours is very different, I'll give that a try.

Share this post


Link to post
Share on other sites

Your spending an awful lot of effort to use an AV that's detection rates are mediocre at best. Dr.Web and MWAV 8.x(Kaspersky Engine) blow the doors off Clamav detection wise.

Share this post


Link to post
Share on other sites

That's the syntax you used? Because this is what it says to use in the Quickstart doc that comes with the program:

Yours is very different, I'll give that a try.

Yeah, and I didn't read the quickstart doc.

Your spending an awful lot of effort to use an AV that's detection rates are mediocre at best. Dr.Web and MWAV 8.x(Kaspersky Engine) blow the doors off Clamav detection wise.

I like the fact that ClamAV is free, open source, multi-platform, light-weight, on-demand scanner.

Share this post


Link to post
Share on other sites

I like the fact that ClamAV is free, open source, multi-platform, light-weight, on-demand scanner.

I do too. But with it's detection rates, will it telling you your machine is clean bring relief!. I wouldn't rely on anything that didn't at least approach 90% detection. And this AV is far from that. Installing another AV is not the way to go as it's another 'Re-active Approach'. Always playing catchup to the bad guys. And with 'Heuristics Detection' still far off from 'Signature Detection', that isn't the answer either. What happens when one encounters malware that isn't in the antivirus database yet?. Good chance of infection i would say. That's why many including myself have stopped relying on this 'Re-active' approach and added a 'Pro-active' approach in the form of 'Sandbox/Virtualization' programs. There are many freeware/payware choices that take away this infection avenue as your browsers, IM's, dangerous email attachments are virualized from infecting your system.

Share this post


Link to post
Share on other sites

I guess detection rate varies from test to test and time to time. But yeah, it doesn't have so good detection rate that I wish it would. I am not sure, but it's all worked by volunteers I believe.

I am no fan of the re-active approach either. I don't run any on-access anti-virus or anti-malware software in the background. Pro-active solutions are the best, but there are not so many sandbox programs for Windows that I am aware of. Also I am not sure how much of an inconvenience they are. Nobody likes it when security becomes an inconvenience.

Share this post


Link to post
Share on other sites

I finally got it to work; nothing wrong with their syntax, it's my brain that's defective. :happybday:

I read lots of tests, on some Clam did very poorly, on others it did very well. I have never seen any AV comparison test that has enough controls that it could be regarded as authoritative.

I barely need AV at all; since switching to Firefox back in '04, no viruses, exactly 1

Trojan (it came in through Java, which is much more secure now). I'm only looking at Clam as a "second opinion" scanner anyway, and something to play around with - another open-source project to test. Don't really have security issues that would justify virtualization. Got other users on this computer, too, who don't want extra hassles. None use IM, and we all use Webmail (and a great deal of caution). Got no surplus of RAM, either.

Anyway, I decided that ClamAv SOSDG wasn't enough faster than ClamWin to make up for its inconvenience, plus no quarantine. So I reinstalled ClamWin, gonna play with it some more.

Share this post


Link to post
Share on other sites

Pretty much same for me.

I use Mozilla Firefox too. I have Java disabled (almost no websites use it anyway), and JavaScript is blocked by the NoScript extension. NoScript blocks JavaScript for all sites that I haven't put on whitelist to be allowed to run JavaScript. So I have put sites like Lunarsoft on the whitelist.

I don't really need a anti-virus either, but as you I am looking at ClamAV as some second scanner.

I also decided the same as for the SOSDG port. In ClamWin in the bin\ folder, there are the the ClamAV executables that you can run from the command-line too. I don't use ClamWin much, but I will continue to evaluate it.

Share this post


Link to post
Share on other sites

You can control Java with NoScript, too.

I just tried out ClamWin's "Scans Computer Memory for Viruses" button (that's what it says when you hover on it). That scans the most important files, and it only takes a few minutes. I think I'll keep it.

Another thing, on Sherpya's advice I added .cab and .msi to the Exclude list, I think that helps quite a bit. I also excluded the Firefox Cache folders; there's no point to scanning them, no virus can execute from there - they scan pretty slow, too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×