The Portable Freeware Collection Forums

[Mod note: OP post subject modified; original was "Re: clamscan is a command line tool Scan files and/or directories for viruses."]

Post b

clamscan is a command line tool Scan files and/or directories for viruses.

https://www.clamav.net/
ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

https://oss.netfarm.it/clamav/
by: sherpya. This is an unofficial native port of the well known ClamAV Antivirus, this port is used in ClamWin Antivirus

[Download Binaries] Current Stable 0.103.7
-- clamav-x64-0.103.7.7z (VS 2019 64bit build) https://oss.netfarm.it/clamav/files/cla ... 0.103.7.7z
-- clamav-x86-0.103.7.7z (Mingw-w64 32bit build) https://oss.netfarm.it/clamav/files/cla ... 0.103.7.7z

help..
https://docs.clamav.net/
http://forums.clamwin.com/
C:\..\clamav-x86-0.103.7>clamscan --help > clamscan-help.txt
C:\..\clamav-x86-0.103.7>freshclam --help > freshclam-help.txt

help: Updating Signature Databases..
https://docs.clamav.net/manual/Usage/Si ... ement.html

help: Scan files and/or directories for viruses.
https://docs.clamav.net/manual/Usage/Sc ... l#clamscan
------------------------------------------------------------------------------
Clam is unreasonably slow on every computer that is running it--both in loading the database and in scanning.
How to speed up the scanning ..?
http://forums.clamwin.com/viewtopic.php?t=4656

How to make Clam scans 20 times faster
http://forums.clamwin.com/viewtopic.php?t=4279

Thank you for the valuable info, Hangar0. As a user of ClamWin myself, I'm sure it'll prove helpful.

I took the liberty of modifying your post's subject to make the current topic content more memorable and clear -- feel free to change if you see fit.

As noted, Sherpya's ClamAV Antivirus Native Win32 Port current release is v0.103.7, dated 2022-07-29 (changes and downloads at https://oss.netfarm.it/clamav/; ClamWin is still at v0.103.2.1, released 2021-06-07, cf. https://clamwin.com/).

ClamWin Portable at PortableApps.com has been updated to include the latest Windows binaries as posted above combined with the standard ClamWin files.

forums.clamwin.com .. "goodbye and good luck."

https://www.wilderssecurity.com/threads ... on.446638/
post Aug 11, 2022
... I found some posts at the ClamWin forum. Members were saying, "goodbye and good luck."
... Online Forums located at http://forums.clamwin.com.

appear for support only the following site remains ...
https://github.com/clamwin
" ClamWin Free Antivirus "
Contributors: alexcherney, sherpya Gianluigi Tiesi
https://github.com/clamwin/clamav-win32
" ClamAV native win32 port "
... Please report bugs directly to github issue tracker
https://github.com/clamwin/clamav-win32/issues

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
of the little that I have from the forum ... "forums.clamwin.com"
most advice given by guitarbob ...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
main complaints ...
-- Clam is unreasonably slow ....
-- consumes a lot of resources ...
-- How can i speed up clamav scanning?
-- it feels very heavy
-- Why does ClamAV seem to be slower than other engines?
( all of the above is reported by many users )
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How to speed up the scanning ?
Clam does not use a cache of virus signatures, so the signatures have to be loaded at the beginning of each scan.
The quick scan article said that you can speed up ClamWin scans by limiting the number of extensions, folders, and file sizes that ClamWin scans.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
for full or multi-file scans...
Choose a smaller file size to scan help to reduce time
Most malware is found in files that are under 1 megabyte in size.
--max-filesize=1M
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
for full or multi-file scans...
Skipping files you aren't interested in scanning might help to reduce time
Most malware (maybe 80%) is found in these extensions:
--include="\.(BAT|CAB|CHM|CMD|CPL|DLL|DOC|DOCX|EXE|HTA|HTM|HTML|INF|JS|JSE|LNK|MSI|OCX|ODS|ODT|PDF|PIF|RAR|RTF|SYS|TMP|VBS|XLS|XLSX|ZIP)$"

... in the opposite direction
--exclude="\.(jpg|jpeg|png|gif|log|ost|avi|wmv|mp3|mp4)$"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What folders do viruses hide in? ...
folders that are known to host malware ...
Most malware is initially found in these folders:
-- Windows\system32
-- Windows\sysWOW64
-- Windows\temp
-- users\appdata
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
many users prefer these settings ...
--max-filesize=25M
--max-scansize=100M
--max-embeddedpe=10M
--max-htmlnormalize=10M
--max-htmlnotags=2M
--max-scriptnormalize=5M
--pcre-max-filesize=25M
--recursive=yes
--kill
--archive-verbose
--log="clamscanlog.txt"
--alert-exceeds-max=yes
--allmatch=yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
... find malware name clamav-sigtool
C:\...\AV-clamav-x86>sigtool --find="EICAR"
[main.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1
[main.hsb] 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:Win.Test.EICAR_HSB-1
[main.mdb] 45056:3ea7d00dedd30bcdf46191358c36ffa4:Win.Test.EICAR_MDB-1
[main.msb] 45056:f9b304ced34fcce3ab75c6dc58ad59e4d62177ffed35494f79f09bc4e8986c16:Win.Test.EICAR_MSB-1

... find md5 clamav-sigtool
C:\...\AV-clamav-x86>sigtool --find="d7cdd39f4ef36cecd19b7934ae4f2080"
[main.hdb] d7cdd39f4ef36cecd19b7934ae4f2080Doc.Dropper.Agent-1731197

C:\...\AV-clamav-x86>sigtool --find="44d88612fea8a8f36de82e1278abb02f"
[daily.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
[daily.hdu] 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
[main.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1

... get md5 clamav-sigtool
C:\...\AV-clamav-x86>sigtool --md5 "C:\...\MirandaNGPortable_0.96.1.paf.exe"
99a289ab5336932d6885fd3752a86676:6269520:MirandaNGPortable_0.96.1.paf.exe
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I hope it helps facilitate new users

https://oss.netfarm.it/clamav/
Current Stable 0.103.11-r1

shows the version and date of signatures
ClamAV (-version CLI-) / (-version DB-) / (-date DB-)
clamscan --version
ClamAV 0.103.11/27180/Fri Feb 09 02:36:31 2024

ClamAV continues to be extremely slow compared to other AVS, still requires a lot of PC resources.
"loading virus signature database" .. "12 minutes"
"memory scan" .. "scanned files: 309" .. "1 hour 20 minutes"


Help "ClamWin Free Antivirus Forum ":
http://forums.clamwin.com/

Curious what hardware you're using. I'm using an i7-7700k (about 7 years old) and the database loads in about 15 seconds.

Hi JohnTHaller

JohnTHaller wrote: ↑Mon Feb 12, 2024 8:07 am Curious what hardware you're using.

.. I understand what you mean. How does the software perform on different types of hardware?
.. I definitely should have added that information. I'm using "HP Pavilion All-In-One MS206CN", Release date: 26-Jun-2009 (~15 years old )
DxDiag: w8.1
Processor: AMD Athlon(tm) II X2 250 (2 CPUs), ~1.6GHz
Memory: 2048MB RAM
Available OS Memory: 1790MB RAM

JohnTHaller wrote: ↑Mon Feb 12, 2024 8:07 am I'm using an i7-7700k (about 7 years old) and the database loads in about 15 seconds.

apparently "Clamwin requires a CPU with more than two cores for smoother operation".