ClamScan (part of ClamAV Windows port)

Submit command line tools that you find here.
Post Reply
Message
Author
User avatar
Hangar0
Posts: 59
Joined: Thu Mar 10, 2016 11:05 am

ClamScan (part of ClamAV Windows port)

#1 Post by Hangar0 »

[Mod note: OP post subject modified; original was "Re: clamscan is a command line tool Scan files and/or directories for viruses."]

Post b

clamscan is a command line tool Scan files and/or directories for viruses.

https://www.clamav.net/
ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

https://oss.netfarm.it/clamav/
by: sherpya. This is an unofficial native port of the well known ClamAV Antivirus, this port is used in ClamWin Antivirus

[Download Binaries] Current Stable 0.103.7
-- clamav-x64-0.103.7.7z (VS 2019 64bit build) https://oss.netfarm.it/clamav/files/cla ... 0.103.7.7z
-- clamav-x86-0.103.7.7z (Mingw-w64 32bit build) https://oss.netfarm.it/clamav/files/cla ... 0.103.7.7z

help..
https://docs.clamav.net/
http://forums.clamwin.com/
C:\..\clamav-x86-0.103.7>clamscan --help > clamscan-help.txt
C:\..\clamav-x86-0.103.7>freshclam --help > freshclam-help.txt

help: Updating Signature Databases..
https://docs.clamav.net/manual/Usage/Si ... ement.html

help: Scan files and/or directories for viruses.
https://docs.clamav.net/manual/Usage/Sc ... l#clamscan
------------------------------------------------------------------------------
Clam is unreasonably slow on every computer that is running it--both in loading the database and in scanning.
How to speed up the scanning ..?
http://forums.clamwin.com/viewtopic.php?t=4656

How to make Clam scans 20 times faster
http://forums.clamwin.com/viewtopic.php?t=4279

User avatar
Midas
Posts: 6697
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: ClamScan (part of ClamAV Windows port)

#2 Post by Midas »

Thank you for the valuable info, Hangar0. As a user of ClamWin myself, I'm sure it'll prove helpful. 8)

I took the liberty of modifying your post's subject to make the current topic content more memorable and clear -- feel free to change if you see fit.

As noted, Sherpya's ClamAV Antivirus Native Win32 Port current release is v0.103.7, dated 2022-07-29 (changes and downloads at https://oss.netfarm.it/clamav/; ClamWin is still at v0.103.2.1, released 2021-06-07, cf. https://clamwin.com/).

User avatar
JohnTHaller
Posts: 714
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: ClamScan (part of ClamAV Windows port)

#3 Post by JohnTHaller »

ClamWin Portable at PortableApps.com has been updated to include the latest Windows binaries as posted above combined with the standard ClamWin files.
PortableApps.com - The open standard for portable software | Support Net Neutrality

User avatar
Hangar0
Posts: 59
Joined: Thu Mar 10, 2016 11:05 am

Re: ClamScan (part of ClamAV Windows port)

#4 Post by Hangar0 »

forums.clamwin.com .. "goodbye and good luck." :shock:

https://www.wilderssecurity.com/threads ... on.446638/
post Aug 11, 2022
... I found some posts at the ClamWin forum. Members were saying, "goodbye and good luck."
... Online Forums located at http://forums.clamwin.com.

appear for support only the following site remains ...
https://github.com/clamwin
" ClamWin Free Antivirus "
Contributors: alexcherney, sherpya Gianluigi Tiesi
https://github.com/clamwin/clamav-win32
" ClamAV native win32 port "
... Please report bugs directly to github issue tracker :idea:
https://github.com/clamwin/clamav-win32/issues

User avatar
Hangar0
Posts: 59
Joined: Thu Mar 10, 2016 11:05 am

Re: ClamScan (part of ClamAV Windows port)

#5 Post by Hangar0 »

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
of the little that I have from the forum ... "forums.clamwin.com"
most advice given by guitarbob ... :wink:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
main complaints ...
-- Clam is unreasonably slow ....
-- consumes a lot of resources ...
-- How can i speed up clamav scanning?
-- it feels very heavy
-- Why does ClamAV seem to be slower than other engines?
( all of the above is reported by many users )
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How to speed up the scanning ?
Clam does not use a cache of virus signatures, so the signatures have to be loaded at the beginning of each scan.
The quick scan article said that you can speed up ClamWin scans by limiting the number of extensions, folders, and file sizes that ClamWin scans.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
for full or multi-file scans...
Choose a smaller file size to scan help to reduce time
Most malware is found in files that are under 1 megabyte in size.
--max-filesize=1M
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
for full or multi-file scans...
Skipping files you aren't interested in scanning might help to reduce time
Most malware (maybe 80%) is found in these extensions:
--include="\.(BAT|CAB|CHM|CMD|CPL|DLL|DOC|DOCX|EXE|HTA|HTM|HTML|INF|JS|JSE|LNK|MSI|OCX|ODS|ODT|PDF|PIF|RAR|RTF|SYS|TMP|VBS|XLS|XLSX|ZIP)$"

... in the opposite direction
--exclude="\.(jpg|jpeg|png|gif|log|ost|avi|wmv|mp3|mp4)$"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What folders do viruses hide in? ...
folders that are known to host malware ...
Most malware is initially found in these folders:
-- Windows\system32
-- Windows\sysWOW64
-- Windows\temp
-- users\appdata
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
many users prefer these settings ...
--max-filesize=25M
--max-scansize=100M
--max-embeddedpe=10M
--max-htmlnormalize=10M
--max-htmlnotags=2M
--max-scriptnormalize=5M
--pcre-max-filesize=25M
--recursive=yes
--kill
--archive-verbose
--log="clamscanlog.txt"
--alert-exceeds-max=yes
--allmatch=yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
... find malware name clamav-sigtool
C:\...\AV-clamav-x86>sigtool --find="EICAR"
[main.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1
[main.hsb] 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f:68:Win.Test.EICAR_HSB-1
[main.mdb] 45056:3ea7d00dedd30bcdf46191358c36ffa4:Win.Test.EICAR_MDB-1
[main.msb] 45056:f9b304ced34fcce3ab75c6dc58ad59e4d62177ffed35494f79f09bc4e8986c16:Win.Test.EICAR_MSB-1

... find md5 clamav-sigtool
C:\...\AV-clamav-x86>sigtool --find="d7cdd39f4ef36cecd19b7934ae4f2080"
[main.hdb] d7cdd39f4ef36cecd19b7934ae4f2080:30585:Doc.Dropper.Agent-1731197

C:\...\AV-clamav-x86>sigtool --find="44d88612fea8a8f36de82e1278abb02f"
[daily.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
[daily.hdu] 44d88612fea8a8f36de82e1278abb02f:68:Eicar-Test-Signature
[main.hdb] 44d88612fea8a8f36de82e1278abb02f:68:Win.Test.EICAR_HDB-1

... get md5 clamav-sigtool
C:\...\AV-clamav-x86>sigtool --md5 "C:\...\MirandaNGPortable_0.96.1.paf.exe"
99a289ab5336932d6885fd3752a86676:6269520:MirandaNGPortable_0.96.1.paf.exe
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I hope it helps facilitate new users :wink:

User avatar
Hangar0
Posts: 59
Joined: Thu Mar 10, 2016 11:05 am

Re: ClamScan (part of ClamAV Windows port)

#6 Post by Hangar0 »

https://oss.netfarm.it/clamav/
Current Stable 0.103.11-r1

shows the version and date of signatures
ClamAV (-version CLI-) / (-version DB-) / (-date DB-)
clamscan --version
ClamAV 0.103.11/27180/Fri Feb 09 02:36:31 2024

ClamAV continues to be extremely slow compared to other AVS, still requires a lot of PC resources. :mrgreen:
"loading virus signature database" .. "12 minutes"
"memory scan" .. "scanned files: 309" .. "1 hour 20 minutes"
Image

Help "ClamWin Free Antivirus Forum :shock: ":
http://forums.clamwin.com/

User avatar
JohnTHaller
Posts: 714
Joined: Wed Feb 10, 2010 4:44 pm
Location: New York, NY
Contact:

Re: ClamScan (part of ClamAV Windows port)

#7 Post by JohnTHaller »

Curious what hardware you're using. I'm using an i7-7700k (about 7 years old) and the database loads in about 15 seconds.
PortableApps.com - The open standard for portable software | Support Net Neutrality

User avatar
Hangar0
Posts: 59
Joined: Thu Mar 10, 2016 11:05 am

Re: ClamScan (part of ClamAV Windows port)

#8 Post by Hangar0 »

Hi JohnTHaller
JohnTHaller wrote: Mon Feb 12, 2024 8:07 am Curious what hardware you're using.
.. I understand what you mean. How does the software perform on different types of hardware?
.. I definitely should have added that information. I'm using "HP Pavilion All-In-One MS206CN", Release date: 26-Jun-2009 (~15 years old :mrgreen: )
DxDiag: w8.1
Processor: AMD Athlon(tm) II X2 250 (2 CPUs), ~1.6GHz
Memory: 2048MB RAM
Available OS Memory: 1790MB RAM
JohnTHaller wrote: Mon Feb 12, 2024 8:07 am I'm using an i7-7700k (about 7 years old) and the database loads in about 15 seconds.
:shock: apparently "Clamwin requires a CPU with more than two cores for smoother operation".

Post Reply