ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clamwin 0.98 scan ALWAYS shows 2 undefined/undetailed errors
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
I was running 0.97 without problems that had a schedule scan every night. But immediately and since upgrading to 0.98 the same nightly scan now always reports back with 2 errors and yet doesnt show what or where these errors are. Further more, running the same scan manually (interactively) doesnt show the errors.

Extract of ClamScanLog.txt of 0.97 schedules scan results:

Code:
Scan Started Mon Dec 09 22:00:00 2013
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 12 processes - 212 modules ***
 *** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 3009764
Engine version: 0.97.6
Scanned directories: 7943
Scanned files: 120272
Infected files: 0
Data scanned: 59549.53 MB
Data read: 4144577.59 MB (ratio 0.00:1)
Time: 10330.929 sec (172 m 10 s)



Same scan under 0.98 (reporting "Total Errors = 2"):

Code:
Scan Started Fri Jan 03 22:00:00 2014
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 6 processes - 86 modules ***
 *** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 3055176
Engine version: 0.98
Scanned directories: 7755
Scanned files: 120452
Infected files: 0
Total errors: 2
Data scanned: 60040.56 MB
Data read: 4153596.94 MB (ratio 0.00:1)
Time: 10175.961 sec (169 m 35 s)

(The dates of the scan are irrelevant as the disk is quite static and every night the results are more or less identical. It also happens when I run it across a simple static data partition).

Can anyone provide an explanation as to WHY it is reporting errors when yet they are not showing in the log? Or is it a software bug with 0.98 (and maybe there are no errors anyway)?

Cheers.


Last edited by jimimaseye on Wed Jan 13, 2016 7:23 pm; edited 1 time in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4363
Location: USA
Reply with quote
There normally is no difference between a manual scan and a scheduled scan, but there can be some differences now and then. If there was no inconsistency in errors with your previous version of ClamWin, this probably means that the inconsistency is due to the way the current version does a scheduled scan. I know there were some new detections/scanning abilities incorporated by Clam AV, so there must be some new Clam AV code in the current version that is not treated correctly in the ClamWin port of the Clam AV Linux code over to Windows.

It will help to identify the problem if you can set up separate scheduled scans for separate folders and then see in what folders the problem occurs. I suggest separate initial scans for the Windows folder and the program folder (this means 2 separate program folder scans on a Win 64 machine). If this doesn't identify anything, then do a separate scheduled scan for each of the other folders. When you find the errors, then do a separate scan for each individual program folder or Windows folder, etc. It will be kind of tedious, but it's the only way I know of to find where the problem occurs. If you have a Win 64 machine, the problem will probably occur in the regular programs folder--not the Win 32 programs folder. Please get back here with results.

This is the first time I've heard about this problem. It is a good advertisement for getting involved in ClamWin beta testing--just contact the ClamWin developers via the contact information on the main ClamWin web page if interested. Beta testing doesn't really take up too much time, and it only occurs a few times a year. One benefit: beta testers will get to see ClamWin 1.0 before anyone else!

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
Cheers Bob

Im not sure about doing scheduled scans for individual files. Let me explain why and see what you think...

The 22:00 schedule scan (detailed and referred to) is purely a scan of the complete D: partition. The partition is purely data; like email files, program installation SOURCE folders (like a copy of the installation CD's), and the usual office-type Documents (jpg, docs, excel etc). There are no *installed* program directories with an exception being just one single executable that is referred to an running as a 'service'. The root of D: does have only 7 1st level sub folders but collectively they all have over 7900 directories below them. This all helps with the knowledge that the majority of files are not 'locked'/in use (at 22:00) - in fact I can count on 1 hand what will be (I know which they will be). Perhaps as a test I will stop all processes accessing the D: prior to this scan test.

I have ran manual scans on all (as I said) but couldnt reproduce. Sure I can (and will) run 7 separate scans on the 7 top level directories as a diagnostic just to see what happens but Im not sure the results will help me (its just my luck the one folder that shows the errors will be the one with the most sub folders below it.)

Anyway, whether I identify the 'erors' or not, it doesnt change the fact that the summary REPORTS errors and yet doesnt list them (as you would expect, as it does when trying to access locked or system protected files).

I will report back to when I have something. Meantime, your help/comments are always welcome.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4363
Location: USA
Reply with quote
Comments: Most of the errors I get on my machiner are of the "permission denied" type, and they are not any problem 99% of the time. If you are not logged in as an administratior, try that and then schedule a scan and see what happens. Also, look at the Clamscan.txt log under the ClamWin\data\log folder to see if it says anything different than the scan summary. There may also be a temp log file created after a scan that you could examine to see if that helps. I know that Clam AV had some new code for scanning javascript PDF, Flash, and Java files, so perhaps that is the source of the problem.

I'll refer this thread to a developer for their input.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
Cheers Bob

So far in to the diag scans. I have already tested and ruled out the one that has the executable 'locked'/in use. Just have the main 'installation set backup' folder (which I dont expect to pose problems as like all the others so far) and the dynamic data directory which I also have a copy of used for backups yet to be scanned too (Im doing them separately). I can only hope that it is this directory that has the one error (x 2 because of the copy). Wont be finished until overnight now though so will report back tomorrow.

By the way, I cant find any 'logs' directory within the clamwin program subtree. I have been montitoring the temporary directory that gets used when it launches and see nothing of extra benefit. Oh, and everything is installed, set and run as Administrator (Im on a server). And the 'permission denied' errors I get (when it scans the C: system files) DOES report out to the log file and the summary does NOT say "Total Errors = [many]" - as if permission denied is not an error, more of an 'information'. Not sure if you agree with this or not but it certainly doesnt help the current reporting Total Errors confusion.

EDIT: Bob..... slightly off topic.... if you have a 'direct line' (so to speak) to the developers, perhaps you could suggest that they actually include the scheduled scan 'description' field contents (as set in the scheduled config) actually in the report summary, instead of simply writing "Scan started at...". At the minute the only way to identify what summary relates to what scheduled scan is by trying to match the data and time of the run - and even then one has to go through each config'd schedule task and manually take note again of the times they were set to run (they dont show in the UI). Little things. Just a thought.
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
HI Bob. Overnight testing finished and as expected, nothing to show for it.

All folders (at first level) where set for scheduled scans and there were no 'TOTAL ERRORS=' reported. Yet, as weve seen, if the scheduled scan is set as starting at the root (which ONLY contains the subfolders) it does report 'Total Errors=2' without listing what or why.

I had one thought and that maybe there ws something hidden actually in the root folder. So displaying all hidden and system folders, I see only 2 extra: the RECYCLE folderr and the SYSTEM VOLUME INFORMATION (system restore) folder. I scanned them manually (admittedly didnt do it via scheduler) and still it didnt complain of errors.

So I am at a loss and I think the problem/confusion stands. I hope you find this update helpful and clear enough for reporting to the developers. What do you think?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4363
Location: USA
Reply with quote
I've referenced this thread in contacting the developers. They could be away from home for a while due to the holidays (the lead developer is in Australia and people often take a vacation around Xmas down there), but I'm sure they will give it a look when possible.

I don't think your problem is due to malware, but Malwarebytes' free Antirootkit (beta) does a pretty good job at finding hidden stuff.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
Cheers Bob.

(Be sure I have checked and am confident there are no malwares at play here.)
View user's profileSend private message
Error message when scanning individual files
nathanson1947


Joined: 22 Jan 2014
Posts: 1
Location: Montreal
Reply with quote
With version 0.98, when I try to do an individual scan of an .avi file, I now often get the following error message:



Scan Started Mon Jan 13 01:55:54 2014

-------------------------------------------------------------------------------





----------- SCAN SUMMARY -----------

Known viruses: 3063517

Engine version: 0.98

Scanned directories: 0

Scanned files: 0

Infected files: 0



Total errors: 1

Data scanned: 0.00 MB

Data read: 1244.54 MB (ratio 0.00:1)

Time: 15.921 sec (0 m 15 s)



--------------------------------------

Completed

--------------------------------------


Any idea what this means?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4363
Location: USA
Reply with quote
Do you get the same error when you do a scan of the entire folder that contains the .avi file? Have you had this error before you started using version .98? Do you scan using a custom set of file extensions that does not include .avi?

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
I just individually scanned the (only) .AVI I have on my system, and I also did it by scanning the folder, all with standard default rules (AVIs are not exempt), and in neither case did I get the "error" reported as nathasnson did. FWIW.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4363
Location: USA
Reply with quote
Perhaps the .AVI file exceeds the limit of a file size to scan (don't know if that would give an error), which can be found in the ClamWin limits configuration folder. I have mine set pretty low at 20 MB, however, and do not get any errors when scanning. At one time there was an exploit for .AVI, but Microsoft fixed that pretty fast. I only saw about 1 .AVI virus in 5 years of sigmaking for Clam AV, so those types of files are not targeted by malware to any extent.

In the absence of any other information, I suggest scanning the .AVI file with Jotti/Virus Total/ VirScan. If it comes up clean, and you do not want to see the scan errors, exclude the .AVI file from scanning (but ClamWin will still scan all files during a manual scan of a single file). Next step is to join the ClamWin beta testers and see about getting this fixed wlhne the next release is tested.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
I have just checked my config and it is as default as being nothing over 100mb. Then ive checked the contents of my drive and I have about 28x 100+mb files (not including 40x ZIP files of 7.5GB!). In any case it doesnt equate to 2 (which is the count of errors I get when the schedule scan runs.

Summary, I dont think its size.
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
Update: Currently on 0.98.7 and still get the same unexplained 'errors'. (I repeat, as reported at the start of the thread, this never happened on 0.97)


Scan Started Tue Jan 12 22:00:00 2016
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***


*** Scanned 12 processes - 245 modules ***
*** Computer Memory Scan Completed ***

----------- SCAN SUMMARY -----------
Known viruses: 4321564
Engine version: 0.98.7
Scanned directories: 7731
Scanned files: 64835
Total errors: 2
Data scanned: 31401.64 MB
Data read: 30794.96 MB (ratio 1.02:1)
Time: 7268.979 sec (121 m 8 s)
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
I may have found something that might explain these two errors.

I just did an on-demand scan run of the same job (disk) and monitored the temporary log file (that appears in C:\Users\Administrator\AppData\Local\Temp\2\). In amongst the 'excluded' and 'empty file' listings, I saw:

D:\pathto\Music\iTunes\iTunes Media\Music\Movies\Dirty Dancing.m4v: Can't allocate memory ERROR
D:\pathto\Music\iTunes\iTunes Media\Music\Movies\Moulin Rouge!.m4v: Can't allocate memory ERROR

In my scan configuration settings, under LIMITS, I have

'Do Not Scan Larger Than' = 20mb

and these two files are actually 1.48 and 1.49 GB (so surely shouldnt be being scanned anyway).


So, 2 errors....any idea on what this means and why? How to get feedback to and from the developers on this?


Last edited by jimimaseye on Wed Jan 13, 2016 7:04 pm; edited 1 time in total
View user's profileSend private message
Clamwin 0.98 scan ALWAYS shows 2 undefined/undetailed errors
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 3  

  
  
 Reply to topic