ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Reducing logged amount of "Permission denied"
trishtren


Joined: 07 Apr 2014
Posts: 2
Reply with quote
I have been using clamwin to carry out scans against my windows 2008 r2 and windows 2012 servers. I am using a portable version of clamwin 0.98.1 as per the instructions found here:
http://www.clamwin.com/content/view/118/89/
I run everything through a powershell script and the particular line I use to run clamwin is as follows:
Code:
Start-Process -FilePath "clamscan.exe" -ArgumentList "C:\ -i --recursive=yes --database=C:\Users\SOMEUSER\Desktop\clamwin\db --log=C:\Users\SOMEUSER\Desktop\clamwin\log\logfile.txt" -Wait

I am getting a large amount of "Warning: ...: Permission denied" sent to the logfile and an even larger amount sent to stdout in CMD. I was wondering if there is a way to force clamwin to open these files or at the very least, a way to suppress them? Any and all help is appreciated. Output from the logfile is below:

WARNING: Can't open file \\?\C:\pagefile.sys: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\AppData\Local\Microsoft\Windows\UsrClass.dat: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\AppData\Local\Microsoft\Windows\WebCache\V01.log: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Users\SOMEUSER\ntuser.dat.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\Resources\Themes\aero\VSCache\AeroLite.msstyles_1033_96.mss: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\edb.log: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\BBI: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\BBI.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SAM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SECURITY: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SAM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\Sum\Current.mdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\Sum\Svc.log: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 3292416
Engine version: 0.98.1
Scanned directories: 24472
Scanned files: 124137
Infected files: 0
Data scanned: 15269.83 MB
Data read: 23372.44 MB (ratio 0.65:1)
Time: 3841.849 sec (64 m 1 s)
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4173
Location: USA
Reply with quote
I know of no way to suppress those messages (and it's probably a good idea not to do that), so if this is possible in the portable version, I suggest that you exclude (whitelist) the extensions of those .dat and .log1 files (but not .sys files) from scans (tools, preferences, filters, exclude matching filenames). You can either exclude them like: *.dat and *.log1 which will be for everywhere or just in those folders where you get the permission denied messages (like C:\Folder\subfolder\*.dat).

Regards,
View user's profileSend private message
trishtren


Joined: 07 Apr 2014
Posts: 2
Reply with quote
I have also been seeing a lot of what I assume is wildcard "Permission denied" such as:

C:\Users\Public\Documents\My Music\*
C:\Users\Public\Documents\My Pictures\*
C:\Users\Public\Documents\My Videos\*

Not that these have any real use but what concerns me is the "\*" at the end. What does that mean if you wouldn't mean me asking?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4173
Location: USA
Reply with quote
I've never seen that in a ClamWin scan, but I think it means everything in that folder--including any subfolders. Are you scanning all extensions, or do you have a custom set to scan? The ClamWin default is to scan all extensions, but that is unnecessary and takes up a lot of scan time. For most infections, malware will be found in a list of 30 to 40 extensions. No list is complete, but here is mine: bat bin class cmd com cpl dll doc docx eml exe htm html inf jar js lnk ocx pdf pif ppt rar rtf scr swf tmp vbs xls xlsx zip also... aspx cab drv job msi pptx reg sys url vbe. The file extension is the last 3 or 4 letters after the dot in the filename. Malware can be found in just about any extension if the malware author is creative. If you don't like my list, do a search on the web for malicious file extensions or dangerous file extensions.

Just to be on the safe side, I suggest that you do a scan of your computer with another antivirus--maybe Malwarebytes Free, Security Essentials, or Panda Free Cloud (pick one). None of them will conflict very much with ClamWin if installed.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 89
Reply with quote
Hi Guys, Sorry for 'popping in' with a post but I wanted to add a relevant update with my own experience.

Like Trishtren, I too also get pretty much the same list of PERMISSION DENIED when I do a system disk scan. MY system is a fresh install of OS and software and its been doing it from day 1. It seems that clamwin, despite being run by the Administrator user account on my Server 2008 Foundation server doesnt inherit enough permissions to access these system protected files or more likely they are locked system files and it is claiming to not be able to access them (it isnt because of viruses). I know that clamwin recently introduced the verbatim reporting of this rather than ignoring the logfile when it doesnt access. (I my opinion all this has done in create more work and worry for people, rather than solving a problem). What I dont know is how to ensure that when the scheduled scan (which Happens overnight once a week) wuns, how to ensure that it has the highest provilidge permissions to gain access to these files (assuming it not just because they are locked).

Im not sure about 'exclusions' to stop the scanning of this files. What if a virus creeps on to my system, modifies or takes over any of these files? Clamwin never knows and the system remains infected. But then again, if clamwin isnt scanning thm anyway, its irrelevant. The system files can still get infected and clamwin wil still never know.

Not ideal at all. Im not sure why it happens, its not anything Ive seen before from a system installed Antivirus software. A very strange situation in my opinion.

So, how does one run clamwin and have it do a FULL SCAN (in the real sense of the terms) without having this restriction? Im sure there must be a way.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4173
Location: USA
Reply with quote
You are right, Jimi. I've had permission problems on my wife's Win 8.1 x64 now, and it seems to have started right after the Microsoft Patch Tuesday patches about 2 months ago. I am unable to use the ClamWin system tray menu. Before that, manual scans of memory always gave me the message that I had to be admin to scan system files in memory, and the user is the admin. I think that a higher level of admin msut be needed when ClamWin is installed.

I'll mention this to the ClamWin developers.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 559
Location: **UNKNOWN**
Reply with quote
I know this is old, but ClamWin has a setting under scanning options that says "Display Infected Files Only" but for some reason permission denied files still show. Is this a bug or is something not right?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4173
Location: USA
Reply with quote
No, I don't think it is a bug. At one time, it was a good idea to see the Permission Denied message. Some malware used to block scanning, but I haven't seen that in a very long time.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 559
Location: **UNKNOWN**
Reply with quote
Maybe ClamWin team should implant a sub-setting for that option that says "Ignore permission denied files" so we don't have such a huge list of those. Just a suggestion though.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4173
Location: USA
Reply with quote
It might be best to just suppress those types of notices--they have done that with some messages in the past. It looks to me like Windows 8 has some situations where you have to be some sort of "super user" to get certain files scanned. I am already an admin, but at times I get a message that I need to be an admin.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 89
Reply with quote
I think the problem is not necessarily a permissons thing but more that these files in the list_ are 'opened' and in use by the system. And therefore the scan cannot gain access due to them being locked exclusively. It is a common windows problem.
View user's profileSend private message
Reducing logged amount of "Permission denied"
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic