ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
ClamWin doing background scan, can't see what it's doing
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
I scheduled the weekly scan and it's running, but my laptop's fan is at max and ClamWin's memory usage is at about 500MB (CPU being used of course)...

If I try to click on or open ClamWin from Windows' (7) notification bar, it just opens it up like normal but with no in-progress scanning window, so I can't see where it's at or what it's doing.

I'm assuming it's just doing what I scheduled it to do, but it's disconcerting to see it's taking up this much RAM when I can't see what it's doing (and I can't imagine why it needs that much memory).
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
That sounds like way too much memory for ClamWin to be using. How long has the problem existed?

If you are using another AV--a real time one (and you should be), maybe the other AV is also scanning with ClamWin. If you are, exclude the ClamWin program folder, data folder, and quarantine folders from the other AV's scans. Also excude these programs/processes: from the other AV's scans (these are all the .exe files in the ClamWin\bin folder): clamscan.exe, clamtray.exe, clamwin.exe, freshclam.exe, QRecover.exe, w9xopen.exe, and wclose.exe. If possible, also exclude the *.clamtmp temp files that ClamWin uses when scanning. Finally, under the ClamWin advanced tab, make sure the scanning priority is still set to the Low default.

ClamWin will scan every file during a scheduled scan, but most malware will be found in these extensions: bat, cmd, dll, doc, docx, exe, htm, html, js, lnk, pdf, rar, rtf, vbs, and zip. If you use a real-time AV along with ClamWin, I suggest you configure ClamWin to use these extensions in Preferences, Filters, Extensions to scan. Finally, you don't have to scan your entire hard drive. Most malware will be found in these folders: System32, SystemWOW64, Users\Computer Name\appdata, or Windows\temp.

All this might help. Let us know if it doesn't. You can use Windows Task Manage to see what proceses are going on while you are scanning.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
GuitarBob wrote:
That sounds like way too much memory for ClamWin to be using. How long has the problem existed?


I don't know, I just noticed it Sunday morning while the auto-scanner was running.

GuitarBob wrote:
If you are using another AV--a real time one (and you should be), maybe the other AV is also scanning with ClamWin. If you are, exclude the ClamWin program folder, data folder, and quarantine folders from the other AV's scans. Also excude these programs/processes: from the other AV's scans (these are all the .exe files in the ClamWin\bin folder): clamscan.exe, clamtray.exe, clamwin.exe, freshclam.exe, QRecover.exe, w9xopen.exe, and wclose.exe. If possible, also exclude the *.clamtmp temp files that ClamWin uses when scanning. Finally, under the ClamWin advanced tab, make sure the scanning priority is still set to the Low default.


I've had MSSE since Windows install and it wasn't anywhere noticeable near the top of the sorted CPU list in Task Manager (and I have real-time scanning on) where ClamWin was. This is the first time I've noticed ClamWin taking up so much memory during a scan. I've noticed MSSE catching ClamWin quarantined or temporary files immediately, but it was never at a high CPU or memory (it's only around 50% during a disk scan or update). I can add ClamWin's folders to MSSE's exceptions list, but I don't see that MSSE is causing ClamWin to glut up to 500MB. The CPU priority didn't seem to be an issue, ClamWin was at or below 50%.

GuitarBob wrote:
ClamWin will scan every file during a scheduled scan, but most malware will be found in these extensions: bat, cmd, dll, doc, docx, exe, htm, html, js, lnk, pdf, rar, rtf, vbs, and zip. If you use a real-time AV along with ClamWin, I suggest you configure ClamWin to use these extensions in Preferences, Filters, Extensions to scan. Finally, you don't have to scan your entire hard drive. Most malware will be found in these folders: System32, SystemWOW64, Users\Computer Name\appdata, or Windows\temp.


I'm going to leave ClamWin to auto-scan weekly the C drive; the issue is ClamWin taking up so much memory, which I didn't notice before, and I'm not seeing that just scanning the C drive is the reason, which I've been doing for years on multiple computers.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
There has been no change in ClamWin for a little over a year now. If you have just now noticed the excess memory usage, have you maybe recently installed any other software that might cause a conflict?

Exclude every ClamWin\bin folder exe program from MSSE as processes, also exclude clamtmp as a file type, and exclude the ClamWin db and quarantine folders and see if there is any improvement.

Regards,
View user's profileSend private message
VBatT


Joined: 25 Apr 2017
Posts: 9
Reply with quote
I always see around 500 MegaBytes with Clamscan. (Peak almost 620 MB)
Also by Single-File-Scan with a File-Size = 0 ( loading cycle uses up the memory)

It looks like:
Process CPU Private Bytes Working Set PID Description Company Name

ClamTray.exe < 0.01 18.040 K 23.924 K 2668 ClamWin Antivirus alch
clamscan.exe 12.48 493.828 K 600.256 K 3544 ClamWin Antivirus
ClamSentinel.exe 6.492 K 17.404 K 2756 Clam Sentinel Andrea Russo - Italy

Process: clamscan.exe Pid: 3544
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
Disable Clam Sentinel before a scheduled scan and see what happens.

Regards,
View user's profileSend private message
VBatT


Joined: 25 Apr 2017
Posts: 9
Reply with quote
I see the same:
____________
Process CPU Private Bytes Working Set PID Description Company Name

taskmgr.exe 0.06 4.436 K 12.168 K 2700 Windows Task-Manager Microsoft Corporation
ClamTray.exe < 0.01 18.032 K 23.552 K 2752 ClamWin Antivirus alch
clamscan.exe 6.04 494.060 K 618.796 K 1784 ClamWin Antivirus

Process: clamscan.exe Pid: 1784
__________________________

Current db size is over 250 MB.
Guess that in addition, some kind of index to the db content is generated in memory - during the load process, together with sorting operations.
A further guess is, that the generation of an index could explain the long signature "loading" time.
When so - could not that whole work be left in memory - or - via "mini hibernation" dumped and reloaded.(?)
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
I'm sure there has to be some sort of index to the signatures. The daily size is more than the main--might be time for Clam AV to integrate them again (it does so periodically but not very often).

Since Clam AV is designed for Linux email servers, there is no need for speed, and there is no need for file control to prevent execution. We have to live with whatever Clam AV does--there is no ClamWin development other than preparing a Windows port. A few attempts have been made to make it more Windows specific, but they have all met with failure/lack of interest.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
So from VBatT's replies, it appears this is normal.

Bob: I don't even have Clam Sentinal installed. I'm not seeing any recently-installed software that might cause a conflict. I'm afraid this will be a red herring or wild goose chase without any indication that they're related.

I can exclude ClamWin stuff in MSSE, but I'm not seeing how those things would have increased RAM in ClamWin excessively; it seems that would only affect MSSE's RAM.

I'll just ignore it until it becomes a problem again.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
Okay. Let us know next time if it gets to where you can't stand it, and we'll check with the developer(s). For some reason, I thought you were using Clam Sentinel alongside ClamWin. You are right--with ClamWin only MSSE is no problem since ClamWin scan on-dmeand.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
OK so my computer is running slow again, being choppy, hard drive light blipping on and off, I go to Task Manager, and it shows clamscan.exe is 0% CPU (I think the hard drive issue is just iTunes at 11% CPU parsing a new mp3 library), but clamscan.exe memory is at 479MB, more than ANY other program running, including Chrome.



When I open ClamWin, I just get the window to start a scan, so it's not scanning anything.

This is a very simple program, there's not a lot of imagery or animation or anything like that; I don't understand why it's using almost 500MB, more than even Chrome.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
I've passed this on to the ClamWin developers.

Regards,
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
you can try http://processhacker.sourceforge.net/ to check more detail about a process, use "show details of all process" to get administrator elevation then double click on the process an check in "handles" tab
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
It is because ClamWin doesn't run as a service on Windows, so it will consume more memory. I am hoping the ClamAV can make ClamAV run as a service, as I have sent them a way to do so sometime ago.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
RRK: I don't think Clam AV is concerned with the use of its signatures/scan engine on Windows machines. They have had a long time to fix it to do so. They have Immunet's AV, but it has gone nowhere (that I can tell) for a few years now, and they don't seem to want to upgrade it. Every time I've tried it, I've been disgusted because of some little mistake/quirk when running it on my Windows computer. I now see that the Immunet setup binary also has an expired signature.

Regards,
View user's profileSend private message
ClamWin doing background scan, can't see what it's doing
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  

  
  
 Reply to topic