So, yesterday I went out. I did a clean up of my PC to help free disk space (I used BleachBit with the latest winapp2 file). After that, I ran a full scan scanning the entire C: drive. My limits are set as follow:

Do Not Scan Files Larger Then: 4096MBs

Do Not Extract More Than: 4096MBs

Do Not Extract More Than: 99999999 Files

Do Not Extract More Than: 999 Sub-Archives

I maxed out all of them, as you noticed. My disk space specs currently is 931 GB total, 670GB used, and 260GB free. Yesterday, I ran a full scan on C: drive at around 7PM and left it running I got home around 12AM and the scan is still going, by the looks of it, it looked like it was only half way through. I know I have a big system, but these scan times are very slow.

Yes, the Clam AV scan engine used by ClamWin is an older-era engine that was designed to scan one file attachment at a time on a Linux email system that is a server for multiple Windows users. The engine was not designed to be fast, it was not designed to be efficient, and it was designed to scan for signatures only--no heuristics to speak of. It needs some intelligence in the scanning process, but there is hardly any intelligence built in (Clam Sentinel detects/quarantines 70 to 90% of Windows PE malware with an executable size of about 700K--the current ClamWin download has a size of about 80MB--most of which is the Clam AV scan engine/library).

Here are my suggestions to speed up ClamWin scans:

You do not need to scan all files--that is a waste of time. Most malware will be found in memory, the %appdata" (users) folder, and system 32 (Plus the WOW folder on Windows 64 bit machines).

You do not need to scan all extensions--that is another waste of time. Most malware (about 80%) will be found in Windows executable files. No list of extensions is complete, but in my opinion, this list will cover 95% plus of the malware that is out there: bat, bin, class, cmd, com, cpl, dll, doc, docx, eml, exe, htm, html, inf, jar, js, Lnk, ocx, pdf, pif, ppt, rar, rtf, scr, swf, tmp, vbs, xls, xlsx, zip, plus aspx, cab, drv, job, msi, pptx, reg, sys, url, vbe. I think ClamWin actually scans better at about 15 to 20 extensions.

You do not need to scan large files--that is mostly a waste of time. You might have noticed that Jotti/Virus Total have a 20 to 30 MB file size limit that they will scan. Most malware is found in files smaller than 1 MB, and the majority of malware I have seen is smaller than 350K in size. For scanning zipped files, of course you should go larger than that 1 MB. Here are my ClamWin limits: files-20MB (just to make sure but 10 MB would be a reasonable size, max files-100, maximum sub-archives-20.

Then you have to ask yourself: how good are the Clam AV signatures and how fast/frequently are they prepared and sent out to the users. When you consider this, I think you will conclude that ClamWin should not be used alone. It should be used only as a backup AV scanner--the main scanning should be done by the primary AV.

Regards,

Though, I agree what you are saying. Perhaps my limit sizes are overkill, but to be honest, the scan times of the actual engine is still too slow.

I have been using ClamWin and ClamSentinel as my only anti-virus for about 7 months now. I have been satisfied and I no longer trust closed source software (I know I am running Windows). Those 2 combined with PeerBlock and BleachBit, to keep your privacy secured, and you should be set for life. You can also adjust browsers, like Firefox, to protect against Man-in-the-middle attacks, exploits, and Banker Trojans and that will cover the rest of the barrier. To be honest, people who are sing more then one anti-virus is just wasting system resources.

I find there is not much resource duplication using ClamWin/Clam Sentinel with Microsoft Security Essentials--just exclude the ClamWin clamtmp extension and the ClamWin program and data folders from MSE scans. Although Clam Sentinel does a decent job of spotting malware, it is primarily a download protector, and you need all the help you can get. If you insist on using ClamWin/Clam Sentinel as your only AV, make one of the bootable rescue CD/USBs just in case and update it a couple of times each week. I like Microsoft's Windows Defender Offline, but F-Secure, Kaspersky, and Dr. Web have good ones also. Come to think of it, Dr. Web's Cureit on-demand scanner is almost as good as a bootable rescue program, and you do not have to install it. I have not yet found a bootable rescue program that I can use with my Windows 8 x64 desktop--Microsoft thinks the OS doesn't need such (no Safe Mode either).

Regards,

Really? I didn't know that windows 8 didn't have a safe mode. I guess that's another reason for me not to get Windows 8. Just for the record, Microsoft Security Essentials database is much similar to ClamAV's. It's a shared database only getting signatures from other companies and off VirusTotal. Same goes with Windows Defender except it's not an Anti-Virus and only updates once every week or 2.

Most AVs now use malware samples from Virus Total--it's big and has good information on each sample. When I left Clam AV, Clam was only preparing automated signatures for the Virus Total samples--all other signatures were manually prepared. The big/smart AVs also have their own methods of getting malware telemetry, and they all get samples from users, of course.

Microsoft is geared toward monitoring/protecting its installed user base. They will spot any malware infections of their users in significant numbers, but the problem is that "professional" malware is now relatively short-iived and targeted toward specific users instead of being designed for massive infectons. Microsoft doesn't do too well on tests with the latest/greatest malware infections, but they do a pretty good job of protecting their users. They do rely too much on signatures--Security Essentials is free and they are cost consicious, and they are scared that the commercial AVs will complain if Microsoft gets a technology edge. They do need some better/common-sense heuristics--Andrea Russo should sell them the Clam Sentinel heuristics! The upshot is that Microsoft gives us a free, basic, average AV with good user telemetry. That's still not a bad deal.

Regards,

They'd find a way to ruin that...lol

@ROCKNROLLKID: I agree with Bob that you should have a rescue disk of some sort handy in case the worst should happen. You should also have a method of disk imaging in place, and run it periodically (at least monthly). Have you considered a HIPS program to alert you of mal-activity for zero day attacks and malwares not detected by ClamWin or Clam Sentinel? Also, there are unofficial signatures available for ClamWin/ Clam AV which increase the detection rate. Securiteinfo.com is one site, though I'm not sure if it's open source. A plus, if one of their signatures detects something, it is clearly marked "unofficial" to distinguish it from a Clam AV signature detection.

Which version of Windows do you use?

@GuitarBob: Have you tried Comodo Rescue Disk on Win 8? It contains a small, simple linux distro with Comodo Cleaning Essentials. I run it occasionally to check for malware from a non-Windows environment. Note: CRD supports Win 8, but the CCE version in the CRD iso doesn't. That shouldn't be an issue running on a linux platform, though. A different issue could be if this linux distro doesn't have a driver for your network card. You would then be unable to update the virus database (cannot be done beforehand). NP, there are several workarounds, including my shared MSN OneDrive where I post the current db 2-3 times per week (download/save in Windows-copy/paste from/to linux).

https://forums.comodo.com/comodo-rescue-disk-crd/comodo-rescue-disk-crd-v202752391-released-t94106.0.html

Lipper: Yes, I keep a copy of the Comodo Rescue Disk around, but I've never had occasion to use it. I do use Microsoft's Windows Defender Offline twice a week as a preventative measure. I also keep a copy of Puppy Linux around too, and each time I have a problem with Windows (it's permanent beta software, I think)), I swear that I'm going to look into it, but I've never done anything but just set up the Linux distro--at one time it did not work too well with wifi.

Regards,

I use Puppy Linux on an HP Mini and the wifi works very well .

Thanks. I'll give it another go.

Regards,

Going off topic. I worked with MSE back when 1.0 was out and through to 2.0 and I quit before 4.0 came out because the program seemed to be getting worse in detection then better. When it first came out, it's detection was high, but it seemed to have lowered through out the years. After that I joined Avast, SuperAntispyware, and Malwarebytes for malwarehunting. I did that untill late 2011. Early 2012 I joined up with, once was, ZeroVulnerbilityLabs (ZVL) to help develop ExplotShield, which is now known as Malwarebytes Anti-Exploit. I worked with ZVL for a year and became more skillful with exploit attacks, as back then that was my weakest knowledge. Early 2013, ZVL merged with MBAM and I was forced to leave. I didn't join anyone for a long time, and during that time, I started distrusting closed software. October 5th, I joined ClamWin and decided to help you guys out, since you are one of the most smallest AVs out there. What I learned from past companies has helped with ClamWin. Above all that, I don't use anything else because of all these bad experiences. With open-source software, not only can I benefit myself by benefiting the program itself, I don't have to be worried about being tossed out. Although, since 2006, I have had maybe only 3 or 4 virus attacks on my system, all of them were with XP 32-bit. I got Windows 7 64-bit in 2010, and ever since then, I have not gotten any type of infection. Though, a rescue disk is always good to have, even if you would never use, but I know how to handle myself.

Incase you are wondering, my specs are Windows 7 64-bit, Windows Firewall, PeerBlock, ClamWin/ClamSentinel, BleachBit, Performance Maintainer, Process Hacker and TrueCrypt, alone with 3 logon passwords, so I don't think malware is a concern of mine. None the less, I appreciate the advice given from all of you.

So you are a pro! Thanks for that information. I think that ClamWin has a lot of users with some good experience/ideas, and they are largely going unused--just like most AVs, I think. It's too bad. If you want a better ClamWin, based on my association with it since 2006, you are going to have to design/build it yourself. They had a good start for the design of ClamWin 2.0 with a roadmap, but nothing came of it. One problem was finding expertise, and the other problem was to retain it if/when it was found. I think it could be done in small steps, but we need ideas/design/commitment. In many ways, Andrea Russo has a good start with Clam Sentinel. His integration of the quarantine browser, his design of the user input on configuration options, and the tightness of the program are nice.

I tried the Exploit Labs product early on, but it seemed a bit unwieldly to me. I was glad when MBAM took it over--it became more useable. Now MBAM has version 2.0 that has integrated additional protection, and I have dropped it--they seem to be getting just like all the other AVs now--bigger, less useable, and "we'll give 'em what we want not what they need."

My opinon only.

Regards,

I would love to help improve ClamWin but I am not a programmer so I can't help there. My programming is limited to Excel VBA macros and a bit of scripting with Auto Hot Key.

I still think MBAM is a great product and Malwarebytes CEO Marcin Kleczynski has already commented on Reddit that they're listening to feedback from their users about the new version:

https://www.reddit.com/r/technology/comments/218m3d/malwarebytes_antimalware_20/cgaq8cc