It sure sounds like the problem is due to ClamWin's slow loading time for the virus signatures, perhaps compounded if you do not have a custom group of signatures (20 to 30) to scan. I think there are just too many signatures now and Clam AV needs to compact its database. Compacting has always been a big deal, and that is probably why they put it off.

Yes, I have been using Forticlient 6.0 sometimes (I switch between several main AVs), and it has a minimal log. The log notes when a scan starts, when it ends, and if anything is detected/quarantined. I exclude ClamWin's freshclam, clamscan, sigtool, QRestore, and ClamWin.exe from Forticlient scans. There are several updates each day, and you can force a manual update if you click on About (for some reason). Configure the malware and web pages--be sure to choose to update the program automatically.

Regards,

GuitarBob,

Are you sure Forticlient 6.0 does command line scanning? I can't find an example of how to do this.

Any chance that you can motion the developers of Clam AV to compact its database?

Robert

Sorry--I didn't realize you were only interested in a command line scan. Here is some info about command line scanning at https://forum.fortinet.com/tm.aspx?m=96658 on the web--it doesn't look like it is possible.

Since the purchase of Clam AV by Cisco and the loss of the original Clam AV development team before that, ClamWin does not have any contact(s) with the Clam AV team at Cisco. Clam AV is not a commercial product at Cisco, and it does not have much priority there. As far as I know, there is no one working on Clam AV on a full-time basis. In the past they have worked on Clam only when they are not performing their primary duties.

Compacting the database used to be a tricky thing. I doubt that even now, anyone at Cisco attempting it will know how to do it without some detailed study. The first attempt after the original Clam AV team left was a fiasco.

I think that Windows Defender is all you need for email scanning. It is much better than Clam AV/ClamWin. It is under continuous development by a full-time, professional team that uses the latest technology. There are well over 300,000 new forms of malware each day, but Clam AV only prepares about 1,000 daily malware signatures. Clam AV has practically no heuristics, and there is no use of machine learning/AI.

Regards,

Thanks again for everything GuitarBob. I went with Windows Defender and as a result of it's multi-thread design, it is near instantaneous and does provide a form of logging.

Too bad about ClamAv...

Robert

Thanks for using ClamWin all these years, Robert. Unfortunately, it appears to be winding down now. You can't go wrong with Windows Defender.

Regards,

Thanks again for your help. With further analysis, it appears that the scan process runs numerous times for the same message with attachment. Not sure why as I have tested this before in the past. Still waiting for the eicar test to pass. The log is showing at least a dozen scans so far each taking about 73 seconds or so - still not done yet. Furthermore and more troubling is that the eicar test aren't even caught and I know I've tested this in the past and have always worked. https://teatvapk.win teatv https://hellodear.in/e-sadhana/ e sadhana tg

Long time, no see.. It's been about 2 years. Make sure you are using the latest version of ClamWin (they finally issued one in early June. Clam AV (and therefore ClamWin) will no longer support Sane Security signatures. If you are using a custom list of extensions to scan, make sure .txt and .text are included--ClamWin only scans items on the list.

How did Windows Defender work out? Use it (or something else) as your primary AV to ensure good protection and keep ClamWin only as a backup scanner. You need a real-time scanner as primary AV to protect against current malware.

Regards,

I just don't understand this failure and the fact that according to the log, it appears to scan each attachment a number of times each taking 72 seconds or so...

https://19216811.bid/ 19216811.bid
https://panoramacharter.ltd/ panorama charter com

only thing I can think of is that if you are using the option to scan Windows email, that code was written a long time ago and may no longer be good.

If you are using it, try a ClamWin on-demand scan of the email. In other words, find your email folder, and right click to select an on-demand scan with ClamWin to see if it is better/quicker.

Regards,