Hi!

What I wanted to know is if I can check & update for AV definitions when starting a scan. My idea is to use an on demand only AV with zero processes running in the background while not in use. So I'm wondering if, with ClamWin I can, let say, check the definitions (and update if needed) when I right click a file and send it to scan.

Can this be done? If not... how does ClamWin autoupdate? Does it leave a process running in the background? I've read somewhere that it was possible to make it auto update with the default Task Scheduler in Windows... that'd be better than nothing, as to not have another process running just to update the defs! Did I read correctly?

Thanks in advance people.

Hello,

As far as I know Clamwin cannot be set to update its Virus Db when starting a scan. Anyway You can set automatic updates just setting Clamwin preferences (they may be set weekly, daily, hourly). My suggestion is to set updates at hourly rate and to set a scheduled scan just after one these updates (all this can set also via Preferences tab; just set the schedules at a time you machine is not particularly busy since Clamscan is taking as much CPU cycles as possible).

Hope this helps,
Antonio

Hmm... yes.. I think that it can't be done

The closest to that would be to create a command line script to just run the scanner with the autoupdate parameter, and would manually run it from time to time.

Hello,
Yes I agree this could be the only solution which just gets just to what you are wiling to have (unless Sherya can post further clues...).
Anyway, if you set virus DB update at hourly rate you are quite sure that yr. files get scanned with most updated sigs definitions. As far as I have tested it is not very likely you get virus db updates each and every hour, so possibilites to scan without an updated db are quite remote.
As I said, a combination of scheduled scans with automatic db updates would be perhaps the quickest solution; all this can be made directly via GUI, using Clamwin options.

Regards,
Antonio

Thanks Antonio for your comments!

Yes, I know it can all be done using the Clam GUI, but I think it'll put a system try icon; which means that it's up and resident just updating every X interval. What I'm looking forward is to a 0 overhead on demand AV solution, so the command line running when Windows starts up or at my will would quite solve this!

Now... may I ask you; I'm also trying BitDefender Free, which seems pretty good and lightweight, but even if it doesn't have real time scanning and you disable its auto update feature, it installs 3 Windows services (2 of which are Automatic, the other Manual), so thats what inclined me to ClamWin.

So... the question is, can ClamWin stand against BD in its detection features? Or is BD way more advanced than the Clam? In any case, don't get me wrong, I think that the Clam AV is great!!! Just wanted to be sure that I can rely on it and dump BD!

Thanks again,

I've never used the Bitdefender on-demand scanner--thought about it a couple of times as a secondary scanner when working malware, but I see how large the program is and it always turns me off--I'll stick with Cureit and Malwarebytes. It might be that it actually has the on-demand component, but it is turned off.

With that said, if the on-demand scanner is the same as the Bitdefender real-time one with real-time turned off, it is certainly a better scanner than Clam/ClamWin (god forgive me!). Bitdefender is a commercial AV company with a larger staff than Clam/ClamWin. Their scanner has better heuristics, includes behavior blocking, and they have more people working the signatures and the scanning engine. On the other hand, they have a problem with customer service and are not as responsive to customers as they should be. In the past, they thought that just because the technology was there, they didn't need to devote much thought to anything else. I haven't seen any statistics lately, but as of late last year, Bitdefender consistently detected about 50% of the malware submitted to Jotti, while Clam consistently detected about 30%. On some other tests I've seen, Clam does have better on-demand detection than some of the lesser commercial AVs--like CA and Virus Buster.

On the other, other hand, Clam/ClamWin will probably improve more than Bitdefender during this year. Clam is looking to have some PE heuristics and a very minimal emulation capability (bytecode only--not samples) probably in version .96 or shortly thereafter. So it should improve, and if ClamWin can ride along and develop a real-time scanner in conjunction with that, we would have ourselves a pretty decent scanner. At the present time, however, if you rely on ClamWin as a primary scanner (not recommended), you should also use something like Threatfire's behavior blocker or the WinPatrol system monitor to supplement ClamWin's static, on-demand protection.

Regards,

Regards,

Thanks very much for your comments Bob! From the little time I have in this forum, I noticed that you are one of its greatest member and I've read many great posts from you! Keep it up!!!

On regard if to rely on Clam as the primary scanner... the thing is that it'd be either it or BitDefender; because I don't need / want the wasted CPU cycles + memory in real time scanning or services, so I'm only looking for a scanner to scan certain manually downloaded files from the Web... and thats all! So... in that scenario (where I'll use an on demand only scanner), I understood from your post that you would be recommending me to go with BitDefender, because it has better heuristics & signatures? I really liked that ClamWin didn't have any running services or crapware loaded (compared to 3 services of BitDefender...) and so REALLY wanted to use it and throw away the BD!

Please, let me know what you think about this. Thanks again!

Hello,



If you are using Firefox maybe this add can provide help:
https://addons.mozilla.org/en-US/firefox/addon/10882

rgds
Antonio

Thanks Antonio! I thought about using it but since 99% of the files I get from Firefox are safe, it would still be an overkill to scan them all! Quite similar to having a real time scanner (at least for me).

Thanks for the suggestion though! Maybe you can also let me know what you think on what I asked GuitarBob above, about ClamWin compared to BitDefender. What do you think?

Hello,

I think Bob has given you the right advice. Clamwin is a porting of a tool called Clam av, which was designed to run on Linux environments especially for mail servers, which means that is better focused in scanning threats which can arrive by mail and is not primarily designed to scan a complete filesystem as it is used under Windows. This does not mean it is not good in scanning a full HD (it is, and scanning performances has increased progressively with each new version) but just that it originally has a different target.
With this being said, and as a Clamwin user, I would recommend keeping it as a backup scanner and have at least a behavior bloacker installed (currently I am using ThreatFire coupled with Clamwin and I feel comfortable with them). Clamwin (and Clam) have quick response times on new spreading threats so if your files come mainly from the web it would surely be of use.

Hope this helps,
Antonio