Karspersky: 23 mins
Clamwin: 188 mins

18 gb data. Other antivirus software takes similiar time to Kaspersky as well (no hashes, databases, first Run, all files scanned, nothing resident, no services, just on-demand scanner).

Is there any particular reason why Clam takes this long time... I tried it few years ago and abandoned it due to these ludicrous scan times. Years passed and nothing seems to have changed.

Can those technically well-versed folkds give me an insight?

Thanks!

Maria



----------- SCAN SUMMARY -----------
Known viruses: 149125
Engine version: 0.91.1
Scanned directories: 204
Scanned files: 1188
Skipped non-executable files: 0
Infected files: 0

Data scanned: 17846.75 MB
Time: 11279.781 sec (187 m 59 s)

I'll take a stab at answering this. Hopefully, it will free up for a short while the two unpaid developers who work on Clamwin with the free time they donate to the project after they finish their other full-time, paid work.

ClamWin was developed to provide a graphical user interface (GUI) for Windows to the Clam Antivirus program written for/used on Linux and related computers. It is not quite as efficient as the Linux version because it can't take advantage of all the capability of Clam AV nor can this current Legacy version of ClamWin take advantage of all the capability of Windows. ClamWin is still beta software. Kaspersky is well along in its development process.

Version 1.0 of ClamWin will leave the Legacy version behind and will include a fast scanning service and other improvements to make it more competitive, but ClamWin doesn't have the resources of Kaspersky (or any commercial antivirus company). ClamWin does benefit from the improvements made to Clam AV that can be implemented in Windows, and it has been improved compared to the version of a couple of years ago..

There is no announced release date for version 1.0 yet. To speed up ClamWin's scanning time for the present, you can set Preferences to scan only for the 50 or so most dangerous file extensions, and you can scan only those directories on your hard drive most likely to harbor malware--like Windows, System 32, and Documents/Settings.

Regards,

Unfortunately, you have to realize that there is a team of people who work on kaspersky's engine every day. The people who make the clamav engine also do the signatures and what not on their free time. There are also much fewer people who work on clamav.

With that being said, there are options in ClamWin that you can turn on which will speed it up quite a bit, however, the infrastructure behind the engine is just not as fast as the other antivirus vendors because the way some of the signatures work. (by checking the entire file for a signature, rather than checking particular locations in the file for the signature)

Excuse me folks, please do not compare irrelevant things or advise me even more irrelevant options. I know what free software is and i also know how to scan particular files. The example i gave you was to show you that it was an objective test that both software were tested under the same conditions to scan the same set of files.

If i am here, this means that there is some particular problem... And that problem is clamwin being 8 times slower than average scan time of any av software out there! We are not talking about few percents or few ten-percents difference here. 8888888888888 times slower. Something obviously wrong. When i looked at this years ago it was still the same. Can someone give me a technical insight as to why this is taking so long? You load a database to memory, read and compare files. Database items are similiar to other av databases... so what is it?

As for the software, clamwin is EXACTLY what i need.

I don't need no kaspersky or weirdass av software to take over my computer and inject hooks everywhere even when they are not loaded. I don't need no software to write into alternate data streams of my files... I don't need no software to slow me to a grind by checking every read write access of every file... I don't need no software to make my files inaccessible to administrator forcing me to use takeown and icacls to get rid of... And i don't need no resident processes, quarantines, cleaning or automatic deletion of files. If i have a virus in a file, it is sufficient for the program to tell me that there is a virus... I can spend few secs to find and manually get rid of it. After all, it is not every day that i have to deal with virii.

Being the perfect program, why this slowness?

BTW, i tried the win version from clamav site and it wouldn't work in 2 different computers.

Thanks for your time!

M.

Thanks b0ne. I somehow missed your last sentence. This explains for me.

M.

To me, this is very symptomatic of an underlying problem in the Open Source community. Clam AV is used by a plethora of Linux distros (some of them charging license fees) yet, from your comment, there doesn't seem to be any contributions from them to support those two unpaid developers.

As an end user, I wouldn't even think twice about contributing financially to an efficient, non-invasive, cross-platform product which thoroughly scans my computer. (Think of the money we spend on invasive, non-crossplatform, limited-licences "protection") However, at this point, scanning my computers on Linux or Windows is a process which can take up to 24 hours while slowing my computer considerably. At the end of the day, the overhead is such that I need to think twice about performing or even scheduling a scan. It defeats the purpose.

I agree with your sentiment, but for the most part, you're paying for support of the software, not licensing for the software. (Being that almost all of it is GPL or an open source license, they don't have the right to "license" anything other than the GPL which permits charging for distribution.)

It is possible to donate to clamwin, and clamav, however, it wasn't designed with cross-platform"ality" in mind.



This problem is mostly due to the original design. I don't think when clamav was created, they anticipated the volume of signatures required to detect malware. Many of their signatures (.db) are a byte mask that can occur at any location, in any file. This means that the more large files you have on your system, your scan times go up proportionally because it has to read every single file off disk and scan it with every (.db) signature.

If you removed the original ".db" database files, speed would increase substantially. Also, if one only scanned (on windows) executable files, the speed would increase as well.

Unfortunately, the ClamWin option for "scanning executables" is very deceptive, and doesn't attempt to only scan executables, it merely tries to rule out certain large container type files like ISOs and structured storage files.

There are new signature formats like the .ndb or "new database" which permits offsets into a file, or windows executable files. These signatures are substantially faster. Most modern AV engines, do not read files in their entirety, nor do they scan entire buffers that are read in their entirety for a signature.

[quote="b0ne"]


Understood. I assume that the same company develops and maintains both, therefore the donation would support both software.



I think part of the issue I had up to this point is that I was comparing Clam-Win/AV with the other AV utilities on an even basis (comparing different kinds of apples). If that was the case, Clam-Win/AV would be, as originally posted, ludicrously slow and dismissable. However, if I understand your explanation correctly, we are comparing apples with, say, a bowl of fruits. In that case the slow performance is explainable (because of the thoroughness) and one may be wise not to dismiss this utility in a computer protection strategy. One could, for instance, use a faster utility to perform a daily scan and use Clam-Win/AV for a weekly thorough scan when the computer is needed the least (say during the weekend, incl. an overnighter). Would this seem reasonable or is this overkill?

I don't think this assumption is accurate. It doesnt find me any more virii that other AVs find. And also, I am sure those people who are in AV business for decades and who probably created half of the virii in wild know how to scan a file or the infectable parts of it. If their method was not thorough in scanning a file, they wouldn't have employed it, otherwise their detection ratio would have diminished in various tests.



Overkill.

Why are we complicating things? Free software doesnt need to be inferior. Clamwin can do so much better. And like you said, common consensus is that we are not unwilling to pay for something that performs well even if it is free.

I would love to take this Kaspersky parasite off of my system.

M.

There are actually two unrelated development teams: one is responsible for developing Clam Antivirus, and the other is responsible for developing ClamWin, which uses the Clam engine. The Clam Antivirus project also has a Windows port but it is not as far along as the ClamWin software.

If having a state-of-the-art antivirus is important to you, I suggest that you continue using Kaspersky or a similar product and use ClamWin as a backup until ClamWin version 1.0 is available. Even then it won't be as effective as the large commercial poducts, but it should be faster in scannin g and more efficient in operation. The engine is the responsibility of Clam AV, but it should be improved also, as it is working toward its version 1.0 also.

The methodology of a scan, not the speed, determines how effective it is. Clam/ClamWin are about 99% signature based with only 1% heuristics. It's as effective as a few commercial antivirus programs, however. See https://winnow.oitc.com/avmalwarestats.php for further information.

Regards,

I've read several postings in these forums about how slow ClamWin scans files, and yes, much of it is really amazingly slow.

BUT, it scans mine much slower!

It takes over 10 hours to scan my 15GBs of data.
Can anyone tell me how to speed this up (if possible)?

I'm running ClamWin 0.91.2 on Windows XP.

Thanks,

Ted

During the day, I scan my Windows directory in about 30 minutes and my Documents/Settings directory in about 12 minutes. Those two scans are probably sufficient given my browsing habits, but I'm paranoid about security, so I schedule ClamWin to scan my entire 180 gigabyte hard drive at night, which takes about 70 minutes. Some might say those scan times are still slow, (and they are compared to expensive, fancy AVs) , but here's what I do to speed things up:

I have configured Clamwin to scan only about 60 file extensions (used to be 35, then 50, now 60), which consists of file extensions that are most favored by malware writers to hide their product. If you need help finding these file extensions, do a search on the Web for "dangerous file extensions." You could also look at the file extensions that other antivirus programs scan (I copied extensions used by AVG). Be sure the extensions include Microsoft document file extensions, a few of the most popular file compression extensions, pdf files, .exe files, and .dll files.

Configuring ClamWin to not scan in archives will also speed up things considerably. If you uncheck the "Scan in Archives" box in the Archive options, it will still scan archived files, but it will not uncompress them. This is a good idea if you also scan your system with another antivirus program. And that's another thing--ClamWin is still a beta program. It is an on-demand file scanner, so it is best used as a backup scanner in conjunction with a resident/on access scanner. There are several decent free ones--including AVG, Avast, and AntiVir.

Regards,