Just wondered if this might be relevant - We run Clam on a couple of servers. It's the commandline-only https://oss.netfarm.it/clamav/files/clamav-win32-vc6-0.92.7z version, and was using version 0.91 at the time. On both, Freshclam.exe had stopped updating the defs some days back, and I was at a loss to figure out why. The scanner was still working.

As an interim measure on one box I downloaded the main and daily databases manually, and replaced the two db subfolders with these. Initially this worked, but the next time Freshclam ran, problems started. A folder with a long gibberish name appeared in the root of C: with 'Clam' being part of the name, leaving little doubt as to its source. This foldername contained illegal characters and proved hard to delete.

Any virus-scan after this would push the processor utilisation to 100%, and take ages. After some hours, the server halted with an 'Insufficient resources' message. (not a bluescreen, just an ordinary GUI message) A reboot got it going again, thankfully. This (NT4 sp6) server is normally very reliable, typically running 1000-2000 hours between reboots.

I updated the AV program to 0.92, deleted the defs and re-downloaded them, and this appeared to cure the problem.

I'm wondering if there was a problem in a recent batch of defs, or if it is a format-conflict between the current defs and the 0.91 executable? Just mention it in case it helps track-down the problem.

I guess we can speculate all we want--only Clam would know for sure unless the ClamWin developers are privy to something. I know Clam is changing the scan logic with version .93 (now in release candidate stage). I know they also now have an additional file type for signatures--type 6 for scripts. It also looks to me like scan times have been a bit faster during the last couple of days--so...I guess they could have changed the signature formats a bit to set up for the new logic.

Regards,