Using ClamWin 0.94
I've scheduled a weekly scan
It multiplies the clamscan.exe many times (over 15 instances..) killing the computer, by taking all available CPU
Anyone..
What can be done?
Is this syndrome familiar?

Hello,
Strange that multiple instances of Clamscan.exe appear.
Have made a quick test on my XP SP3 machine scheduling 3 different scans of single folders at an interval of about 15 mins one from the other (namely I scheduled the Documents and Settings folder plus 2 other program files folders). All carried out correctly.

Can you pls tell which is the setting of yr. scheduled scan so that I can try to replicate the case on my machine (or at least try to have a case as close as posible to yours)?
For CPU load it's correct; as far as I know Clamscan takes as much CPU as available during execution.

Right now I am scheduling a complete scan of C:
Will post findings, if any.

Update: just finished complete scan of C:. Completed regularly.
Regards

I have use Clamwin schedule scan daily but I never encounter any problem.

I have 2 hard disks and 4 partitions so I schedule the scan

C: 12:00
D: 13:00
E: 14:00
F: 15:00

All the scanning can be completed within 1 hour so i set a 1 hour interval

I use these filter to make the scanning faster so that it could complete within an hour
*.exe
*.dll
*.vbs
*.wsh
*.js
*.com
*.cmd
*.xls
*.doc
*.rar
*.jar
*.zip
*.tar
*.inf

Those extensions will catch a lot of malware. I would also add *.scr *.pif *.php *.eml and *.*.* to your list.

Regards,

Today I had exactly the same situation Udi described.
sceduled scan is for drive C: and usually takes a little more than 60min to finish but today there where 17 instances of clamscan running.
stop all running tasks didn't work and I had to reboot
after reboot my logfile looks like this.
I don't know why it started a single task 17 times, it never did anything like this before.

Dear Support,

I have had no problems with Clamwin so far.
This morning however, most of the people within our company came to complain that their PCs were running extremely slow, up until the point were the PC's were not usable any longer and people even started to reboot their machines.

After a quick look in the task manager, it showed that there were more than 20 instances of Clamwin.exe running, each taking up about 60Mb RAM.

Killing all sessions made their PC's again become responsive.

We have Clamwin scheduled to run once a week (on Mondays). And I have not heard anyone complaining last week, while this week I have half the company at my door.
The only thing I have seen changing lately is the upgrade to version 0.94.

We are running Windows XP SP3 machines.

Are there any issues known at this point ?

Kind regards,
Mario

I have the exact same problem since yesterday!

I'm running ClamWin under Windows XP Professional x64 Edition.

No problems so far untile yesterday! I'm using weekly scheduled scans: ClamTray keeps on starting many instances of clamscan, instead of an just one, each of them some minutes after the other.

Mauro.

Hello Mauro,

Thanks for adding your feedback - glad to see we were not the only ones having difficulties yesterday.
I did not get/see any feedback yet from anyone @ Clamwin. Hopefully they will shortly respond as by the end of this week I will start deinstalling all Clamwin installations to prevent this from reocurring...

Cheers,
Mario

I tried downgrading to 0.93.1 but it does exactly the same thing once it updated its signatures.
manual scans run normal
scedule settings are:
https://www.postimage.org/image.php?v=Pq1ItOKS

Hopefully this helps finding the reason for it.

Hi Mario,

Is it still happening regularly? I can't reproduce here unfortunately.

Please post one ofthe scan logs.

Regards,
Alch

Hello,

I have another process running in the morning, so I've scheduled a scan at 12:30 PM CET today. I'll make screenshots of the taskmanager to show you the amount of instances (that is if I manage to still do something with the PC at that time). I will keep the logs aside.
Is there anything else you'd like me to look at or capture ?

Bear in mind that I will probably have to abort the scan tonight as I Clamwin needs more than 4 hours to complete its task...

Kind regards,
Mario

can you post contents of %temp%\clamwin1.log?

Hello,

The scan I scheduled to start at 12:30 has now been busy for about 2 hours.
I have checked the taskmanager and see only ClamTray.exe and ClamScan.exe (second highest in CPU usage at the moment).
This seems to be normal to me, compared to the 20-30 instances I had to stop on several PC's over here.

Response of my PC is ok: I notice that something is slowing it down, but I can still do my daily tasks on the PC.

____________________________________________________
Content of %temp%Clamwin1.log:

running task <function>(<__main__>, 'c:\\', 'test scan', 1) on: 22-10-08 12:30:00. Frequency is: Daily

Scanning: "c:\\"
clamscan.exe command line: "C:\Program Files\ClamWin\bin\clamscan.exe" --tempdir "c:\docume~1\mbraeken\locals~1\temp" --keep-mbox --stdout --database="C:\Documents and Settings\All Users\.clamwin\db" --log="c:\docume~1\mbraeken\locals~1\temp\tmpfej6ix" --no-phishing-sigs --no-phishing-scan-urls --no-mail --infected --max-files=500 --max-scansize=150M --max-recursion=5 --max-filesize=100M --remove --recursive --exclude="[^\]*\.dbx$" --exclude="[^\]*\.tbb$" --exclude="[^\]*\.pst$" --exclude="[^\]*\.dat$" --exclude="[^\]*\.log$" --exclude="[^\]*\.evt$" --exclude="[^\]*\.nsf$" --exclude="[^\]*\.ntf$" --exclude="[^\]*\.chm$" --kill "c:\\"
"C:\Program Files\ClamWin\bin\clamscan.exe" --tempdir "c:\docume~1\mbraeken\locals~1\temp" --keep-mbox --stdout --database="C:\Documents and Settings\All Users\.clamwin\db" --log="c:\docume~1\mbraeken\locals~1\temp\tmpfej6ix" --no-phishing-sigs --no-phishing-scan-urls --no-mail --infected --max-files=500 --max-scansize=150M --max-recursion=5 --max-filesize=100M --remove --recursive --exclude="[^\]*\.dbx$" --exclude="[^\]*\.tbb$" --exclude="[^\]*\.pst$" --exclude="[^\]*\.dat$" --exclude="[^\]*\.log$" --exclude="[^\]*\.evt$" --exclude="[^\]*\.nsf$" --exclude="[^\]*\.ntf$" --exclude="[^\]*\.chm$" --kill "c:\\" --memory
Scheduling task (<__main__>, 'c:\\', 'test scan', 1) for: Thu Oct 23 12:30:00 2008
____________________________________________________

For now all seems to be going OK. Maybe the update of the signatures resolved the issue ?

Mario

Hello. I also has this problem. I have scheduled scans at nights drive per weekday.

When I leave computer unused for a longer period it is hanging heavily because of the ClamWin instances.

I have no logs as they don't complete the scans at all.

Here's a picture attached which shows how they are in Process Explorer. They claim to be threads. Also they do work on something else than taking up CPU if I don't touch the computer for a while.

WinXP + SP3 + ClamWin 0.94

https://www.postimage.org/image.php?v=aV1MUKvS

edit: Also noticed that the priority is set to very low for those even that they do take all of my CPU available actively. Killed the ClamWin-process but those processed killed themselves very slowly after that.. so I had to kill most of them by hand.

Could you please provide relevant log as per my post above?