After upgrade from 0.96 to 0.102.1 32-bit on Windows 2003, clamdscan fails.

C:\clamav>clamdscan.exe -v --stream c:\fciv.exe
ERROR: Can't access file \\?\c:\fciv.exe

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

User "Everyone" has been assigned "full control" permissions for c:\clamav.

A file in the clamav folder also fails, but different:

```
C:\clamav>clamdscan.exe -v --stream c:\clamav\sigtool.exe

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.015 sec (0 m 0 s)

Clamscan runs ok:

C:\clamav>clamscan -v sigtool.exe
Loading virus signature database, please wait... done
Scanning \?\C:\clamav\sigtool.exe
C:\clamav\sigtool.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 6730334
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.11 MB
Data read: 0.11 MB (ratio 1.00:1)
Time: 41.528 sec (0 m 41 s)

Clamscan.exe is a great tool, however I am missing some features for scan targets.

As of now, I have to define the drive letters, which should be scanned.
I am working on a one-click batch script, which should not be edited by the user.

Is there a chance you can add more arguments like, --scan-local-drives and --scan-removable-media?

Thank you.

I'm using ClamAV-win32 as an on demand scanner on several versions of Windows computer. I've recently noticed an increase in the number of "Can't allocate memory error" I'm seeing in the log file. On some scans I see in excess of 30,000 of these errors. If I run ClamAV in verbose mode the error at the console looks like this;

LibClamAv Error: fmap cannot map file descriptor 4
LibClamAv Error: Critical: fmap() failed
<filepath & name>: Can't allocate memory error

I've tried various versons of ClamAv-win32 including 0.102.1, 0.103.8, 0.103.10 & 0.103.11. Each give similar results. Oddly, if I target an individual file which has previously produced this error and scan it individually, I do not get another error.

Hello,

using the freshclam.exe in batch I try to capture some errors.

According to https://www.systutorials.com/docs/linux/man/1-freshclam/ the exit code on "Database is up-to-date" should be 0, but with the version 0.100.0 I receive exit code 1.

Is this a bug or a feature?

Is there a step-by-step guide to building with mingw64 (32-bit), including the version of mingw64 used and the associated build environment?

Our Cloud environment detected VM's reporting this:

This is the first time that we are seeing a behave like this, even in the VM's that are not full deployed and are not in use, they just have the ClamAV installed and are not scanning, the Windows defender detected this.

We're using the version: 0.103.5
All OS are WS2019.

Does this issue could be related to the ClamAV virus database update service!?
Thank you for the support.

Very happy with a this port,a few bugs I like to report running all on a Windows 2003 server X64, but the native x64 app does not work with the message not a valid Win32 application

1. when running freshclam in a dos shell error can not create database\tmp directory
2. after creating the directories by hand running fresh clam can download some files but failed to download daily.cvd after 60 sec process is stopped.

Hey sherpya, how are you doing?

I am aware ClamAV 0.104.x is released that includes your 'fixes' to run it as a service.
Unfortunately am am not able to use 0.104.x (yet) as there seem some compatibility issues with 0.103.x and 0.104.x, especially concerning spamd.exe and the way it responds to a stream, if you are interested you can read more about this incompatibility here:
https://www.hmailserver.com/forum/viewtopic.php?f=7&t=37507
https://github.com/hmailserver/hmailserver/blob/master/hmailserver/source/Server/Common/AntiVirus/ClamAVVirusScanner.cpp#L71

In the meanwhile would it be possible for you to push a 0.103.4 release?

The computer use UTC +1.00 The Netherlands as Timezone .
I checked with NTP the time, which is correct

How to solve this error?

Hello,
i get the following error:
The procedure entry point _ftime64 could not be located in the dynamic link library msvcrt.dll.

Here is my system information:

Build: clamav-mingw-0.99.4.7z
System: Windows NT 4.0 SP6a
Internet Explorer: 5.0
msvcrt.dll: 6.00.8797.0

According to my research the function "_ftime64" should be included in the msvcrt.dll version 6.00.8797.0
Edit: Checked with Notepad++ the contents of the above dll and didn´t found any "_ftime64".

Hello,

Currently freshclam doesn't upgrade the installation version. Say you are on 0.99.2 and 0.99.3 is released, it will warn you that your version is outdated, but it doesn't update it by itself.

Is there any possibility to upgrade the existing version to the newest one via command lines or something? Or do we need to reinstall the files?

Hello,

I got alway sthe same error when I try to scan with clamdscan.exe
https://i.imgur.com/ZEeN9Wq.png

My clamd service is running perflectly

On two Windows servers, we have the issue that the Clamd.exe service of version x64-0.103.0 never starts completely but stays on "Starting" in services.msc.
However, the service is available and the clamd.log seems OK, the regular SelfChecks are also logged correctly.
The prolonged status of "Starting" led to some alarms from our monitoring solution, this is why I noticed.
I already re-installed VC-Runtimes and restarted the servers, which did not change the service status.

Here is the conf file:
TCPAddr 127.0.0.1
TCPSocket 3310
MaxThreads 40
LogFileMaxSize 20480000
LogTime true
LogFile c:\Clamav\log\clamd.log
DatabaseDirectory c:\clamav\db
TemporaryDirectory c:\clamav\tmp
PhishingScanURLs no
ScanArchive no
ScanMail no

And here is the log:
Fri Nov 13 13:04:01 2020 -> +++ Started at Fri Nov 13 13:04:01 2020
Fri Nov 13 13:04:01 2020 -> Received 0 file descriptor(s) from systemd.
Fri Nov 13 13:04:01 2020 -> clamd daemon 0.103.0 (OS: win32, ARCH: x86_64, CPU: x86_64)
Fri Nov 13 13:04:01 2020 -> Log file size limited to 20480000 bytes.
Fri Nov 13 13:04:01 2020 -> Reading databases from c:\clamav\db
Fri Nov 13 13:04:01 2020 -> Not loading PUA signatures.
Fri Nov 13 13:04:01 2020 -> Bytecode: Security mode set to "TrustSigned".
Fri Nov 13 13:04:01 2020 -> Disabling URL based phishing detection.
Fri Nov 13 13:05:31 2020 -> Loaded 9292081 signatures.
Fri Nov 13 13:05:37 2020 -> TCP: Bound to [127.0.0.1]:3310
Fri Nov 13 13:05:37 2020 -> TCP: Setting connection queue length to 200
Fri Nov 13 13:05:37 2020 -> Limits: Global time limit set to 120000 milliseconds.
Fri Nov 13 13:05:37 2020 -> Limits: Global size limit set to 104857600 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: File size limit set to 26214400 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: Recursion level limit set to 16.
Fri Nov 13 13:05:37 2020 -> Limits: Files limit set to 10000.
Fri Nov 13 13:05:37 2020 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Fri Nov 13 13:05:37 2020 -> Limits: MaxPartitions limit set to 50.
Fri Nov 13 13:05:37 2020 -> Limits: MaxIconsPE limit set to 100.
Fri Nov 13 13:05:37 2020 -> Limits: MaxRecHWP3 limit set to 16.
Fri Nov 13 13:05:37 2020 -> Limits: PCREMatchLimit limit set to 100000.
Fri Nov 13 13:05:37 2020 -> Limits: PCRERecMatchLimit limit set to 2000.
Fri Nov 13 13:05:37 2020 -> Limits: PCREMaxFileSize limit set to 26214400.
Fri Nov 13 13:05:37 2020 -> Archive support disabled.
Fri Nov 13 13:05:37 2020 -> AlertExceedsMax heuristic detection disabled.
Fri Nov 13 13:05:37 2020 -> Heuristic alerts enabled.
Fri Nov 13 13:05:37 2020 -> Portable Executable support enabled.
Fri Nov 13 13:05:37 2020 -> ELF support enabled.
Fri Nov 13 13:05:37 2020 -> Mail files support disabled.
Fri Nov 13 13:05:37 2020 -> OLE2 support enabled.
Fri Nov 13 13:05:37 2020 -> PDF support enabled.
Fri Nov 13 13:05:37 2020 -> SWF support enabled.
Fri Nov 13 13:05:37 2020 -> HTML support enabled.
Fri Nov 13 13:05:37 2020 -> XMLDOCS support enabled.
Fri Nov 13 13:05:37 2020 -> HWP3 support enabled.
Fri Nov 13 13:05:37 2020 -> Self checking every 600 seconds.
Fri Nov 13 13:15:37 2020 -> SelfCheck: Database status OK.

Guys,

We had a issue related outdated virus signature that Nessus some times find. I saw this problem in the version 103.4, even doing the virus database manually update the issue happens. It seems the Nessus always show a difference in the signature. I'm testing now with the version 103.5.7 so far it is working properly. The service that is doing the update of the virus database is enable by default.
Is there a way to automate the update of the antivirus engine or it is just manually!?

Thank you very much for your feedbacks...

Hi Gianluigi,

ClamAV 0.103.2 is out quite a while now, are you planning to upgrade your Native Win Port?

The FileInfo of the 0.103.8 executables read as being 0.103.7

Thank you very much for your efforts related to ClamWin Antivirus. I wanted to make you aware of a remote code execution security vulnerability that was recently found in ClamAV that has been patched in version 0.103.8:

https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html?m=1
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

Do you have plans to create a 0.103.8 version of ClamWin, and if so, do you have an anticipated delivery date?
Thanks!