Mailing List Archive

[clamav-users] Clamd.exe
Good Morning,

I have Clamav on Windows Servers. I am running clamd.exe in powershell
with this command, .\clamd.exe

Do you need to put the config file in there for clamd.exe to read it? I
understood that just running clamd.exe should read the config file.

I am asking because the clamd.exe is not reading my config file because I
have excluded c:windows but it is still scanning c:\windows folder.

Thanks,

Marcy Rogers
Re: [clamav-users] Clamd.exe [ In reply to ]
Have all the installation steps been followed?

https://www.clamav.net/documents/installing-clamav-on-windows

On Fri, Oct 23, 2020 at 6:38 PM Marcy Rogers via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Good Morning,
>
> I have Clamav on Windows Servers. I am running clamd.exe in powershell
> with this command, .\clamd.exe
>
> Do you need to put the config file in there for clamd.exe to read it? I
> understood that just running clamd.exe should read the config file.
>
> I am asking because the clamd.exe is not reading my config file because I
> have excluded c:windows but it is still scanning c:\windows folder.
>
> Thanks,
>
> Marcy Rogers
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Clamd.exe [ In reply to ]
Hi there,

On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:

> Good Morning,

Good evening. :)

> I have Clamav on Windows Servers. I am running clamd.exe in powershell
> with this command, .\clamd.exe
>
> Do you need to put the config file in there for clamd.exe to read it? I
> understood that just running clamd.exe should read the config file.

Most tools which use a configuration file will have a 'default'
location (often more than one location) where they will look for a
configuration file if they aren't told where to look for it in the
command itself. The clamd daemon has such a default but I don't know
what it is for your system, you should be able to find documentation
which tells you. The same documentation will tell you how to specify
the location of the file on the command line.

> I am asking because the clamd.exe is not reading my config file because I
> have excluded c:windows but it is still scanning c:\windows folder.

To be clear, are we talking about the 'ExcludePath' directive?

Sometimes tools are fussy about the precise syntax of configration
options. If your clamd is reading the configuration file which you
think it is reading and you have properly set the exclusion in the
configuration then you may need to experiment with the syntax. As I
don't use clamd on Windows I have no experience to offer but I'm sure
that someone else here will.

The clamd daemon does not itself scan things from the command line.
Another tool such as clamdscan (which uses clamd to do the scan) or
clamscan (which doesn't) will do that. So if you run clamd.exe from
the command line would not expect a scan to take place immediately,
all that I'd expect to happen is that the daemon would be started.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamd.exe [ In reply to ]
Ged

Thank you for the advice.

When I installed Clamav for Windows, the install places the Clamav in the
c:\program files.
I followed the instructions for installing Clamav for Windows and placed
the clamd.conf file in the c:\program files\clamav.
I ran powershell as an admin and edited the clamd.conf file. I will attach
the config file that I am using.
In the config file, you will see this.
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath "C:\temp"
ExcludePath "C:\Windows"

I have removed the # sign in front of the "c:\windows" because I want to
exclude it from being scanned.
The C:Windows is still being scanned even though I have told Clamd.exe not
to scan that directory.
But
# Perform a database check.
# Default: 600 (10 min)
SelfCheck 3600

This was set at 600 before I changed it to 3600 minutes. Clamd.exe is
reading to do a selfcheck every 3600 minutes but it is not reading to
excludepath "c:\windows"

I have tried to force it to read the clamd.conf and it still scans the
c:\windows directory even if it is excluded.



Added my config file as a text file hoping someone can help me out. I have
been working on this for 4 months now. I am scanning but it is taking over
5 hours to scan and I would like to cut that down by not scanning the
Window directory.

Thanks,

Marcy

On Fri, Oct 23, 2020 at 2:26 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
>
> > Good Morning,
>
> Good evening. :)
>
> > I have Clamav on Windows Servers. I am running clamd.exe in powershell
> > with this command, .\clamd.exe
> >
> > Do you need to put the config file in there for clamd.exe to read it? I
> > understood that just running clamd.exe should read the config file.
>
> Most tools which use a configuration file will have a 'default'
> location (often more than one location) where they will look for a
> configuration file if they aren't told where to look for it in the
> command itself. The clamd daemon has such a default but I don't know
> what it is for your system, you should be able to find documentation
> which tells you. The same documentation will tell you how to specify
> the location of the file on the command line.
>
> > I am asking because the clamd.exe is not reading my config file because I
> > have excluded c:windows but it is still scanning c:\windows folder.
>
> To be clear, are we talking about the 'ExcludePath' directive?
>
> Sometimes tools are fussy about the precise syntax of configration
> options. If your clamd is reading the configuration file which you
> think it is reading and you have properly set the exclusion in the
> configuration then you may need to experiment with the syntax. As I
> don't use clamd on Windows I have no experience to offer but I'm sure
> that someone else here will.
>
> The clamd daemon does not itself scan things from the command line.
> Another tool such as clamdscan (which uses clamd to do the scan) or
> clamscan (which doesn't) will do that. So if you run clamd.exe from
> the command line would not expect a scan to take place immediately,
> all that I'd expect to happen is that the daemon would be started.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Clamd.exe [ In reply to ]
Marcy & Guys,
Mine says it needs to know what the default settin%s are and when I remove
the # to run the code it says it's confused as to what to do. It's seems
like it should be simple. I read the documentation and it doesn't give me
a clue what to do about it. Maybe I missed something. Thanks for your
info. I have Windows to and I think cyberespionage is at an all time high
for Microsoft products sometimes. And it's somehow a zero login attack for
everybody involved. So maybe it's not a perfect system but I love Windows.
TMI? I fully support improving everything to work well on Windows.
Thanks!
Jessica

On Fri, Oct 23, 2020, 2:26 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
>
> > Good Morning,
>
> Good evening. :)
>
> > I have Clamav on Windows Servers. I am running clamd.exe in powershell
> > with this command, .\clamd.exe
> >
> > Do you need to put the config file in there for clamd.exe to read it? I
> > understood that just running clamd.exe should read the config file.
>
> Most tools which use a configuration file will have a 'default'
> location (often more than one location) where they will look for a
> configuration file if they aren't told where to look for it in the
> command itself. The clamd daemon has such a default but I don't know
> what it is for your system, you should be able to find documentation
> which tells you. The same documentation will tell you how to specify
> the location of the file on the command line.
>
> > I am asking because the clamd.exe is not reading my config file because I
> > have excluded c:windows but it is still scanning c:\windows folder.
>
> To be clear, are we talking about the 'ExcludePath' directive?
>
> Sometimes tools are fussy about the precise syntax of configration
> options. If your clamd is reading the configuration file which you
> think it is reading and you have properly set the exclusion in the
> configuration then you may need to experiment with the syntax. As I
> don't use clamd on Windows I have no experience to offer but I'm sure
> that someone else here will.
>
> The clamd daemon does not itself scan things from the command line.
> Another tool such as clamdscan (which uses clamd to do the scan) or
> clamscan (which doesn't) will do that. So if you run clamd.exe from
> the command line would not expect a scan to take place immediately,
> all that I'd expect to happen is that the daemon would be started.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Clamd.exe [ In reply to ]
Hi,

Have you tried C:\\Windows or C:/Windows.

Just a thought.

Regards
Mark.

On 23/10/2020 19:46, Marcy Rogers via clamav-users wrote:
> Ged
>
> Thank you for the advice.
>
> When I installed Clamav for Windows, the install places the Clamav in
> the c:\program files.
> I followed the instructions for installing Clamav for Windows and placed
> the clamd.conf file in the c:\program files\clamav.
> I ran powershell as an admin and edited the clamd.conf file.  I will
> attach the config file that I am using.
> In the config file, you will see this.
> # Don't scan files and directories matching regex
> # This directive can be used multiple times
> # Default: scan all
> #ExcludePath "C:\temp"
> ExcludePath "C:\Windows"
>
> I have removed the # sign in front of the "c:\windows" because I want to
> exclude it from being scanned.
> The C:Windows is still being scanned even though I have told Clamd.exe
> not to scan that directory.
> But
> # Perform a database check.
> # Default: 600 (10 min)
> SelfCheck 3600
>
> This was set at 600 before I changed it to 3600 minutes.  Clamd.exe is
> reading to do a selfcheck every 3600 minutes but it is not reading to
> excludepath "c:\windows"
>
> I have tried to force it to read the clamd.conf and it still scans the
> c:\windows directory even if it is excluded.
>
>
>
> Added my config file as a text file hoping someone can help me out.  I
> have been working on this for 4 months now.  I am scanning but it is
> taking over 5 hours to scan and I would like to cut that down by not
> scanning the Window directory.
>
> Thanks,
>
> Marcy
>
> On Fri, Oct 23, 2020 at 2:26 PM G.W. Haywood via clamav-users
> <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> wrote:
>
> Hi there,
>
> On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
>
> > Good Morning,
>
> Good evening. :)
>
> > I have Clamav on Windows Servers.  I am running clamd.exe in
> powershell
> > with this command, .\clamd.exe
> >
> > Do you need to put the config file in there for clamd.exe to read
> it?  I
> > understood that just running clamd.exe should read the config file.
>
> Most tools which use a configuration file will have a 'default'
> location (often more than one location) where they will look for a
> configuration file if they aren't told where to look for it in the
> command itself.  The clamd daemon has such a default but I don't know
> what it is for your system, you should be able to find documentation
> which tells you.  The same documentation will tell you how to specify
> the location of the file on the command line.
>
> > I am asking because the clamd.exe is not reading my config file
> because I
> > have excluded c:windows but it is still scanning c:\windows folder.
>
> To be clear, are we talking about the 'ExcludePath' directive?
>
> Sometimes tools are fussy about the precise syntax of configration
> options.  If your clamd is reading the configuration file which you
> think it is reading and you have properly set the exclusion in the
> configuration then you may need to experiment with the syntax.  As I
> don't use clamd on Windows I have no experience to offer but I'm sure
> that someone else here will.
>
> The clamd daemon does not itself scan things from the command line.
> Another tool such as clamdscan (which uses clamd to do the scan) or
> clamscan (which doesn't) will do that.  So if you run clamd.exe from
> the command line would not expect a scan to take place immediately,
> all that I'd expect to happen is that the daemon would be started.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamd.exe [ In reply to ]
Ok if you remove the # sign that tells it to scan it.
Jessica

On Fri, Oct 23, 2020, 4:41 PM Mark Fortescue via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
>
> Have you tried C:\\Windows or C:/Windows.
>
> Just a thought.
>
> Regards
> Mark.
>
> On 23/10/2020 19:46, Marcy Rogers via clamav-users wrote:
> > Ged
> >
> > Thank you for the advice.
> >
> > When I installed Clamav for Windows, the install places the Clamav in
> > the c:\program files.
> > I followed the instructions for installing Clamav for Windows and placed
> > the clamd.conf file in the c:\program files\clamav.
> > I ran powershell as an admin and edited the clamd.conf file. I will
> > attach the config file that I am using.
> > In the config file, you will see this.
> > # Don't scan files and directories matching regex
> > # This directive can be used multiple times
> > # Default: scan all
> > #ExcludePath "C:\temp"
> > ExcludePath "C:\Windows"
> >
> > I have removed the # sign in front of the "c:\windows" because I want to
> > exclude it from being scanned.
> > The C:Windows is still being scanned even though I have told Clamd.exe
> > not to scan that directory.
> > But
> > # Perform a database check.
> > # Default: 600 (10 min)
> > SelfCheck 3600
> >
> > This was set at 600 before I changed it to 3600 minutes. Clamd.exe is
> > reading to do a selfcheck every 3600 minutes but it is not reading to
> > excludepath "c:\windows"
> >
> > I have tried to force it to read the clamd.conf and it still scans the
> > c:\windows directory even if it is excluded.
> >
> >
> >
> > Added my config file as a text file hoping someone can help me out. I
> > have been working on this for 4 months now. I am scanning but it is
> > taking over 5 hours to scan and I would like to cut that down by not
> > scanning the Window directory.
> >
> > Thanks,
> >
> > Marcy
> >
> > On Fri, Oct 23, 2020 at 2:26 PM G.W. Haywood via clamav-users
> > <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
> > wrote:
> >
> > Hi there,
> >
> > On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
> >
> > > Good Morning,
> >
> > Good evening. :)
> >
> > > I have Clamav on Windows Servers. I am running clamd.exe in
> > powershell
> > > with this command, .\clamd.exe
> > >
> > > Do you need to put the config file in there for clamd.exe to read
> > it? I
> > > understood that just running clamd.exe should read the config
> file.
> >
> > Most tools which use a configuration file will have a 'default'
> > location (often more than one location) where they will look for a
> > configuration file if they aren't told where to look for it in the
> > command itself. The clamd daemon has such a default but I don't know
> > what it is for your system, you should be able to find documentation
> > which tells you. The same documentation will tell you how to specify
> > the location of the file on the command line.
> >
> > > I am asking because the clamd.exe is not reading my config file
> > because I
> > > have excluded c:windows but it is still scanning c:\windows
> folder.
> >
> > To be clear, are we talking about the 'ExcludePath' directive?
> >
> > Sometimes tools are fussy about the precise syntax of configration
> > options. If your clamd is reading the configuration file which you
> > think it is reading and you have properly set the exclusion in the
> > configuration then you may need to experiment with the syntax. As I
> > don't use clamd on Windows I have no experience to offer but I'm sure
> > that someone else here will.
> >
> > The clamd daemon does not itself scan things from the command line.
> > Another tool such as clamdscan (which uses clamd to do the scan) or
> > clamscan (which doesn't) will do that. So if you run clamd.exe from
> > the command line would not expect a scan to take place immediately,
> > all that I'd expect to happen is that the daemon would be started.
> >
> > --
> >
> > 73,
> > Ged.
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Clamd.exe [ In reply to ]
If you remove the # what you # that tell clams.exe to do the do what the statement above the line says.

Marcy




Sent from my iPhone

> On Oct 23, 2020, at 5:36 PM, Ilana Olsen via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?
> Ok if you remove the # sign that tells it to scan it.
> Jessica
>
>> On Fri, Oct 23, 2020, 4:41 PM Mark Fortescue via clamav-users <clamav-users@lists.clamav.net> wrote:
>> Hi,
>>
>> Have you tried C:\\Windows or C:/Windows.
>>
>> Just a thought.
>>
>> Regards
>> Mark.
>>
>> On 23/10/2020 19:46, Marcy Rogers via clamav-users wrote:
>> > Ged
>> >
>> > Thank you for the advice.
>> >
>> > When I installed Clamav for Windows, the install places the Clamav in
>> > the c:\program files.
>> > I followed the instructions for installing Clamav for Windows and placed
>> > the clamd.conf file in the c:\program files\clamav.
>> > I ran powershell as an admin and edited the clamd.conf file. I will
>> > attach the config file that I am using.
>> > In the config file, you will see this.
>> > # Don't scan files and directories matching regex
>> > # This directive can be used multiple times
>> > # Default: scan all
>> > #ExcludePath "C:\temp"
>> > ExcludePath "C:\Windows"
>> >
>> > I have removed the # sign in front of the "c:\windows" because I want to
>> > exclude it from being scanned.
>> > The C:Windows is still being scanned even though I have told Clamd.exe
>> > not to scan that directory.
>> > But
>> > # Perform a database check.
>> > # Default: 600 (10 min)
>> > SelfCheck 3600
>> >
>> > This was set at 600 before I changed it to 3600 minutes. Clamd.exe is
>> > reading to do a selfcheck every 3600 minutes but it is not reading to
>> > excludepath "c:\windows"
>> >
>> > I have tried to force it to read the clamd.conf and it still scans the
>> > c:\windows directory even if it is excluded.
>> >
>> >
>> >
>> > Added my config file as a text file hoping someone can help me out. I
>> > have been working on this for 4 months now. I am scanning but it is
>> > taking over 5 hours to scan and I would like to cut that down by not
>> > scanning the Window directory.
>> >
>> > Thanks,
>> >
>> > Marcy
>> >
>> > On Fri, Oct 23, 2020 at 2:26 PM G.W. Haywood via clamav-users
>> > <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>>
>> > wrote:
>> >
>> > Hi there,
>> >
>> > On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
>> >
>> > > Good Morning,
>> >
>> > Good evening. :)
>> >
>> > > I have Clamav on Windows Servers. I am running clamd.exe in
>> > powershell
>> > > with this command, .\clamd.exe
>> > >
>> > > Do you need to put the config file in there for clamd.exe to read
>> > it? I
>> > > understood that just running clamd.exe should read the config file.
>> >
>> > Most tools which use a configuration file will have a 'default'
>> > location (often more than one location) where they will look for a
>> > configuration file if they aren't told where to look for it in the
>> > command itself. The clamd daemon has such a default but I don't know
>> > what it is for your system, you should be able to find documentation
>> > which tells you. The same documentation will tell you how to specify
>> > the location of the file on the command line.
>> >
>> > > I am asking because the clamd.exe is not reading my config file
>> > because I
>> > > have excluded c:windows but it is still scanning c:\windows folder.
>> >
>> > To be clear, are we talking about the 'ExcludePath' directive?
>> >
>> > Sometimes tools are fussy about the precise syntax of configration
>> > options. If your clamd is reading the configuration file which you
>> > think it is reading and you have properly set the exclusion in the
>> > configuration then you may need to experiment with the syntax. As I
>> > don't use clamd on Windows I have no experience to offer but I'm sure
>> > that someone else here will.
>> >
>> > The clamd daemon does not itself scan things from the command line.
>> > Another tool such as clamdscan (which uses clamd to do the scan) or
>> > clamscan (which doesn't) will do that. So if you run clamd.exe from
>> > the command line would not expect a scan to take place immediately,
>> > all that I'd expect to happen is that the daemon would be started.
>> >
>> > --
>> >
>> > 73,
>> > Ged.
>> >
>> > _______________________________________________
>> >
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>> > https://lists.clamav.net/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>> >
>> >
>> >
>> > _______________________________________________
>> >
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net
>> > https://lists.clamav.net/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>> >
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamd.exe [ In reply to ]
Hello again,

On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:

> ...
> I followed the instructions for installing Clamav for Windows and placed
> the clamd.conf file in the c:\program files\clamav.
> ...
> In the config file, you will see this.
> ...
> ExcludePath "C:\Windows"

There are two potential issues there. more below.

> ...
> SelfCheck 3600
>
> This was set at 600 before I changed it to 3600 minutes. Clamd.exe is
> reading to do a selfcheck every 3600 minutes but it is not reading to
> excludepath "c:\windows"

It's good to know that the selfcheck interval has indeed changed from
the default to what you have set in the config file. At least that
shows that you have had some effect on the daemon. I'd just like to
be sure that the config file that you think is having that effect is
actually the file that's doing that, and that you don't have another
file somewhere with the 3600 second self-check interval set but _not_
the ExcludePath line. If you change the interval to something like
1200 seconds and wait for twenty minutes you should be able to verify
that you're working with the right file. Alternatively you can give
the config file path explicitly on the command line to make sure.

A couple of other things:

1.

On Fri, 23 Oct 2020, Mark Fortescue wrote:

> Have you tried C:\\Windows or C:/Windows.

Mr. Fortescue makes good suggestions. The ExcludePath directive takes
as its argument a 'regular expression', not just a string of text.
Regular expressions are kinds of patterns which are _compared_ with a
string of text - in this case the regex will be compared with a path
name. It either matches (and so the path is excluded) or it doesn't
(so it isn't excluded). Think about the '*' character that's often
used when you want to list the files in a directory which all have
names beginning with the same few characters. A regex is like that
with bells on. This isn't the place to talk about regular expressions
(if you aren't familiar with them, search for tutorials about them)
but we do need to mention the backslash I'm afraid. In most regular
expression (regex) libraries, the backslash character is 'special'.
It does not behave literally in a string as ordinary characters do; it
escapes the following character, if that is another special character,
thus making the special character _not_ special. But if the following
character is _not_ a special character, the non-special character is
taken literally as if the backslash were not there. That means that
the regex

c:\Windows

actually matches

c:Windows

and if you want to have a literal backslash in a regex you generally
have to double it, as in Mr. Fortescue's first suggestion.

Linux, MacOS etc. pathnames use the forward slash character as the
directory separator. Windows has a quirk. On Windows, the directory
separator in the pathnames is the backslash character. Sometimes to
get around this quirk on Windows, tools which use regexes will accept
a forward slash instead of a backslash for the directory separator,
avoiding the need to double backslashes everywhere which can be messy
if there are many directories in the path.

2.

In the config file I notice that you have

ExcludePath "C:\Windows"

but you say it continues to scan "c:\windows". As I said I don't use
ClamAV on Windows so I don't know if clamd behaves differently there
from how it behaves on Linux etc., but on the operating systems that
I'm used to working with ClamAV tools are case sensitive. That means
that "C:\Windows" and "c:\windows" would be two different paths, and
excluding one would not exclude the other. You can have more than
one ExcludePath directive in the file so it won't hurt to try several

ExcludePath "C:\\Windows"
ExcludePath "C:\\WINDOWS"
ExcludePath "C:\\windows"
ExcludePath "C:\Windows"
ExcludePath "C:\WINDOWS"
ExcludePath "C:\windows"
ExcludePath "C:/Windows"
ExcludePath "C:/WINDOWS"
ExcludePath "C:/windows"

and see if that helps. I'm afraid that I'm guessing here. Also I
left out the nine lines with a lower case 'c' but I'd be surprised if
anything on Windows would treat the drive letter case sensitively.
And I suppose you could try it without a drive letter at all. :/

On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
> ... I have been working on this for 4 months now. ...

Ouch! It really shouldn't be that difficult! If you don't get this
fixed in a couple of days from the other help you get here then I'll
spin up a Windows virtual machine and see what I find. What version
of Windows are you using?

> I am scanning but it is taking over 5 hours to scan and I would like
> to cut that down by not scanning the Window directory.

I understand that it takes time but I suspect that it isn't a good
idea to cut out the entire Windows directory as that might often be
where malicious files, if there are any, have installed themselves.
To get around that kind of issue people often set up scheduled scans
so that they take place for example out of office hours.

Incidentally if you're only ever using clamd by starting it from a
powershell window every time you want to scan the machine then you're
losing a lot of the value of having a clamd daemon. Generally it's
intended to have clamd running 24/365, so that you hardly ever have to
wait for the signature database(s) to be loaded if you decide to do a
scan from the command line at a moment's notice. The trade-off is the
memory used by clamd while ever it's running, typically around 1Gbyte
even if you only have the 'official' signatures loaded - and there are
several third-party signature databases available.

It's late. Good luck!

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamd.exe [ In reply to ]
Sorry it has taken so long to get back with everyone but I want to thank
everyone who replied to my e-mail.
The way to exclude a path in CalmAV is using this

ExcludePath "C:\\Windows"


That helped me so much with my CalmAV daily runs.

Thank you Again,

Marcy

On Fri, Oct 23, 2020 at 8:44 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello again,
>
> On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
>
> > ...
> > I followed the instructions for installing Clamav for Windows and placed
> > the clamd.conf file in the c:\program files\clamav.
> > ...
> > In the config file, you will see this.
> > ...
> > ExcludePath "C:\Windows"
>
> There are two potential issues there. more below.
>
> > ...
> > SelfCheck 3600
> >
> > This was set at 600 before I changed it to 3600 minutes. Clamd.exe is
> > reading to do a selfcheck every 3600 minutes but it is not reading to
> > excludepath "c:\windows"
>
> It's good to know that the selfcheck interval has indeed changed from
> the default to what you have set in the config file. At least that
> shows that you have had some effect on the daemon. I'd just like to
> be sure that the config file that you think is having that effect is
> actually the file that's doing that, and that you don't have another
> file somewhere with the 3600 second self-check interval set but _not_
> the ExcludePath line. If you change the interval to something like
> 1200 seconds and wait for twenty minutes you should be able to verify
> that you're working with the right file. Alternatively you can give
> the config file path explicitly on the command line to make sure.
>
> A couple of other things:
>
> 1.
>
> On Fri, 23 Oct 2020, Mark Fortescue wrote:
>
> > Have you tried C:\\Windows or C:/Windows.
>
> Mr. Fortescue makes good suggestions. The ExcludePath directive takes
> as its argument a 'regular expression', not just a string of text.
> Regular expressions are kinds of patterns which are _compared_ with a
> string of text - in this case the regex will be compared with a path
> name. It either matches (and so the path is excluded) or it doesn't
> (so it isn't excluded). Think about the '*' character that's often
> used when you want to list the files in a directory which all have
> names beginning with the same few characters. A regex is like that
> with bells on. This isn't the place to talk about regular expressions
> (if you aren't familiar with them, search for tutorials about them)
> but we do need to mention the backslash I'm afraid. In most regular
> expression (regex) libraries, the backslash character is 'special'.
> It does not behave literally in a string as ordinary characters do; it
> escapes the following character, if that is another special character,
> thus making the special character _not_ special. But if the following
> character is _not_ a special character, the non-special character is
> taken literally as if the backslash were not there. That means that
> the regex
>
> c:\Windows
>
> actually matches
>
> c:Windows
>
> and if you want to have a literal backslash in a regex you generally
> have to double it, as in Mr. Fortescue's first suggestion.
>
> Linux, MacOS etc. pathnames use the forward slash character as the
> directory separator. Windows has a quirk. On Windows, the directory
> separator in the pathnames is the backslash character. Sometimes to
> get around this quirk on Windows, tools which use regexes will accept
> a forward slash instead of a backslash for the directory separator,
> avoiding the need to double backslashes everywhere which can be messy
> if there are many directories in the path.
>
> 2.
>
> In the config file I notice that you have
>
> ExcludePath "C:\Windows"
>
> but you say it continues to scan "c:\windows". As I said I don't use
> ClamAV on Windows so I don't know if clamd behaves differently there
> from how it behaves on Linux etc., but on the operating systems that
> I'm used to working with ClamAV tools are case sensitive. That means
> that "C:\Windows" and "c:\windows" would be two different paths, and
> excluding one would not exclude the other. You can have more than
> one ExcludePath directive in the file so it won't hurt to try several
>
> ExcludePath "C:\\Windows"
> ExcludePath "C:\\WINDOWS"
> ExcludePath "C:\\windows"
> ExcludePath "C:\Windows"
> ExcludePath "C:\WINDOWS"
> ExcludePath "C:\windows"
> ExcludePath "C:/Windows"
> ExcludePath "C:/WINDOWS"
> ExcludePath "C:/windows"
>
> and see if that helps. I'm afraid that I'm guessing here. Also I
> left out the nine lines with a lower case 'c' but I'd be surprised if
> anything on Windows would treat the drive letter case sensitively.
> And I suppose you could try it without a drive letter at all. :/
>
> On Fri, 23 Oct 2020, Marcy Rogers via clamav-users wrote:
> > ... I have been working on this for 4 months now. ...
>
> Ouch! It really shouldn't be that difficult! If you don't get this
> fixed in a couple of days from the other help you get here then I'll
> spin up a Windows virtual machine and see what I find. What version
> of Windows are you using?
>
> > I am scanning but it is taking over 5 hours to scan and I would like
> > to cut that down by not scanning the Window directory.
>
> I understand that it takes time but I suspect that it isn't a good
> idea to cut out the entire Windows directory as that might often be
> where malicious files, if there are any, have installed themselves.
> To get around that kind of issue people often set up scheduled scans
> so that they take place for example out of office hours.
>
> Incidentally if you're only ever using clamd by starting it from a
> powershell window every time you want to scan the machine then you're
> losing a lot of the value of having a clamd daemon. Generally it's
> intended to have clamd running 24/365, so that you hardly ever have to
> wait for the signature database(s) to be loaded if you decide to do a
> scan from the command line at a moment's notice. The trade-off is the
> memory used by clamd while ever it's running, typically around 1Gbyte
> even if you only have the 'official' signatures loaded - and there are
> several third-party signature databases available.
>
> It's late. Good luck!
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>