Jump to content
millard@immunet.com

Clamav For Windows Beta (Clamlib Integration)

Recommended Posts

hi millard!

 

i think so. i've installed it and them there are some updates to be done during the install. but the setup i think its the latest available from IE9 website... so the problem is IE9 in my case? i'll remove it from the VM them...

 

thanks!

 

mokito

Share this post


Link to post
Share on other sites

Running 2.0.18.76 Free on a desktop and laptop with near-mirror XPproSP3 environments.

 

Report:

I waited for the balloon tip notification on the desktop and ran the in-product updater. A few seconds after the reboot message box appeared, a featureless white window (fww) parked in the upper left corner of my screen. iptray.exe began to consume 100% cpu. I waited two minutes and and clicked the fww X at which point the cpu hit dropped and I then rebooted. The fww continues to appear at each reboot but closes OK upon hitting the X.

 

I fired up the laptop (did not wait for the balloon tip) and ran the in-product updater. The fww did not appear but iptray consumed 100% cpu until about three minutes later I hit yes in the reboot message box. I waited until the Windows ending program dialogue was done for iptray and hit the End Now button. The system rebooted and it also has the fww parked in the upper left.

 

On both systems, running Update Now returned red text server errors for the product update but OK for the defs. But in both cases immediately running Update Now again returned OKs for both product and defs. So, the FIRST run of Update Now returned an error but all subsequent runs are OK. Hope I explained that OK. I messed up taking a screenshot of that. Sorry.

 

And yes, I know it's a beta. :)

 

Observations:

1) I'm not wild about removing Exit from the IPtray menu and not being able to end the process in Task Manager, especially in the Free version which is marketed as a "companion." Even though ending iptray in previous versions left agent running with all its 0.0.0.0 connections intact. But, I understand the strategy.

2) I continue to HATE the fact the updated apps get installed in a new folder requiring the editing of firewall and HIPS rules.

 

Thank you for your continued product development and the distribution of a fine free product. Cheers!

post-17-073203100 1296071315_thumb.jpg

Share this post


Link to post
Share on other sites

Running 2.0.18.76 Free on a desktop and laptop with near-mirror XPproSP3 environments.

 

Report:

I waited for the balloon tip notification on the desktop and ran the in-product updater. A few seconds after the reboot message box appeared, a featureless white window (fww) parked in the upper left corner of my screen. iptray.exe began to consume 100% cpu. I waited two minutes and and clicked the fww X at which point the cpu hit dropped and I then rebooted. The fww continues to appear at each reboot but closes OK upon hitting the X.

 

I fired up the laptop (did not wait for the balloon tip) and ran the in-product updater. The fww did not appear but iptray consumed 100% cpu until about three minutes later I hit yes in the reboot message box. I waited until the Windows ending program dialogue was done for iptray and hit the End Now button. The system rebooted and it also has the fww parked in the upper left.

 

Please right-click on iptray.exe, look at the details and make sure it's 2.0.19.8. Also, if you do an eicar detect, does the box change? I'm kind of surprised we're not at least seeing text in the fww. I'm grasping at straws here:

* Does the full UI screen show up properly?

* What version of IE are you running?

* Can you think of any applications you have installed that might be preventing the display of HTML?

* Do you have verbose notification turned on?

 

Please let me know and send me your diagnostics file

 

On both systems, running Update Now returned red text server errors for the product update but OK for the defs. But in both cases immediately running Update Now again returned OKs for both product and defs. So, the FIRST run of Update Now returned an error but all subsequent runs are OK. Hope I explained that OK. I messed up taking a screenshot of that. Sorry.

 

And yes, I know it's a beta. :)

 

There seems to something with http initialization. I can't explain it, but it seems like the first HTTP get to determine whether or not an update is available fails.

 

Observations:

1) I'm not wild about removing Exit from the IPtray menu and not being able to end the process in Task Manager, especially in the Free version which is marketed as a "companion." Even though ending iptray in previous versions left agent running with all its 0.0.0.0 connections intact. But, I understand the strategy.

 

All that's happened is that Exit has change to "Hide Tray Icon". Not sure if you noticed but, but agent.exe never exited before when you selected "Exit" on tray.

Share this post


Link to post
Share on other sites

hello. testing the new beta on a Virtual Pc 2007 (VMware is on stand to check about the previous bug thing...)

 

attached a screenshot similar to dallas7.. in mine i have text in the alert...

 

by the way... should i get a detection installing 7z? xp pro sp3 clean instal from ISO (installing IE8 during this post from full setup) that detection appers during a flash scan while installing 7zip....

 

post-104-087203000 1296074976_thumb.jpg

 

post-104-042742700 1296074995_thumb.jpg

 

 

 

PS: i've installed flash and silverlight, 7zip.. all of them after clamav get the database updated........

 

 

PS2: after IE8 install and rebooted, clamav seems fine (alert windows)...

Share this post


Link to post
Share on other sites

hello. testing the new beta on a Virtual Pc 2007 (VMware is on stand to check about the previous bug thing...)

 

attached a screenshot similar to dallas7.. in mine i have text in the alert...

 

by the way... should i get a detection installing 7z? xp pro sp3 clean instal from ISO (installing IE8 during this post from full setup) that detection appers during a flash scan while installing 7zip....

 

xp scan.JPG

 

FP.JPG

 

 

 

PS: i've installed flash and silverlight, 7zip.. all of them after clamav get the database updated........

 

The detections you're getting are "trusted" because you have verbose notifications turned on. I'm trying to figure out why people aren't getting the images correctly. What is sfc_os.dll? Could you send me the SHA or the link to the VT report for that file.

Share this post


Link to post
Share on other sites

I think I understand now. We've rolled one of our VMs to use IE6 and we see no background too. We'll see what we can do to fix this.

 

sfc_os.dll is stting in the system32 folder...

 

SHA -> 2CE9E37E63E50003D5ECECA88F48577800C7F1FF

 

VT scan link -> http://www.virustota...31b3-1270273817

 

it could be because of the XP .iso that i've used.... it had SP3 slipstremed with nlite (according to the site where i getted it)

 

http://www.processlibrary.com/directory/files/sfc_os/20697/

 

according to the link above, its paert of windows.. some type of validation file...

 

wheres the file...

 

-> http://hotfile.com/dl/99772265/7751151/sfc_os.7z.html

Share this post


Link to post
Share on other sites

For those of you who were experiencing it, I've fixed the issue with the white back ground on the toast notifications. I have already updated the existing installers (the links are the same). I've also uploaded the dlls that were causing the issue.

 

To correct this problem on an existing install of 2.0.19.8 do the following:

 

1) Download appropriate version of dll:

 

Downloads: 32-bit: here

Downloads: 64-bit: here

 

2) Rename the file drh.dll

 

3) Stop the service (Open cmd window, sc stop immunetprotect).

 

4) Copy the newly renamed dll to the 2.0.19 folder in you location you installed ClamAV for Windows.

 

5) Restart the service (sc start immunetprotect).

Share this post


Link to post
Share on other sites

sfc_os.dll is stting in the system32 folder...

 

SHA -> 2CE9E37E63E50003D5ECECA88F48577800C7F1FF

 

VT scan link -> http://www.virustota...31b3-1270273817

 

it could be because of the XP .iso that i've used.... it had SP3 slipstremed with nlite (according to the site where i getted it)

 

http://www.processlibrary.com/directory/files/sfc_os/20697/

 

according to the link above, its paert of windows.. some type of validation file...

 

wheres the file...

 

-> http://hotfile.com/dl/99772265/7751151/sfc_os.7z.html

 

I've looked at the file and determined it's an FP. I've fixed it.

--Millard

Share this post


Link to post
Share on other sites

For those of you who were experiencing it, I've fixed the issue with the white back ground on the toast notifications. I have already updated the existing installers (the links are the same). I've also uploaded the dlls that were causing the issue.

 

To correct this problem on an existing install of 2.0.19.8 do the following:

 

1) Download appropriate version of dll:

 

Downloads: 32-bit: here

Downloads: 64-bit: here

 

2) Rename the file drh.dll

 

3) Stop the service (Open cmd window, sc stop immunetprotect).

 

4) Copy the newly renamed dll to the 2.0.19 folder in you location you installed ClamAV for Windows.

 

5) Restart the service (sc start immunetprotect).

 

6) Right-click on the tray and select "Hide Tray Icon"

7) Relaunch the tray

Share this post


Link to post
Share on other sites

6) Right-click on the tray and select "Hide Tray Icon"

7) Relaunch the tray

 

 

To make sure I am applying the fix correctly...what am I renaming the drh.dll file to?

Share this post


Link to post
Share on other sites
Not sure if you noticed but, but agent.exe never exited before when you selected "Exit" on tray.

Yes, that's what I meant even going back to version 1. I'd like to see where "Exit" stops agent and opening iptray starts it again in the Free version. But that's just me, the control freak. :D I can understand why you wouldn't want that in Pro.

 

"All that's happened is that Exit has change to 'Hide Tray Icon'."

I did not notice that. Thanks for the heads up!

 

For those of you who were experiencing it, I've fixed the issue with the white back ground on the toast notifications.

Good job! The "featureless white window" is gone. So, that was a toast notification. Good to know. I think. ;)

 

@ALL:

Otherwise 2.0.19.8 is running just great alongside AVG 2011 Free on my two WinXPsp3/32 systems.

 

Cheers!

Share this post


Link to post
Share on other sites

To make sure I am applying the fix correctly...what am I renaming the drh.dll file to?

 

Sorry, the files you are downloading come down as drh_32.dll or drh_64.dll. You'll need to rename the downloaded file to drh.dll and then replace the one in %PROGRAMFILES%\ClamAV For Windows\2.0.19.

Share this post


Link to post
Share on other sites
* For Plus users, it's not recommended to run both Tetra and ClamAV as there is a large performance impact

 

… 2.0.18.76 …

 

2.0.19 is now available.

 

With 2.0.19, is it still recommended to not run both Tetra and ClamAV?

Share this post


Link to post
Share on other sites

With 2.0.19, is it still recommended to not run both Tetra and ClamAV?

 

 

Good question, this is something we will deal with in the docs but the short answer is that is depends on the environment you are putting it down in. Tetra and ClamAV both are fully functional engines, in fact they are really wrappers for multiple engines, unpackers, removal tools etc. If you run both, you will likely experience some resource contention. I would not run both on a standard PC with a low risk threshold but I would run it on systems prone to infection or at high risk of it. I am running both and I notice very little impact but I am not a 'power user' in the Windows sense. It would be no worse than people who run IMP/ClamAV with other AV products today (a very large group of people).

 

 

al

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...