Hi there,

On Mon, 12 Jul 2021, Michael Wang via clamav-users wrote:

> I run ClamAV on windows using the latest portable installation with all
> default configuration.

What version of ClamAV, and where did it come from?

> I run the task scheduler under the SYSTEM user with the highest
> credentials checked, but I still have lots of permission denied
> messages.

That's to be expected if the scanning process can't read the data.

> I logged in locally and checked one of the files under a powershell window
> as *ADMINISTRATOR*, and I got:
>
> *PS C:\Users\j.doe\AppData\local\Microsoft\Windows\WebCache> more .\V01.log*
> *Get-Content : The process cannot access the file
> 'C:\Users\j.doe\AppData\local\Microsoft\Windows\WebCache\V01.log' because
> it is being used by another process.*

The 'more' command is a pager, not a scanner.  In what you've posted I
see no evidence of a ClamAV process doing (or failing to do) anything.

> So do I have to live with it? If there is a virus file and this file is
> being currently used, clamscan cannot detect it?

Not necessarily.  If the scanner does not have permission to read
something which you want it to scan, then obviously it cannot scan it.
This applies just as much to devices and data streams via sockets as
is does to files.  It's up to you to arrange for the scanner to have
permission to do what you want it to do.  And in my view it's usually
pointless to scan a log file with a virus scanner - if indeed that is
what you're doing - and this applies especially to the log which is
recording the progress of the scan.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml