I’m having some trouble with the Instant Messaging on-access scanner scanning my Trillian log files. The problem is that some of these log files are extremely large going back about 3 years into the past. Whenever Trillian opens one of them it is scanned by Avast and it nearly pushes my computer to a halt. Task manager shows the Avast service as using almost 50% of my 2.0Ghz Core 2 Duo when Trillian attempts to connect. Is there any way I can exclude the log files from scanning? Why are they even being scanned in the first place? I thought the instant messaging scanner only handled received files.
I think a read of this thread might help you:
http://forum.avast.com/index.php?topic=24312.0
Another recommendation - that may not be so palatable - is to regularly clear the logs or copy the logs to another location before clearing the current logs.
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demmand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be carefull, you should ‘exclude’ that many files that let your system in danger.
None of those solutions will solve my problem. Like I said, the problem lies within the Instant messaging provider. The standard shield is operating just fine and doesn’t use up an extremely large amount of CPU when I open Trillian. Whenever I have the Instant messaging provider enabled it scans the log files and nearly freezes the computer. The other thread mentioned solved the problem by disabling the instant messaging provider completely. This is not a solution as far as I’m concerned.
Sorry, I had not read the other thread that I suggested thoroughly enough.
I do not use Trillian personally or the avast IM scanner so feel free to discount anything I say from here on.
There is not a whole lot that I have seen the avast team talk about in the detail of what the Instant Messaging scanner really does.
Instant messages themselves are not really of any great security concern. What is of concern is that IM clients can and do transfer files within the IM sessions and then write the files to the user’s system. There is no standard way of transferring files in these clients (unlike with the Webshield and browsers) so avast cannot be scanning this activity as it is in flight. Therefore I suspect that the major focus for avast is the file writes that are done by the IM client. Those log files definitely did not get to the size they are just by Trillian reading them.
So, in effect you have asked avast to scan every file written by Trillian and Trillian’s logs are just another file being written by it and scanned by avast. If these files are indeed years old and you do not regularly defragment your disk(s) then they are going to be scattered all over the disk and accessing them is going to be very inefficient.
Personally I believe it would make sense for avast to provide an exclusion list in the Instant Messaging scanner so that such logging activity could be done without the effect you are experiencing.
Short of that or some other recommendation from the avast team I think that you are left with the options I mentioned to you earlier to manage your logs periodically with Trillian turned off to avoid the overhead.
Just one other thought.
I use Windows Live Messenger - it allows me to specify that any file downloads I receive in Live Messenger should be scanned by avast; all I had to provide was the path to the ashquick.exe module in avast. That means all my file transfers are subject to the most thorough scan available in avast. I have read that you can specify in Trillian that you want all file transfers scanned by an antivirus scan and similarly provide the path. It may not be quite politically correct of me to say so (but it may draw more info from avast) but I have to wonder if you have all file transfers in Trillian scanned by avast what more useful protection the Instant Messaging scanner provides to you.
The Exclusion lists of the Standard Shield work for all parts of avast, like said in help files, and will affect the IM provider too.
Did you try? 
Apparently this is not the case. I even inputted the filter . on the exclusion list for the Standard Shield (which stopped it dead as I expected) but the Instant Messaging provider continued to scan log files as I logged on and off of Trillian. I think alanrf’s solution may be the only way around this.
Of course. It worked flawlessly, lol
Tech,
it was established also in the other thread I referred to above (in which you also participated) that excluding the log files did not resolve the problem … the only way was to shut off the IM scanner itself.
Do you have it on the authority of the avast team that the exclusion list should work for the Instant Messaging scanner too? Since neither IM or P2P has the “view detailed actions” we cannot tell what is being scanned and what is not.
It seems (at least to me) that the only complaints we see about IM and P2P scanners is slowdowns caused by avast scanning the log files of the applications themselves.
Sometimes it works… I start helping with the easier way and just go further if needed… that is my policy…
Yes… it’s on the help files:
For the Pro version: It is important to keep in mind that these exclusions affect all tasks, except for the resident protection. If you want to set the exclusion for a single task only, you have to edit the particular task.
Igor had said this a lot of times either…
http://forum.avast.com/index.php?topic=12640.msg191940#msg191940
http://forum.avast.com/index.php?topic=25211.msg206282#msg206282
It would be a good improvement to next avast versions.
Correct me if I’m wrong, but I was under the impression that the instant messaging provider was part of the resident protection. Even if we look under “Task name” for the IM provider, it shows resident protection (In the On-Access Control Panel).
Yes, it’s inside of the resident protection. It runs at driver level (won’t have an executable or process in background).
So the exclusion list should not work for the Instant Messaging Scanner according to the help file you quoted. Since we’ve already established that the Standard Shield options have no effect on the Instant Messaging Scanner, it would appear that there is no way to stop Avast from scanning log files in it’s current state.
I do not see any explicit confirmation from a member of the avast team anywhere in this forum that it is possible to exclude files from scanning by the Instant Messaging scanner.
If it can be done (which all the evidence posted seems to counter) then a simple explanation of how to from a member of the avast team would suffice.
I do not think it reasonable to assume any other than the short freezes are being caused by avast scans since turning of the IM scanner relieves the problem. If it is not being caused by avast scanning the log files then again a recommendation from the avast team on further investigative steps is called for.
On contrary…
Exactly the opposite… Where have we established this?
For sure there is…
Well… They could correct me… but the Exclusions affect ALL providers, the Standard Shield exceptions work for all on-access (resident) protection… :
Where? Who said that?
For sure… should be a solution. The Exclusion list is a WORKAROUND.
Tech,
then why has nobody been able to make it work?
Either the users who have tried the exclusion list are incompetent - which I doubt or it does not work.
Recall that this user told us that an exclusion of . did not work … since you are so sure please tell this user exactly how to make it work to stop the freezes.
Readers of this thread will have noticed a little friendly disagreement between Tech and me.
Let me just make clear that I believe that Tech and DavidR are the mainstays of this forum and that without them it would be a very sorry place. They have an enormous wealth of knowledge and they provide the level of invaluable service to avast users that amazes me. I know that I cannot match their enthusiasm, I certainly cannot imagine matching the level at which they work in this forum and I respect them both very much.
However, in my small way I too have developed some insight into this product. Not for the first time I have read a thread (this one being an instance) and taken a look at the evidence and felt that things just did not add up.
Since I have become a little weary of Tech quoting to me chapter and verse from the Book of Avast I have done what - it seems in the end - always becomes necessary.
I have installed Trillian on my own system to see what is going on.
The setup was pretty easy and, very conveniently, Trillian allows you to decide where you want to place the Trillian log files. So to make this easy I moved the Trillian logs to a disk drive that has absolutely no other activity going on it. It will come as no surprise that one of the Trillian logfiles has a file type of .log and another has a filetype of .xml’
Before taking any other action I noticed that in my Standard Shield exclusion list there is already an entry *.log; I do not know if this is a default avast setting or whether I have added it myself.
I started a disk activity monitor on the disk drive containing the Trillian log files.
For a while I monitored as I started and stopped Trillian and made connections to Instant Messaging clients etc as Trillian wrote to the log files. Then I started the avast Instant Messaging scanner.
I watched as ashserve.exe accessed both the .log file and the .xml file despite the presence of *.log in my Standard Shield exclusion list.
I added to the exclusion list the full path name of the folder in which the logs exist (J:\Logs*.*) ashserve.exe continued to access both files on every write by Trillian.
I stopped on access protection and restarted it; ashserve.exe continued to access both files on every write by Trillian.
I added to the exclusion list .; ashserve.exe continued to access both files on every write by Trillian.
I terminated the Instant Messaging scanner and ashserve.exe stopped accessing the log files.
We have now had two apparently well informed users reporting temporary “freezes” of their system while using Trillian and having large Trillian log files. Both users have reported exclusions in the Standard Shield exclusion list have failed to relieve the freeze conditions. The earlier user did report that if he removed the large Trillian log files and allowed Trillian to create new log files the problem went away. That user finally opted to turn off the Instant Messaging scanner rather than forgo keeping the logs.
My test shows that ashserve.exe continues to access the log file on the writes by Trillian and pays no attention to the exclusion list.
I have to conclude that the Book of Avast is not literal truth after all.
No trouble. We need Vojtech’s help 8)
Where is he? :
You know much more about email & email clients & a lot of other things. Your cooperation is very welcome too.
I’m not sure, but access does not mean scan. Maybe, maybe, avast check the presence of the file and when it is about to scan it, just leave it alone… I’m really not sure.
Couldn’t it be a bug on avast? ???
Igor, please, restore our confidence ;D
I had already privately requested Igor’s assistance with this thread but I guess that he is rather busy right now.
Just a couple of points - then I’m leaving this - since I can do no more on it and I’ll hope that we hear from the avast team.
No point in avast checking the presence of the file and then doing nothing - if it does it is very badly written.
Scanning is really the only explanation of why the problem goes away if the large log file is deleted and Trillian starts a new one.
Personally I’m glad that you are around Alan, you have a far greater knowledge of the intricacies of email (and the willingness to go that extra mile for avast users) than I with a general knowledge. Or as some would say ‘a little knowledge is dangerous’ ;D