HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecurity

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecurity

Post by armo » 2011-11-06 18:46

Instructions are valid for Windows 2008 or R2 versions.
For those first timers :shock: :shock: :shock: :shock: :shock: or the ones that want to move from the outdated ClamAv/tbb version to the Win32 version :cry: :cry: :cry: :cry: , here is what you need to do.

Prerequisits
1. Download the latest release package of hmailserver from http://www.hmailserver.com/index.php?page=download
2. Download the latest package of ClamAv from http://sourceforge.net/projects/clamav/ ... mav/win32/ Donwload the I386 package for 32 bit OS and the X86_64 for 64 bit OS
3. Download/extract/copy srvany.exe from the Windows server 2003 resource toolkit to C:\Windows\System32 folder
4. Download the ClamSup and rsync packages provided by our good friend Steve for use with sanesecurity signatures http://hideout.ath.cx/clamav/

Installation
1. Install hmailserver. Manuals can be found on the site.
2. Extract the clamav package and copy the extracted clamav folder to the root of C:
3. Extract the rsync package
4. Extract the clamsup package
5. Copy the contents of the extracted rsync folder to the extracted clamsup folder
6. Copy the clamsup folder to the root of C:\clamav folder
7. Copy and paste the clamd.conf and freshclam.conf files from C:\ClamAV\conf_examples to the root of C:\Clamav folder
8. Delete or comment out the word Example found in both config files on line 8
9. Modify both files to meet your needs (usually default settings are well balanced). Be careful do not uncomment or modify the line of temporary folder in clamd.conf
10. Do not uncomment or modify the database path in both config files. Leave the default settings
11. Modify the LOCALFOLDER variable in C:\ClamSup\Clamsup.cfg file to point to C:\ClamAv\Database
12. Create two new folders on the root of C:\ClamAv. Name it database and Logs
13. Uncomment the LogFile variable in clamd.conf to point to C:/ClamAv/Logs/clamd.log
14. Uncomment the UpdateLogFile variable in freshclam.conf file to point to C:/ClamAv/logs/freshclam.log
15. Navigate through command prompt to C:\ClamAv directory and run Clamd.exe, as this will launch the clamd service
16. Run freshclam.exe and wait until it downloads the databases and notifies the clamd service about it
17. CD to ClamSup directory and run clamsup.bat. This will download all Sanesecurity signature databases (will take some time), once download is complete, restart the clamd (close the command prompt windows and repeat step 15). This step will help to load all the signatures
18. At this point you should check the clamd logs to see if there are any errors.
19. Now configure hmailserver to use clamav
20. Go to antivirus, external virus scanner, check the use external scanner button and enter the following for the executable
C:\clamav\clamdscan.exe --config-file=C:\clamav\clamd.conf "%FILE%"
Return value should be 1, save and exit.
21. At this point your hmailserver is already using clamav to scan for viruses

Install ClamD service
• Launch the command prompt
• Type the following command to create the ClamD service sc.exe create ClamD binPath= C:\Windows\System32\srvany.exe
• At this point launch your services applet and check to see the newly created ClamD service
• Go to recovery tab and choose restart service for all three failures cases, click ok
• Do not start the service yet
• Now launch the registry editor (regedit)
• Navigate to HKEY local machine, system, current control set, services, clamD. Right click it and create a new key name it Parameters
• Right click Parameters and create new string value, name it Application, right click Application key, then modify and enter this C:\ClamAv\Clamd.exe -c C:\ClamAv\Clamd.conf , click ok
• Launch taskmanager, find and end the process ClamD
• From the services start the CLamD Service.

Note: You can also use nssm downloadable from http://nssm.cc/ to create the service. But some of my tests went wrong with it, as it made the server highly nervous abd unstable.

After Installation Tasks
.Now you should run the Eicar virus test at this website http://www.mtgsy.net/dns/virustest.php. Enter your email address and click submit, if you don"t get the email, good news. Check the clamd log to see that the eicar virus was caught by ClamAv.
.NOw using task scheduler create two tasks to upgrade your virus databses.
The first call it Clamav Update, Action=Start a Program, Program/script=C:\clamav\freshclam.exe, Add Arguments= --config-file=C:\clamav\freshclam.conf
The second to update the SaneSecurity signatures, Action= Start a Program, Program/scripts= C:\clamav\ClamSup\ClamSup.bat
Make sure both tasks run every hour or so, everyday for 24 hours.


PS: Restarting the server at this point if possible, is a good idea.

Happy Messaging :D :D :D :D :D :D :D

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by katip » 2011-11-07 07:03

armo wrote: Install ClamD service
• Launch the command prompt
• Type the following command to create the ClamD service sc.exe create ClamD binPath= C:\Windows\System32\srvany.exe
• At this point launch your services applet and check to see the newly created ClamD service
• Go to recovery tab and choose restart service for all three failures cases, click ok
• Do not start the service yet
• Now launch the registry editor (regedit)
• Navigate to HKEY local machine, system, current control set, services, clamD. Right click it and create a new key name it Parameters
• Right click Parameters and create new string value, name it Application, right click Application key, then modify and enter this C:\ClamAv\Clamd.exe -c C:\ClamAv\Clamd.conf , click ok
• Launch taskmanager, find and end the process ClamD
• From the services start the CLamD Service.
Thanks for this howto.
runclamd.exe is a 3rd party tool which installs itself as native service and watches whether clamd.exe is running. if not it fires it and if clamd stops somehow, it restarts it after a defined interval. looks much more handy than those wrappers + very simple to get working + it's a good watchdog. it was included in old clam-devel SOSDG builds but now nowhere to download anymore as far as i see. in case anyone would like to have a look... attached.

EDIT/ not attached :roll: "Sorry, the board attachment quota has been reached"
Pls PM me if interested.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by ^DooM^ » 2011-11-07 14:50

I have fixed the file upload issue.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by katip » 2011-11-07 17:38

Thanks Doom!

here it is..
Attachments
runclamd.zip
(31.38 KiB) Downloaded 1864 times
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by armo » 2011-11-07 18:07

Thanks Katip for the input, never used it myself. Me too was having problems attaching the config files to make it easier to everyone the modification of the files, but no chance at all.

Thomas Parvais
Normal user
Normal user
Posts: 111
Joined: 2004-12-17 12:21
Contact:

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by Thomas Parvais » 2012-01-31 13:02

Hello

with this nice Howto:

Is it better to use clamwin embedded in hmailserver or external clamdscan ?

If clamwin is better, which parameters to use ?

when it will detect a spam via "clamsup", I presume the complete mail will be deleted, not possible to add a rule to move to SPAM folder as it is possible with antispan mechanisms ? To let the end user do a final check before cleaning Spam folder

Thank you
Interrested by Law & new technologies ?
Intéressé par le droit de l'internet et des nouvelles technologies ?
Visit/Visitez http://www.droit-technologie.org

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by mattg » 2012-01-31 13:37

I wouldn't recommend CLAMWin at all.

I don't believe it is possible to mark and allow through.
I also don't believe I've ever heard of false positives for viruses...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

bescher
Normal user
Normal user
Posts: 123
Joined: 2008-05-26 01:56
Location: Milwaukee Wi
Contact:

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by bescher » 2012-04-17 11:13

Everytime I follow the Tips on installing ClamD I don't see clamd running in Task manager even though it says it is running in the services.msc
I cam stop it, start no problem

In the taskmanager srvany.exe is running (I have tried 15 if not 30 times to install this (running ewall temporarily for now)
and it doesn't install ClamD but srvany.exe

Any ideas

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by mattg » 2012-04-18 14:28

You need to manually refresh the services view, this is one Microsoft window that doesn't auto re-fresh where I'd expect.

Is that your problem perhaps?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

bescher
Normal user
Normal user
Posts: 123
Joined: 2008-05-26 01:56
Location: Milwaukee Wi
Contact:

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by bescher » 2012-04-18 17:12

No
I have even restarted the computer.
The strange thing is I can look at the registry on this computer go to a identical system (running same programs) look at that computers entries and they are identical ( down to parameters and the application entry)
I can install clamav new versions and do the identical install
On three systems and two are fine but the third one always goes to showing clams as a service but it points to servant.exe and hmail doesn't recognize it either

User avatar
jeffshead
Normal user
Normal user
Posts: 80
Joined: 2010-07-26 03:10

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by jeffshead » 2012-05-20 22:42

The link to download ClamAV, in the first post, only provides one version to download. It's for *nix, not Windows.

Here's the correct link:
http://sourceforge.net/projects/clamav/ ... mav/win32/

Also, GFI used to have a free service that would send test emails so you could test your A/V. It looks like GFI no longer provides that service. ClamAV always detected every test email.

Here's another service I found today:
http://www.aleph-tec.com/eicar/index.php

I updated my old tBB ClamAV install with these awesome instructions. However, ClamAV did not detect the virus in one of the emails so it got through.

It's the one that has the test virus in a password protected zip file. Eset detected the file immediately. So does that mean ClamAV cannot scan or detect password protected files?

User avatar
jeffshead
Normal user
Normal user
Posts: 80
Joined: 2010-07-26 03:10

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by jeffshead » 2012-05-20 23:14

jeffshead wrote:So does that mean ClamAV cannot scan or detect password protected files?
I guess not...
http://www.gossamer-threads.com/lists/c ... sers/42607

How come Eset can detect the test virus in a password protected file but ClamAV cannot?

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by Bill48105 » 2012-05-21 07:27

jeffshead wrote:
jeffshead wrote:So does that mean ClamAV cannot scan or detect password protected files?
I guess not...
http://www.gossamer-threads.com/lists/c ... sers/42607

How come Eset can detect the test virus in a password protected file but ClamAV cannot?
I'd guess they have added the compressed file itself to the signatures (vs what is inside it which requires knowing the password, dictionary attack etc) otherwise perhaps a very old ZIP format is used for the test that was pretty easy to break (still unlikely to be fast enough to be the case) because there is no way any AV is going to crack open any of the modern encrypted password protected formats in real-time on a personal computer. ;) Do a test. Put one of the ones eset detects inside a password protected 7z/rar or modern zip file & test, bet it doesn't detect unless you use stupid simple password like 'test' UNLESS it detects all password protected archives as potential threat in which case it'd be wide open for false positives too.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
jeffshead
Normal user
Normal user
Posts: 80
Joined: 2010-07-26 03:10

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by jeffshead » 2012-05-21 08:45

Bill48105 wrote:...there is no way any AV is going to crack open any of the modern encrypted password protected formats...
:idea: Now it makes sense! I'll bet Eset has a definition just for that particular test file. Big whoop!

FiShBuRn
Normal user
Normal user
Posts: 88
Joined: 2007-06-29 16:43

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by FiShBuRn » 2012-12-20 20:01

Is it possible to upload ClamSup and rsync packages? Because the hideout site is down...

Thanks


User avatar
jeffshead
Normal user
Normal user
Posts: 80
Joined: 2010-07-26 03:10

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by jeffshead » 2012-12-22 19:05

FiShBuRn wrote:Just found them here: http://vamsoft.com/downloads/articles/clamav-tools.zip
Thanks for sharing. I was just about to reply with a download link for you :wink:

random
Normal user
Normal user
Posts: 109
Joined: 2006-07-16 09:51
Location: Germany

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by random » 2012-12-22 22:57

BTW:
I got reasonable good results running clamd at system start using the task scheduler and updating with freshclam and the "NotifyClamd"-option. So I don't need to restart clamd.

may be an alternative to srvany or runclamd.

lg
random

User avatar
jeffshead
Normal user
Normal user
Posts: 80
Joined: 2010-07-26 03:10

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by jeffshead » 2012-12-23 01:01

I use srvany on a Windows 2008 x64 box with zero issues. I went this route because it's simple to set up and I did not want to leave the machine in a logged on state.

I use Always Up (http://www.coretechnologies.com/products/AlwaysUp/) for some other apps with no problems so I suppose it would be another great option for clamAV if you require a logged off state but it's not free. Plus it will automatically restart clamD and it can notify you if the app crashes.

ehych
New user
New user
Posts: 7
Joined: 2013-06-03 17:05

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by ehych » 2013-11-11 04:11

Hi everyone, I've been struggling a lot to make the Task Schedule for ClamSup work, if someone else runs into the same problem as me (0x1 error) the solution is that in Action=Start a Program, you should also state the "Start in (optional)" path, which would be C:\clamav\ClamSup\
Thanks for the great tutorial!

ronint
New user
New user
Posts: 1
Joined: 2014-03-20 11:54

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by ronint » 2014-03-20 11:59

Hello

i installed and run Hmail-Server on Windows Server 2012 R2 succesfull. Now i want to install ClamAV to check the Emails for Virus. Can i do the procedure for windows server 2008 also for 2012 ?

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecu

Post by mattg » 2014-03-21 03:45

Yep I think so
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

pethkaqeni
New user
New user
Posts: 1
Joined: 2017-06-21 16:40

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecurity

Post by pethkaqeni » 2017-06-21 16:41

Thank You Very Much :)

Tested on a Windows Server 2016

drakakistours
Normal user
Normal user
Posts: 49
Joined: 2017-10-22 08:23

Re: HOWTO:Windows Server 2008, Hmailserver, ClamAv, Sanesecurity

Post by drakakistours » 2018-01-26 10:53

Thanks so much!

Running on Windows Server 2012 using the runclamd service

:D

Post Reply