HOWTO: CLAMAV (W32-tBB build)

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

HOWTO: CLAMAV (W32-tBB build)

Post by DFitch » 2008-12-22 00:43

This how-to was created for those that may have used clamAV for windows (http://w32.clamav.net/) which hasn't been updated in some time or for FIRST TIME users.

First download clamAV and install ClamAV. (leave default paths or make sure you modify conf files)

http://hideout.ath.cx/ClamAV/ (suggest installer for first time)

Edit clamd.conf and freshclam.conf if you want to enable logging.(uncomment lines) Then run freshclam.exe to update your signatures, since they are NOT installed with program. ( you can later setup freshclam in scheduler for auto updating)

Next, we will setup clamD as a service.

*Download instsrv.exe and srvany.exe, place those files in same directory of clamAV.
Windows Server 2003 Resource Kit Tools
*Goto dos prompt(cmd) and to directory of clamav(default is c:\clamav), enter: >instsrv.exe clamD c:\directory-of-srvany.exe(use path to srvany.exe)
*Will see it was installed as service, then you must go edit your Registry for it.
-------------------------------------------------------------------------------------------------------
NOTE: It is dangerous to edit the registry, follow carefully

*Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services clamd
*Right click on clamd and create a new Key called Parameters
*Right click on Parameters and create a new String Value called Application
*Edit the new Application REG_SZ and add c:\path-to\clamd.exe -c c:\path-to\clamd.conf
--------------------------------------------------------------------------------------------------------
Then you can start and stop clamd in Services.

Now that clamAV is installed and clamd is running as a service you have 2 methods of calling clamAV with hMailserver.

1. Use ClamWin tab under Antivirus

Path to Executable:
C:\path-to\clamdscan.exe --config-file=c:\path-to\clamd.conf

Path to Database:
C:\path-to\data

2. Use external virus scanner tab

Scanner executable:
c:\path-to\clamdscan.exe --config-file=c:\path-to\clamd.conf "%FILE%"

Return value: 1

Either method make sure you check the appropriate box then hit Save!
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

djamell
New user
New user
Posts: 15
Joined: 2009-04-12 03:55

Re: HOWTO: CLAMAV (W32-tBB build)

Post by djamell » 2009-04-13 16:43

After following the steps to run clamD as a service I tried to start the service and got the following message.

"The clamD service on Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service."

The "Startup Type" is set to "Automatic"

Is this normal, or did I do something wrong?

Thanks in advance.

User avatar
OlivierA
New user
New user
Posts: 2
Joined: 2007-08-23 17:11
Location: France

Re: HOWTO: CLAMAV (W32-tBB build)

Post by OlivierA » 2009-04-14 18:17

Hi,

you have to have the virus database downloaded first using freshclam.exe...

Olivier
hMailServer 5.1 b340
ClamAV 0.95.1
RoundCube v0.2

djamell
New user
New user
Posts: 15
Joined: 2009-04-12 03:55

Re: HOWTO: CLAMAV (W32-tBB build)

Post by djamell » 2009-04-14 18:32

I did that, and just updated to ClamAV 0.95.1 and ran Freshclam again. Freshclam reports that it is fully Up to date.

It still gives the same error when try to start the service.

Uzi1
Normal user
Normal user
Posts: 37
Joined: 2008-11-09 01:12

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Uzi1 » 2009-04-14 18:57

djamell wrote:It still gives the same error when try to start the service.
Did you look at the Windows event log if there is an entry created?

djamell
New user
New user
Posts: 15
Joined: 2009-04-12 03:55

Re: HOWTO: CLAMAV (W32-tBB build)

Post by djamell » 2009-04-14 22:08

Yes. I get a standard "Information" entry in the System Event Log for the "Service Control Manager" for both the Starting and Stopping of the ClamD service. No errors. There is nothing in the Application Event Log.

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: HOWTO: CLAMAV (W32-tBB build)

Post by DFitch » 2009-04-17 05:21

Couple things you may want to check,

When installing the service make sure you use svrany.exe for service not clamd.exe
@CMD prompt make sure its similar to: instrsrv.exe clamD c:\clamAV\srvany.exe

also review your registry entries.
If you forgot the Key 'Parameters' with the Application path you will run into problems.

also check your clamd.conf file, you can attach to me in a private message as well.

Do you have anything in clamd log?

D
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

MAllen
New user
New user
Posts: 17
Joined: 2008-08-31 04:49
Location: Modesto, Calif. USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by MAllen » 2009-04-17 05:50

Do you have the path to ClamAV entered in the registry? The newest versions of ClamAV seem to require that path information be stored in the registry.

You can download a pre-made .reg file from here.

The paths in the .reg file assume that you have ClamAV installed in c:\clamav and that the data files are in c:\clamav\data. If you installed ClamAV to another folder you will need to edit the .reg file before "merging" it into the registry.

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2009-04-17 18:55

Hi all!
MAllen wrote:Do you have the path to ClamAV entered in the registry? The newest versions of ClamAV seem to require that path information be stored in the registry.
Those registry settings are not required for normal usage except for calling ClamAV from any place without adding --config-file= to the command line. As for the service issue, the best way to use ClamD as service is it's internal service mode:

1) - Start a CMD prompt in the ClamAV dir.
2) - Create the service by entering "Clamd.exe --install" at the CMD prompt.
3) - Start the ClamD service with "ClamD.exe --daemon --config-file=c:\clamav\clamd.conf" (If you haven't installed ClamAV in c:\clamav you must of course change the path to the clamd.conf accordingly).
MAllen wrote: You can download a pre-made .reg file from here.

The paths in the .reg file assume that you have ClamAV installed in c:\clamav and that the data files are in c:\clamav\data. If you installed ClamAV to another folder you will need to edit the .reg file before "merging" it into the registry.
I'd suggest using the installer because it sets the registry path to the installation path entered by the user.

Best regards,

Nico

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Slug » 2009-04-27 13:38

tBB wrote:Hi all!

Best regards,

Nico
Welcome to the hMs forum ...
Missing Hmailserver ... Now running Debian servers

susheel
Normal user
Normal user
Posts: 51
Joined: 2008-07-04 21:09

Re: HOWTO: CLAMAV (W32-tBB build)

Post by susheel » 2009-05-06 11:17

hi,

In my case clamd service stops scanning emails automatically in sometime and i need to restart the service everytime to make it working. After restarting for a few minutes, it works and then intermittently stops. Emails then get piled in the queue and i need to keep on restarting the service to get it running. Any ideas as to why is this happening? I am using the latest version of Clamd and logging is enabled. I see no errors in the logs as well.

Susheel

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2009-05-21 12:52

susheel wrote:hi,

In my case clamd service stops scanning emails automatically in sometime and i need to restart the service everytime to make it working. After restarting for a few minutes, it works and then intermittently stops. Emails then get piled in the queue and i need to keep on restarting the service to get it running. Any ideas as to why is this happening? I am using the latest version of Clamd and logging is enabled. I see no errors in the logs as well.

Susheel
Hi,

sorry for coming back that late but I don't visit the forum regularly so in case of problems please contact me directly. As for your issue, what ClamAV version are you using? If it's one below 0.95.1c please try the current one. If there is a on-access virus scanner installed at the system, please exclude hMailserver's temp dir where mails are extracted to from the scan.

Best regards,

Nico

susheel
Normal user
Normal user
Posts: 51
Joined: 2008-07-04 21:09

Re: HOWTO: CLAMAV (W32-tBB build)

Post by susheel » 2009-05-25 15:58

hi Dfitch,

How do i contact you directly? Can i have your email address please? As far as the version of clam is concerned, its the latest 0.95.1c. The error i get in the clam log is ERROR: WSAEnumNetworkEvents() failed 10038. I don't know what do we mean by this error, but even after this error, clamd works for some while and suddenly hangs. I need to restart it pratically every time when i see no activity. Do you need my clamd.conf file? I will appreciate your help to resolve this issue :(

Regards,

Susheel

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2009-05-26 11:34

susheel wrote:hi Dfitch,
Who?
susheel wrote: How do i contact you directly? Can i have your email address please?
You will find my email address several times in the documentation and at the page where you've downloaded the distribution from.

Best regards,

Nico

User avatar
pepsi
Senior user
Senior user
Posts: 419
Joined: 2008-08-21 20:58
Location: Netherlands

Re: HOWTO: CLAMAV (W32-tBB build)

Post by pepsi » 2009-05-26 12:30

You can also use the PM buttons under every post. so you can contact persons 1 - 1 :)

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2009-05-27 11:48

Susheel,

I got your mail but if you want me to help you then you should perhaps change the configuration of your SMTP to be less draconic:

SMTP error from remote mail server after end of data:
host xxx.xxxxxxxxxx.xxx [xxx.xxx.xx.xx]: 557 Your domain hideout.ath.cx does not have a valid MX DNS record. Disconnecting...

Hideout.ath.cx is a dyndns domain but the mail was sent by the (valid) MX of my ISP.

However, for your convenience I'm posting the reply here:

What OS are you using?
What is connecting to ClamD? ClamDscan or some third party application?

As for your ClamD.conf, you should change the following:

"MaxThreads 10" to "MaxThreads 2"

If you use third party signatures and my ClamSup script you should also
change:

"SelfCheck 1800" to "SelfCheck 0"

in ClamD.conf and make sure notifying ClamD is enabled in freshclam.conf:

"NotifyClamd c:\clamav\clamd.conf"

Of course sending of the reload signal to ClamD needs to be enabled in the script's cfg file as well.

If the error still persists, please enable the debug mode in clamd.conf
by setting "Debug yes" and show me the last 5-10 lines of the debug log
when ClamD hangs.

Best regards,

Nico

amr123
Normal user
Normal user
Posts: 50
Joined: 2006-02-24 00:55
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by amr123 » 2010-02-17 14:42

Thanks for the great how to

i'd like to ask , is there any thing i should do with the .conf fles ? or i should leave it as it is

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-02-17 14:52

If you installed ClamAV in c:\clamav the default config settings are usually OK.

Best regards,

Nico

amr123
Normal user
Normal user
Posts: 50
Joined: 2006-02-24 00:55
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by amr123 » 2010-02-17 16:30

Thanks tBB for you fast reply

do you advice to allow scanning Arcvhived files ?

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-02-18 07:45

Yes (that's why it is the default setting) :)

Best regards,

Nico

aehimself
New user
New user
Posts: 13
Joined: 2008-10-30 14:44
Location: Budapest, Hungary
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by aehimself » 2010-06-03 12:35

Instead of using SRVANY & INSTSRV I recommend NSSM, which does basically the same job but has a few advantages compared to them:
- It has a built-in watchdog, so if the application executed by NSSM crashes the service will be restarted automatically
- Uses less system resources (I admit a few 100 kbytes don't count much compared to memory sizes nowdays but hey - this is an advantage too :D)
- Developer keeps it updated
- Logs nice events to the Window$ Event Log
- Fully compatible with services previously ran via SRVANY (just have to change SRVANY to NSSM in Registry)
- Not a M$ product lol

I'm running the Win32 version of ClamAV (is this the "official" Win32 version?) with NSSM for a few months now and I experienced no crashes at all and ClamAV already cought a number of viruses too.

Download NSSM HERE
(\ /)
(O.o)
(} {)o
This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-06-03 15:37

Wow cool. Thanks aehimself! Nice find! Will add it to my arsenal. :D
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-06-03 20:36

aehimself wrote:I'm running the Win32 version of ClamAV (is this the "official" Win32 version?)
Yes it is.
aehimself wrote:with NSSM for a few months now and I experienced no crashes at all and ClamAV already cought a number of viruses too.
Nice tool indeed but wrong thread :) The ClamAV version this thread is referring to has a built-in service mode, hence it gets restarted by Windows in case it crashes.

Best regards,

Nico

greg1804
New user
New user
Posts: 10
Joined: 2007-04-27 14:16
Location: Paris

Re: HOWTO: CLAMAV (W32-tBB build)

Post by greg1804 » 2010-06-11 12:10

I installed clamav, the service is running but the test file from EICAR are not detected as virus ...
Any idea ???

User avatar
mattg
Moderator
Moderator
Posts: 20132
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO: CLAMAV (W32-tBB build)

Post by mattg » 2010-06-12 05:23

Which service is running?

Have you set the ClamAV executable path in hMailserver external scanning? What settings did you use?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 14:53

Same here with the EICAR file, followed OP's installation instructions to the letter

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-02 15:07

Enable clamd's logging in clamd.conf by removing the '#' in front of

LogFile c:\clamav\log\clamd.log <- adapt the path if needed
LogClean yes

and check the log if 1) ClamD correctly starts up and 2) logs EICAR as clean.

If the log shows that the service correctly started but no entry about a scanned file, something with the call to ClamDScan in hMS is wrong. If it logs EICAR as clean, something with the databases is wrong (unlikely).

Best regards,

Nico

Edit: Don't forget to disable at least the logging of clean files afterwards or the logfile will grow like hell.
Last edited by tBB on 2010-07-02 15:12, edited 1 time in total.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-07-02 15:08

I find it helpful to run command-line apps (like clam, SA, etc) from the CMD prompt to diagnose.. That way you can SEE what's happening & make sure it's working 1st before you add it hmail. I made the mistake once of not doing this & spend an hour chasing my tail to find I had forgotten to run update which was plain as day in my face once I ran manually from the command line.. Won't make that mistake again & highly recommend ALWAYS running command-line apps from CMD during setup & diagnosing issues. ;)
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 15:34

The plot thickens, just tried restarting the clamd service to check logging & get this in the log -

Fri Jul 02 13:27:32 2010 -> ERROR: Malformed database

I also *may* have not been paying enough attention to what was received by the recipient when sending the EICAR file. What was sent was their .com file but what was received was a .txt file saying the attachment had been removed, though I don't know yet whether that was generated by hMail, ClamAV, or Outlook (receiving client)

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-07-02 15:46

No need to send .com attachment.. Just make a text file with the EICAR sample text string and scan that from command line or simply paste it in a normal email if sending from email client into the mail server.. That way you don't have to worry about attachment stripping, MIME encoding etc.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 16:03

Ok, a bunch of questions etc.

I've enabled LogClean in clamd.conf but not seeing any email traffic logged (Question: Should I be?)

Whenever I start the clamd service I get this in the logs: ERROR: Malformed database (Question: Is that normal?)

Sending the EICAR text in an email goes through without any warnings etc.

It seems to me nothing's being checked by clamav (currently using method 1 from OP)

It's been suggested I try clamd from the command line, but I'm not sure how

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-02 16:17

Cloudmaster wrote:I've enabled LogClean in clamd.conf but not seeing any email traffic logged (Question: Should I be?)
Yes. If LogClean is enabled the log will show any file scanned. If nothing is shown then nothing was scanned.
Cloudmaster wrote:Whenever I start the clamd service I get this in the logs: ERROR: Malformed database (Question: Is that normal?)
Surely not and it also means that the ClamD service is not running. It sounds as if you're upgrading from ClamAV 0.95 or below. Delete all databases in c:\clamav\data, then manually run FreshClam and let it update the databases. Then re-start the service.
Cloudmaster wrote:It's been suggested I try clamd from the command line, but I'm not sure how
Simply start clamd.exe manually. If it starts, nothing is wrong with the cfg file and databases. If not, see what it writes in it's window.

What version of ClamAV are you using (Installer or zip)?

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 16:59

Ok, it's starting to look like I've screwed my system up. I had previously installed ClamWin, but after finding this howto uninstalled it (it was installed in a different directory).

I've since rebooted the server (after my 1st attempt at this install)

Version is 0.96.1 (installer)

Populating the data directory seems to go well with freshclam.exe

The following is output when trying to run clamd.exe from the command line -

C:\clamav>clamd.exe
LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
LibClamAV Error: cli_ac_addpatt: Can't allocate memory for next->trans
LibClamAV Error: cli_parse_add(): Problem adding signature (3).
LibClamAV Error: Problem parsing database at line 48308
LibClamAV Error: Can't load main.ndb: Malformed database
LibClamAV Error: cli_tgzload: Can't load main.ndb
LibClamAV Error: Can't load c:\clamav\data\main.cvd: Malformed database
ERROR: Malformed database

C:\clamav>

Going to try & uninstall - reboot - reinstall to see if that fixes anything

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-02 17:13

Cloudmaster wrote:LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
LibClamAV Error: cli_ac_addpatt: Can't allocate memory for next->trans
LibClamAV Error: cli_parse_add(): Problem adding signature (3).
LibClamAV Error: Problem parsing database at line 48308
LibClamAV Error: Can't load main.ndb: Malformed database
LibClamAV Error: cli_tgzload: Can't load main.ndb
LibClamAV Error: Can't load c:\clamav\data\main.cvd: Malformed database
ERROR: Malformed database
That's strange. It can't be a real memory problem as ClamAv doesn't even load it's main database. Somehow I also doubt that re-installing will solve the problem. Are you using the generic or a CPU optimized version and what CPU does the server have?

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 17:42

Ok, about to give up. Downloaded a fresh copy of the 'generic' installer from http://hideout.ath.cx/ClamAV/

Same error as last posted when trying to run clamd.exe from the command line

Server is a VPS running Windows Server 2003, claims to have a dual core AMD Opteron

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-02 18:39

Cloudmaster wrote:Server is a VPS
I don't have the possibility to test ClamAV on a Virtual Server but judging from past experiences with VM's I'd say this is most probably the reason for the issue. Perhaps the Admin can help you?

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 20:38

I can't believe it can be this problematic, don't really want to start involving my hosts support people on this, guess I'll have to try & find another AV solution that will work with hMail

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-02 21:05

Cloudmaster wrote:I can't believe it can be this problematic, don't really want to start involving my hosts support people on this
You should believe it. If you google for http://www.google.com/search?q=mpool_ma ... 4+bytes%29 you will find that this error only occurs if the host OS doesn't allow a ClamAV to allocate enough memory.
Cloudmaster wrote:guess I'll have to try & find another AV solution that will work with hMail
That's up to you. If it needs to be free and run under Win2k3 - good luck.

Best regards,

Nico

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-07-02 21:16

I run numerous VM's and don't really run into issues related to it being a virtual box vs real one.. Keeping clock in sync requires some attention but otherwise I have centos 4 & 5 & about every modern version of doze running in VM's.

I didn't scroll back to re-read the entire thread but did you double check file/folder permissions? Maybe try one of the command line clam scanners instead of trying to get clamd working?

It's unfortunate that hmail doesn't have native clamd client built in because it'd be a LOT more efficient & a LOT easier to setup so feel free to go vote for it to be added:
http://www.hmailserver.com/forum/viewto ... =2&t=14934
(Can't imagine who in their right mind would vote AGAINST it unless perhaps they don't understand what they're voting on..)

In the meantime you might check out something like:
http://www.tooms.dk/software/mswclamdscan/default.asp

Of course that required having clamd working which could just complicate things but IMO it's worth it.

Otherwise your issue doesn't appear to be hmail related but rather with getting clam to work based on the errors in your posts.. Obviously you can't blame hmail because clam doesn't work. :D

If you're done dealing with clam for now you can try one of the many command line scanners available but realize performance will suffer greatly with most any of them that requires loading in the virus DB on every spawn of exe..
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-02 23:29

I think I'm getting somewhere. Most of the reading I've done seems to indicate the memory problem lies with the size of the virus signatures. I renamed main.cvd so it wouldn't be used & started clamd from the command line, which seemed to start ok. In another DOS window I ran clamdscan (which I'd normally run from hMail), below is the output -

C:\Documents and Settings\Administrator>C:\clamav\clamdscan.exe --config-file=C:
\clamav\clamd.conf
C:\Documents and Settings\Administrator\NTUSER.DAT: Can't open file or directory
ERROR
C:\Documents and Settings\Administrator\ntuser.dat.LOG: Can't open file or direc
tory ERROR
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows\UsrClass.dat: Can't open file or directory ERROR
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows\UsrClass.dat.LOG: Can't open file or directory ERROR

Now to my question, are the 'Can't open file or directory' statements referring to what preceeds them or the ClamAV directories?

p.s. if anyone thinks this is going off topic please say so

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-04 10:25

Cloudmaster wrote:I think I'm getting somewhere. Most of the reading I've done seems to indicate the memory problem lies with the size of the virus signatures. I renamed main.cvd so it wouldn't be used & started clamd from the command line, which seemed to start ok.
Even if it starts OK it makes no sense to run ClamD without it's main database. It only proves that ClamD can't allocate enough memory like I've mentioned. The main database will be rewritten at the next FreshClam run anyway. The issues you have probably read about refer to third party signatures e.g. the SaneSecurity ones and this problem has been solved in 0.96.1.
Cloudmaster wrote:C:\Documents and Settings\Administrator>C:\clamav\clamdscan.exe --config-file=C:
\clamav\clamd.conf
C:\Documents and Settings\Administrator\NTUSER.DAT: Can't open file or directory
ERROR
C:\Documents and Settings\Administrator\ntuser.dat.LOG: Can't open file or direc
tory ERROR
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows\UsrClass.dat: Can't open file or directory ERROR
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows\UsrClass.dat.LOG: Can't open file or directory ERROR

Now to my question, are the 'Can't open file or directory' statements referring to what preceeds them or the ClamAV directories?
If you start ClamDScan without a filename as parameter it will scan everything below the directory where you started it. These files are locked by the OS and can't be scanned by ClamDScan.

Best regards,
Nico

fabiosergio
New user
New user
Posts: 1
Joined: 2010-07-05 19:00

Re: HOWTO: CLAMAV (W32-tBB build)

Post by fabiosergio » 2010-07-05 19:43

Hi, all!

CLAMWIN
I found clamwin, but they say that's not stable in windows, (stay way :D)!!

CLAMAV by immunet
I just tryed this but it's completly diferent from the original ClamAv... (sound's good for Desktop envoriments', not to mail, servers, etc...)

CLAMAV (tBB)
Sounds great, and at the moment i'm trying this one


To install i've download ClamAV 0.96.1 - Optimized for INTEL P4 and higher - Installer
1- download
2- run the installer (dir c:\clamav)
3- run freshclam.exe
4- register as a service:
4.1) - Start a CMD prompt in the ClamAV dir.
4.2) - Create the service by entering "Clamd.exe --install" at the CMD prompt.
4.3) - Check in System services, and its there, but in manual startup type (should I change to Automatic???)
Wen I try to start the service always give a error ("Error 1053: The service did not respond to the start or control request in a timely fashion"
5- shedule task for freshclam.exe for every monday's

6- Start the ClamD service with "chp ClamD.exe --daemon --config-file=c:\clamav\clamd.conf". With that I could see clamav process with aproximated 180MB of RAM. (Thats normal??)
7- Add to hmailserver: Settings-> Anti-virus->ClamWIN.
exec: c:\clamav\clamd.exe --config-file=c:\clamav\clamd.conf
database: c:\clamav\data
(In executable i tryed c:\clamav\clamd.exe | to c:\clamav\clamdscan.exe | c:\clamav\clamscan.exe)

Questions?
1- I have Win server 2008 64bits with Intel Xeon, should I run this version (tBB) or try another port?? Or try to compile myself the ClamAV?

2- It's recomended or needed the service of ClamAv runing to hmailserver make the scan's in mails? (I tryed and hmail checks the mails even with the service not runing)

3- What sould we use, Clamd.exe or Clamdscan.exe or Clamscan.exe? In my server I only reveive mails with attachements wen I have Clamd.exe. With Clamdscan or clamscan the mail never arrive and in the hmail logs say that been delivered.

4- Auto-update? Needs to add the shedule task in windows (freshclam.exe)? once a day or a week?

5- In regedit I didn't found any entry (LOCAL_MACHINE\Software\ClamAV). Should I enter manualy?? or run the reg file in docs folder??

6- If the Clamd service it's recomend/needed to stay runing to hmailserver scan's how could I put with auto start with windows?? Maybe in the service, change to Automatic startup?? But I cant start the service...


In this moment I have:
ClamAV in c:\clamav\
c:\clamav\clamd.exe and c:\clamav\data in hmailserver configured in ClamWin settings
Don't have any entry in regedit refered to ClamAV
Don't have the service runing by the comand line (ClamD.exe --daemon --config-file=c:\clamav\clamd.conf)
Don't have the service runing in Windows Service manager (I couldn't start that even with parameters)

But I tryed to send mails with virus (eicar.com) and the hmailserver detects and removes then and add subject...
They work but I don't now if is this the best configuration....


Sorry for the long post, but I think that will respond to almost question of new users of Clamav (tBB)

If somebody could respond even if it's one of the my questions i apreciated!!
Thanks.

bescher
Normal user
Normal user
Posts: 123
Joined: 2008-05-26 01:56
Location: Milwaukee Wi
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by bescher » 2010-07-06 09:15

Not to be a smart ass but I would go to the very beginning of this thread and follow the instructions that D Fitch has for using the TBB version. This instruction works and is very good. I have been using it on 3 servers for all most 3 years with no issuies. You need to install clamd d as a service and although there are other post about using other products I like srvany.exe and instalsrv.exe as mentioned in the thread.
Yes it is common to see 188 or more of memory being used.
If installed right and you also download the clamsup entries on the TBB page. It will update itself if you change the config files. Or do it manually (I check them once a day = as far as I am concerned "the more the better" when it comes to updating the virus definitions.

Hope this helps

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-06 11:21

bescher wrote:Yes it is common to see 188 or more of memory being used.
No wonder I was getting the problems I was getting :lol:

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-07-06 12:55

Cloudmaster wrote:No wonder I was getting the problems I was getting :lol:
He uses third party signatures in conjunction with my ClamSup script which means that, if all third party signatures are enabled ClamAV uses more than one million signatures but even then it shouldn't be a problem for most systems. On your system ClamAV wasn't even able to load it's (much smaller) standard signature set for whatever reason.

However, the next 0.96.2 ClamAV version will consume about 30% less memory and also load the signatures much faster.

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-07-06 12:57

Thanks Nico, I'll look out for that & give it a try when available

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

ClamAV 0.96.2

Post by tBB » 2010-08-19 13:48

ClamAV 0.96.2 is now available at http://hideout.ath.cx/clamav

Thanks to everyone at this forum who suggested improvements, reported bugs etc. :)

Best regards,

Nico

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-08-19 14:42

Thanks Nico!
I take back all the bad things I've said about clam on windows because of your builds. I've beat it up trying to find a fault & it works dandy so excellent job. If it were up to me you'd have a sticky thread or heck put you on the main download page. :)
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-08-19 15:15

Bill48105 wrote:Thanks Nico!
I take back all the bad things I've said about clam on windows because of your builds. I've beat it up trying to find a fault & it works dandy so excellent job. If it were up to me you'd have a sticky thread or heck put you on the main download page. :)
Thanks mate :D

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-08-19 19:57

Looks like this version will work on my system :D (see log), but unfortunately memory has become an even scarcer resource since my last post so don't know if I'll be able to keep it running

Thu Aug 19 17:34:31 2010 -> C:\Program Files\hMailServer\Data\{7CC23640-D7D4-4E3E-8DE2-959414DC40E6}.eml: OK
Thu Aug 19 17:39:41 2010 -> C:\Program Files\hMailServer\Data\{701E08E0-9BC6-4441-BFD4-225A6D7E3E30}.eml: OK
Thu Aug 19 17:39:41 2010 -> C:\Program Files\hMailServer\Temp\{31EA4D74-149A-4881-A78C-3B18E7D72488}.tmp: OK
Thu Aug 19 17:43:01 2010 -> C:\Program Files\hMailServer\Data\{F62514DA-4EBA-4150-AB54-B6BCD3286293}.eml: Eicar-Test-Signature FOUND
Thu Aug 19 17:46:39 2010 -> SelfCheck: Database status OK.
Thu Aug 19 17:46:39 2010 -> C:\Program Files\hMailServer\Data\{F13D1821-C5D9-495B-BA02-78F940EE9BDE}.eml: OK

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-08-19 20:02

Cloudmaster,
You seeing the ~30% decrease in RAM usage by clam as stated in the change log? Not had time to try myself & fig'd I'd ask.
Thx
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-08-19 20:07

Afraid I can't answer that accurately because the previous version just wouldn't run on my system. There's obviously a decrease in memory usage but I can't say how much by

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-08-19 20:18

Oh OK thanks. So you must be REALLY low on memory if you couldn't run the older version. Got any services/apps you can unload or reconfigure to consume less? (Suppose we're goin a bit off topic but figured I'd ask.)
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-08-19 20:23

It's running on a Windows Server 2003 VPS with about 400MB memory available. To make things worse, the group I manage the server for have decided to move their website over to it, meaning I've had to install PHP & a few other bits to accomodate it.

As I said, memory is at a premium & when the website goes live ClamAV might have to go

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Bill48105 » 2010-08-19 20:37

Good news for you is that when 5.4 comes out you should be able to install clamd on another computer there if you have one handy & offload the memory there. (Was thinking to myself if had another computer you wouldn't have so much on 1 box so perhaps it won't help you much! lol Teach me for not thinking before typing!) Anyway, perhaps for some people maybe clamd could be installed on a workstation that cannot run web/mail server for example. For you sounds like you need 2nd VPS or upgrade to next higher package. ;)
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-08-19 20:45

Cloudmaster wrote:It's running on a Windows Server 2003 VPS with about 400MB memory available
If you're referring to the amount of free memory that should really work. One of my machines is a ancient Dual P3-500 with 512Mb ram. This machine runs a web server, webmail, mail server, ClamD (with 3rd party signatures), ftp server, syslog server, UVNC server etc. under Win2k without a problem. Just don't let PHP use too much memory (see php.ini) and disable unneeded services.

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-08-19 20:50

Sorry, that wasn't free memory, it's total memory

User avatar
tBB
Senior user
Senior user
Posts: 268
Joined: 2009-04-17 18:10
Location: The land of Beer and Sauerkraut!
Contact:

Re: HOWTO: CLAMAV (W32-tBB build)

Post by tBB » 2010-08-19 21:08

Cloudmaster wrote:Sorry, that wasn't free memory, it's total memory
Ouch. IMO a provider that offers a VPS with only 400Mb and Win2k3 is somewhat shameless. In this case:
Bill48105 wrote:For you sounds like you need 2nd VPS or upgrade to next higher package. ;)
;)

Best regards,

Nico

Cloudmaster
Normal user
Normal user
Posts: 87
Joined: 2010-06-29 16:41

Re: HOWTO: CLAMAV (W32-tBB build)

Post by Cloudmaster » 2010-08-19 21:15

At the time it was ideal for our requirements, they've risen quite a bit since then :shock:

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: HOWTO: CLAMAV (W32-tBB build)

Post by DFitch » 2010-08-20 17:51

Great work Nico as usual.

Haven't tried your installer updates, i'm sure they work great for newcomers, still using archive ones and srvany, if It isn't broke don't fix it... hehe!

Memory with sanes, etc went from 175 to 118.

D :mrgreen:
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

Post Reply