Page 1 of 1

ClamAV - Server 2008

Posted: 2011-10-21 15:42
by segamegadave
Hi,

We have just started using hMailserver and have to say that coming from an iMail background so far we are very impressed. After a relativley painless install and migration the only issue we have is that ClamWin maxs the CPU on the server each time it scans a new mail.

After doing a little reading I can see that many people have implemented ClamAV, however everything I can seem top find is related to Server 2003

Can anyone please point me in the direction of a howto or guide for installing ClamAV on Server 2008 R2 Standard x64 for use in conjunction with hMail 5.3.3

Many thanks in advance for any replies.

Re: ClamAV - Server 2008

Posted: 2011-10-21 18:35
by sckramer2
I'm in the middle of doing that...

here is the official clamav (win32 build)

http://sourceforge.net/projects/clamav/ ... mav/win32/

it is working fine, just setting it up as a service now--

Re: ClamAV - Server 2008

Posted: 2011-10-24 09:50
by segamegadave
sckramer2 wrote:I'm in the middle of doing that...

here is the official clamav (win32 build)

http://sourceforge.net/projects/clamav/ ... mav/win32/

it is working fine, just setting it up as a service now--
Hi sckramer2,

Many thanks for your reply.

I'd be very interested to know how you go on and what steps you have taken.

Does this version of clamav update itself?

Cheers

Dave

Re: ClamAV - Server 2008

Posted: 2011-10-28 14:07
by segamegadave
I now have ClamAV working using the Hideout version. However I notice that although freshclam updates the signatures certain elements of the engine are out of date, If anyone has any information on using the latest win32 build I would be very grateful.

Re: ClamAV - Server 2008

Posted: 2011-10-31 14:47
by Slug
segamegadave wrote:I now have ClamAV working using the Hideout version. However I notice that although freshclam updates the signatures certain elements of the engine are out of date, If anyone has any information on using the latest win32 build I would be very grateful.
Was thinking the same thing ...

Re: ClamAV - Server 2008

Posted: 2011-10-31 15:59
by Bill48105
Unless someone comes up with a better method (Nico/tBB's worked well but he's been MIA so no updates in forever) my recommended method is run nix (like centos) either on a separate server/computer or in a virtual machine & install clamd via yum that way it is easy to keep updated & very reliable. Granted hmail 5.3.x doesn't have clamd client built in like 5.4 but there are command-line scanners to use if needed.
Bill

Re: ClamAV - Server 2008

Posted: 2011-11-01 20:45
by sckramer2
just follow the readme (step 1,2,3 not needed it's already compiled, 4 gives you some info) in the official win32 version, it is very easy to get going, no need for that old nico version, it crashed sometimes anyway, that's why it needed clamdog, throw all that out--

extract to c:\clamav

after that from the cmd line I ran clamd.exe, through errors it basically walks you through what it needs (conf files etc, which are in conf_examples, also read the comments in the conf files for help)

then run freshclam.exe (this will need it's conf file set also)

at first you can run clamd.exe straight on the cmd line (use hmail's clamav test button to get it going)

then when it's working, add it as a windows service (I used RunAsSvc.exe, set working dir to c:\clamav)

then use windows scheduler to run freshclam.exe hourly, (clamd checks for changes & reloads virus defs automatically)

if you still have trouble, I could probably zip & attach my clamav dir

Re: ClamAV - Server 2008

Posted: 2011-11-01 23:50
by Bill48105
Cool sckramer2, thanks. Hadn't looked at any Windows clam stuff in awhile & last I knew the official clamwin stuff was awful. Will have to look into it again.
Thx
Bill

Re: ClamAV - Server 2008

Posted: 2011-11-02 17:32
by sanesecurity
Bill48105 wrote:Cool sckramer2, thanks. Hadn't looked at any Windows clam stuff in awhile & last I knew the official clamwin stuff was awful. Will have to look into it again.
Thx
Bill
Hi Bill,

Looks like the official port at sourceforge is the way forward now, as tBB/Nico hasn't
released anything new for ages.

It works well, granted it's not processor optimised, but you can even compile your own version direct from the source, if you've got Microsoft Visual Studio 2010 Express (or above)

http://www.clamav.net/lang/en/download/sources/

Worryingly, I've been emailing Nico for well over 3 years (maybe more thinking about it) and he's always been pretty rapid as replying to emails.. however, the last time I heard from him was 24th Feb 2011.

I've sent numerous emails to both email address that I know and not had any reply back,
he's not posted on any forums and I've not seen any sign of a ClamAV port releases.

Last thing he said was ... "I try to finish the release today or tomorrow" so I'm thinking something bad has happened... hopefully not but no one seems to have heard anything :(

Anyone know of a postal address for him?

Cheers,

Steve
Sanesecurity.co.uk

Re: ClamAV - Server 2008

Posted: 2011-11-02 21:30
by Bill48105
Hey Steve,
Ok thanks I'll have to dig in to keep up even though I use centos in vm myself for clamd but can see why people might want a good Windows option too.

Forum shows his last login blank but his last post was 2011-02-21. Yeah hopefully nothing bad happened. I don't have an address but I bet with enough research info could be found.
Bill

Re: ClamAV - Server 2008

Posted: 2011-11-03 07:34
by agserna
Hi segamegadave.

I use MS Security essentials as AntiVirus.

Recently Microsoft has released a version downloadable and installable (and perfectly working, light and stable) for Windows server 2008 r2.

This is command line for HMS:

"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -Scan -ScanType 3 -File "%FILE%" -DisableRemediation

Return value is: 2

Hope this can be helpful.

Bye

Re: ClamAV - Server 2008

Posted: 2011-11-05 17:58
by armo
Hi sckramer2,
No matter what i did, i couldn't get this thing to go, i always get the error
Can't open/parse the config file C:\ClamAv\Freshclam.conf
I get the same error for Clamd.conf also, despite having both files edited.
Anyways i will stick to my tbb version.

Re: ClamAV - Server 2008

Posted: 2011-11-05 18:35
by armo
OK i withdraw my comments. It was such a stupid move from me, i should've known better. You just need to remove or comment out the word EXAMPLE at the beginning of the example config files for both freshclam.comf and clamd.conf.
BTW, can we post videos in here? I will prepare a video about the topic on both Windows 2003 and 2008 platforms.

Re: ClamAV - Server 2008

Posted: 2011-11-05 18:43
by Bill48105
Cool you figured it out armo. Those little things can be annoying to overlook & find.

No place/way to post videos on forum but could link to youtube or something.
Bill

Re: ClamAV - Server 2008

Posted: 2011-11-05 19:24
by armo
I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks

Re: ClamAV - Server 2008

Posted: 2011-11-05 19:56
by Bill48105
armo wrote:I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks
I'd guess 2 means ERROR vs 0 or 1.. You'd need to check the clam docs. The bigger issue is why it had an error.. Was the wrong path passed to clam? Is clam running under a user without permissions to the EML folder? A background AV delete the EML file before clam got to it? etc
Bill

Re: ClamAV - Server 2008

Posted: 2011-11-05 20:29
by armo
Bill48105 wrote:
armo wrote:I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks
I'd guess 2 means ERROR vs 0 or 1.. You'd need to check the clam docs. The bigger issue is why it had an error.. Was the wrong path passed to clam? Is clam running under a user without permissions to the EML folder? A background AV delete the EML file before clam got to it? etc
Bill
Hi Bill;
Thanks so much for your quick reply and sorry to bugg you. I've already found the cause and fixed it, but you were on the money. The error was caused by ME enabling the temporary database path in clamd.conf to point to C:\clamav\tmp. But after analysing the logs of both hmailserver and clamd, i found out that hmailserver was using C:\Windows\Temp folder as temporary folder for emails, meanwhile clamd was expecting them in C:\vlamav\tmp. so it was obvious that neither of them were able to find what they were looking for. As soon as i commented out the temporary directory setting in clamd.conf, everything went back to normal. Now i receive a result of zero and one. Ran eicar test and some good emails, looks fantastic.
Again sorry, hopefully will help someone else not to play the Smarta$$.
I will now prepare a complete Howto for both 2003 and 2008, because looks like our friend Nico/tbb is nowhere to be found. Shame his version was rock solid.

Re: ClamAV - Server 2008

Posted: 2011-11-05 21:31
by armo
Here you go Bill http://www.hmailserver.com/forum/viewto ... 12&t=21494
The 2008 howto will follow.
:D :D :D :D :D :D :D

Re: ClamAV - Server 2008

Posted: 2011-11-06 05:30
by Slug
sanesecurity wrote: Worryingly, I've been emailing Nico for well over 3 years (maybe more thinking about it) and he's always been pretty rapid as replying to emails.. however, the last time I heard from him was 24th Feb 2011.
The last email I got was the 18th of Feb telling me he was going to release 0.97 over the weekend. But since then I have emailed him as well and no response. So its not looking good for Nico I must say.

Michael

Re: ClamAV - Server 2008

Posted: 2011-11-08 13:40
by segamegadave
Many thanks for everones responses and good work on the guide Armo, I will be interested to see the 2008 version once done.

Cheers

Dave

Re: ClamAV - Server 2008

Posted: 2011-11-09 05:21
by armo
Here you go with server 2008 Howto Dave
http://www.hmailserver.com/forum/viewto ... 12&t=21500