ClamAV - Server 2008

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
segamegadave
New user
New user
Posts: 15
Joined: 2011-10-20 18:11

ClamAV - Server 2008

Post by segamegadave » 2011-10-21 15:42

Hi,

We have just started using hMailserver and have to say that coming from an iMail background so far we are very impressed. After a relativley painless install and migration the only issue we have is that ClamWin maxs the CPU on the server each time it scans a new mail.

After doing a little reading I can see that many people have implemented ClamAV, however everything I can seem top find is related to Server 2003

Can anyone please point me in the direction of a howto or guide for installing ClamAV on Server 2008 R2 Standard x64 for use in conjunction with hMail 5.3.3

Many thanks in advance for any replies.
hMailServer 5.3.3,
Server 2008 R2 Standard
Xeon 2.8ghz
1gb RAM
IIS 7 with Roundcube 0.5.1

sckramer2
Normal user
Normal user
Posts: 134
Joined: 2009-07-31 21:50

Re: ClamAV - Server 2008

Post by sckramer2 » 2011-10-21 18:35

I'm in the middle of doing that...

here is the official clamav (win32 build)

http://sourceforge.net/projects/clamav/ ... mav/win32/

it is working fine, just setting it up as a service now--

segamegadave
New user
New user
Posts: 15
Joined: 2011-10-20 18:11

Re: ClamAV - Server 2008

Post by segamegadave » 2011-10-24 09:50

sckramer2 wrote:I'm in the middle of doing that...

here is the official clamav (win32 build)

http://sourceforge.net/projects/clamav/ ... mav/win32/

it is working fine, just setting it up as a service now--
Hi sckramer2,

Many thanks for your reply.

I'd be very interested to know how you go on and what steps you have taken.

Does this version of clamav update itself?

Cheers

Dave
hMailServer 5.3.3,
Server 2008 R2 Standard
Xeon 2.8ghz
1gb RAM
IIS 7 with Roundcube 0.5.1

segamegadave
New user
New user
Posts: 15
Joined: 2011-10-20 18:11

Re: ClamAV - Server 2008

Post by segamegadave » 2011-10-28 14:07

I now have ClamAV working using the Hideout version. However I notice that although freshclam updates the signatures certain elements of the engine are out of date, If anyone has any information on using the latest win32 build I would be very grateful.
hMailServer 5.3.3,
Server 2008 R2 Standard
Xeon 2.8ghz
1gb RAM
IIS 7 with Roundcube 0.5.1

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: ClamAV - Server 2008

Post by Slug » 2011-10-31 14:47

segamegadave wrote:I now have ClamAV working using the Hideout version. However I notice that although freshclam updates the signatures certain elements of the engine are out of date, If anyone has any information on using the latest win32 build I would be very grateful.
Was thinking the same thing ...
Missing Hmailserver ... Now running Debian servers

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ClamAV - Server 2008

Post by Bill48105 » 2011-10-31 15:59

Unless someone comes up with a better method (Nico/tBB's worked well but he's been MIA so no updates in forever) my recommended method is run nix (like centos) either on a separate server/computer or in a virtual machine & install clamd via yum that way it is easy to keep updated & very reliable. Granted hmail 5.3.x doesn't have clamd client built in like 5.4 but there are command-line scanners to use if needed.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

sckramer2
Normal user
Normal user
Posts: 134
Joined: 2009-07-31 21:50

Re: ClamAV - Server 2008

Post by sckramer2 » 2011-11-01 20:45

just follow the readme (step 1,2,3 not needed it's already compiled, 4 gives you some info) in the official win32 version, it is very easy to get going, no need for that old nico version, it crashed sometimes anyway, that's why it needed clamdog, throw all that out--

extract to c:\clamav

after that from the cmd line I ran clamd.exe, through errors it basically walks you through what it needs (conf files etc, which are in conf_examples, also read the comments in the conf files for help)

then run freshclam.exe (this will need it's conf file set also)

at first you can run clamd.exe straight on the cmd line (use hmail's clamav test button to get it going)

then when it's working, add it as a windows service (I used RunAsSvc.exe, set working dir to c:\clamav)

then use windows scheduler to run freshclam.exe hourly, (clamd checks for changes & reloads virus defs automatically)

if you still have trouble, I could probably zip & attach my clamav dir

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ClamAV - Server 2008

Post by Bill48105 » 2011-11-01 23:50

Cool sckramer2, thanks. Hadn't looked at any Windows clam stuff in awhile & last I knew the official clamwin stuff was awful. Will have to look into it again.
Thx
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

sanesecurity
New user
New user
Posts: 16
Joined: 2011-11-02 17:20

Re: ClamAV - Server 2008

Post by sanesecurity » 2011-11-02 17:32

Bill48105 wrote:Cool sckramer2, thanks. Hadn't looked at any Windows clam stuff in awhile & last I knew the official clamwin stuff was awful. Will have to look into it again.
Thx
Bill
Hi Bill,

Looks like the official port at sourceforge is the way forward now, as tBB/Nico hasn't
released anything new for ages.

It works well, granted it's not processor optimised, but you can even compile your own version direct from the source, if you've got Microsoft Visual Studio 2010 Express (or above)

http://www.clamav.net/lang/en/download/sources/

Worryingly, I've been emailing Nico for well over 3 years (maybe more thinking about it) and he's always been pretty rapid as replying to emails.. however, the last time I heard from him was 24th Feb 2011.

I've sent numerous emails to both email address that I know and not had any reply back,
he's not posted on any forums and I've not seen any sign of a ClamAV port releases.

Last thing he said was ... "I try to finish the release today or tomorrow" so I'm thinking something bad has happened... hopefully not but no one seems to have heard anything :(

Anyone know of a postal address for him?

Cheers,

Steve
Sanesecurity.co.uk

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ClamAV - Server 2008

Post by Bill48105 » 2011-11-02 21:30

Hey Steve,
Ok thanks I'll have to dig in to keep up even though I use centos in vm myself for clamd but can see why people might want a good Windows option too.

Forum shows his last login blank but his last post was 2011-02-21. Yeah hopefully nothing bad happened. I don't have an address but I bet with enough research info could be found.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

agserna
Normal user
Normal user
Posts: 89
Joined: 2011-10-05 23:43

Re: ClamAV - Server 2008

Post by agserna » 2011-11-03 07:34

Hi segamegadave.

I use MS Security essentials as AntiVirus.

Recently Microsoft has released a version downloadable and installable (and perfectly working, light and stable) for Windows server 2008 r2.

This is command line for HMS:

"C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -Scan -ScanType 3 -File "%FILE%" -DisableRemediation

Return value is: 2

Hope this can be helpful.

Bye

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-05 17:58

Hi sckramer2,
No matter what i did, i couldn't get this thing to go, i always get the error
Can't open/parse the config file C:\ClamAv\Freshclam.conf
I get the same error for Clamd.conf also, despite having both files edited.
Anyways i will stick to my tbb version.

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-05 18:35

OK i withdraw my comments. It was such a stupid move from me, i should've known better. You just need to remove or comment out the word EXAMPLE at the beginning of the example config files for both freshclam.comf and clamd.conf.
BTW, can we post videos in here? I will prepare a video about the topic on both Windows 2003 and 2008 platforms.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ClamAV - Server 2008

Post by Bill48105 » 2011-11-05 18:43

Cool you figured it out armo. Those little things can be annoying to overlook & find.

No place/way to post videos on forum but could link to youtube or something.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-05 19:24

I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ClamAV - Server 2008

Post by Bill48105 » 2011-11-05 19:56

armo wrote:I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks
I'd guess 2 means ERROR vs 0 or 1.. You'd need to check the clam docs. The bigger issue is why it had an error.. Was the wrong path passed to clam? Is clam running under a user without permissions to the EML folder? A background AV delete the EML file before clam got to it? etc
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-05 20:29

Bill48105 wrote:
armo wrote:I will defenitly do that Bill. But now i have a different problem,lol. Now i'm receiving a return result of 2 in my hmail logs and the clamd log says "Can't open file or directory ERROR".
Is it possible that this version of clamav has an expected result og 2 instead of 1 in tbb version?
Thanks
I'd guess 2 means ERROR vs 0 or 1.. You'd need to check the clam docs. The bigger issue is why it had an error.. Was the wrong path passed to clam? Is clam running under a user without permissions to the EML folder? A background AV delete the EML file before clam got to it? etc
Bill
Hi Bill;
Thanks so much for your quick reply and sorry to bugg you. I've already found the cause and fixed it, but you were on the money. The error was caused by ME enabling the temporary database path in clamd.conf to point to C:\clamav\tmp. But after analysing the logs of both hmailserver and clamd, i found out that hmailserver was using C:\Windows\Temp folder as temporary folder for emails, meanwhile clamd was expecting them in C:\vlamav\tmp. so it was obvious that neither of them were able to find what they were looking for. As soon as i commented out the temporary directory setting in clamd.conf, everything went back to normal. Now i receive a result of zero and one. Ran eicar test and some good emails, looks fantastic.
Again sorry, hopefully will help someone else not to play the Smarta$$.
I will now prepare a complete Howto for both 2003 and 2008, because looks like our friend Nico/tbb is nowhere to be found. Shame his version was rock solid.

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-05 21:31

Here you go Bill http://www.hmailserver.com/forum/viewto ... 12&t=21494
The 2008 howto will follow.
:D :D :D :D :D :D :D

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: ClamAV - Server 2008

Post by Slug » 2011-11-06 05:30

sanesecurity wrote: Worryingly, I've been emailing Nico for well over 3 years (maybe more thinking about it) and he's always been pretty rapid as replying to emails.. however, the last time I heard from him was 24th Feb 2011.
The last email I got was the 18th of Feb telling me he was going to release 0.97 over the weekend. But since then I have emailed him as well and no response. So its not looking good for Nico I must say.

Michael
Missing Hmailserver ... Now running Debian servers

segamegadave
New user
New user
Posts: 15
Joined: 2011-10-20 18:11

Re: ClamAV - Server 2008

Post by segamegadave » 2011-11-08 13:40

Many thanks for everones responses and good work on the guide Armo, I will be interested to see the 2008 version once done.

Cheers

Dave
hMailServer 5.3.3,
Server 2008 R2 Standard
Xeon 2.8ghz
1gb RAM
IIS 7 with Roundcube 0.5.1

armo
New user
New user
Posts: 29
Joined: 2011-11-04 21:39

Re: ClamAV - Server 2008

Post by armo » 2011-11-09 05:21

Here you go with server 2008 Howto Dave
http://www.hmailserver.com/forum/viewto ... 12&t=21500

Post Reply