HOW TO run Clamwin and have a ClamAV system SERVICE

This section contains user-submitted tutorials.
Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2018-10-30 14:13

vortexofhate wrote:
2018-10-13 00:49
I have everything set up and it is working. I went to go change the definitions to use sanesecurity and they require rsync and recommend using cwRsync, well they no longer offer a free version by the looks of it so I was wondering if anyone had a recommended rysnc version to use?
I'm interested to see if anyone knows if there is an alternative to rsync that works with sanesecurity?
Or does anyone have the download from the old free version available at all?

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2018-10-30 14:52

Gordonh1970 wrote:
2018-10-30 14:13
vortexofhate wrote:
2018-10-13 00:49
I have everything set up and it is working. I went to go change the definitions to use sanesecurity and they require rsync and recommend using cwRsync, well they no longer offer a free version by the looks of it so I was wondering if anyone had a recommended rysnc version to use?
I'm interested to see if anyone knows if there is an alternative to rsync that works with sanesecurity?
Or does anyone have the download from the old free version available at all?
Never mind, I should have waited another hour before posting
I found a free version of rsync for windows at cnet.com https://download.cnet.com/cwRsync/3000- ... 65181.html
Seems as if I have it all setup and running again :D

User avatar
RvdH
Senior user
Senior user
Posts: 1084
Joined: 2008-06-27 14:42
Location: Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2018-11-09 21:43

CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

ricain
New user
New user
Posts: 25
Joined: 2014-11-12 21:37

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by ricain » 2019-10-04 22:36

Thanks for tutorial save my server with the service ;)

MarHMS
Normal user
Normal user
Posts: 116
Joined: 2015-12-11 17:10

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by MarHMS » 2019-10-27 05:02

I'm assuming Clamwin is no longer being updated. We are unable to update ClamAV to 0.101.4.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2019-10-27 08:45

MarHMS wrote:
2019-10-27 05:02
I'm assuming Clamwin is no longer being updated. We are unable to update ClamAV to 0.101.4.
You may post and ask on the clamwin forum or send an email to gianluigi (from netfarms). I last asked thus:
On 05/10/2018 11:13 PM, Jimimaseye wrote:

Hi Gianluigi

Our last conversation was about the possiblity of you updating the Clamwin offerings (as found on the Clamwin website) in line with your compilation/port of Clamav to your windows version (as found at http://oss.netfarm.it/clamav).  At the time (as you can see below) wou were waiting for version 0.100.0 to be released and as such I waited.

Unfortunately, although you have now compiled 0.100.0, the Clamwin port is now offering only 0.99.4 (offered in March).

I use both versions on our mail server to give a multithreaded service using CLAMD.exe (as provided by you) in conjunction with Clamwin front end and relies on the same versions.  Unfortunately the Clamwin versino is (once again) behind.

May I ask if either:

a,  in your repository you still have win32 (VS 2005 32bit build) of version 0.99.4 (clamav-win32-0.99.4.7z) OR
b,  would you be able to port/upgrade the official build of Clamwin (as found at https://sourceforge.net/projects/clamwin/files/clamwin/  ) to 0.100.0 ?


 11 May 2018 14:55:45 BST, Gianluigi Tiesi <sherpya@netfarm.it> replied :

Hi, you can pick old versions here:
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z

I make clamav builds used in clamwin but the project is still ruled by Alex, I'll ask him to make the new rel

Regards

--
Gianluigi Tiesi <sherpya@netfarm.it>
EDP Project Leader
Netfarm
I think "Alex" is 'Alch' on the clamwin forum/project.
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-01-02 14:24

5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

vortexofhate
New user
New user
Posts: 13
Joined: 2014-09-17 20:23
Location: Corona, CA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by vortexofhate » 2020-02-28 23:32

I was wondering if anyone has successfully installed v 0.102.1 x64?

I had the 0.99.4 installed but decided to update. I ended up uninstalling the software since I had the x86 version install so I was starting over from fresh. Every time I try to install the service I get the error of "The ordinal 210 could not be located in the dynamic link library E:|Program Files\ClamAV\clamd.exe"

Any suggestions?

I have tried uninstall and reinstalling again and it was not successful.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-02-28 23:35

You haven't used matching versions so it will not work. You need to match clamwin at 0.99.4.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

vortexofhate
New user
New user
Posts: 13
Joined: 2014-09-17 20:23
Location: Corona, CA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by vortexofhate » 2020-02-29 00:02

Even though the oos.netfarm.it they have version 0.102.1 listed?

I download the 0.102.1 from https://www.clamav.net/. So I thought you could use those version together and it should function?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-02-29 00:49

No. That is not clamwin version. Clamwin version is found on clamwin website. Netfarm does not have clamwin.

I'm afraid deviation from my guide would results in problems (as you are now finding).

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SjoerdNLD
New user
New user
Posts: 5
Joined: 2019-04-03 22:50

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SjoerdNLD » 2020-05-28 22:56

I just extracted https://oss.netfarm.it/clamav/ version 0.102.1 to c:\clamav
followed attached readme.
Made one addition to clamd.conf: TemporaryDirectory c:\clamav\tmp
and added this dir to defender exclusions
set the service to auto and started.

opened hmailserver admin, and save config of clamav.
press test: working ok.

Can somebody tell me why clamwin is needed?
Attachments
README.7z
(1.76 KiB) Downloaded 28 times

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-28 23:17

As the very first post states:
Clamwin doesnt come as a service. ClamAV does, but it doesnt have a usable GUI like Clamwin such as a system tray, on demand Scan in Context Menu and quarantine program.
Reading what is written will help understand why you are reading it. If you don't want clamwin then this thread is not for you and there is no point reading it.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SjoerdNLD
New user
New user
Posts: 5
Joined: 2019-04-03 22:50

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SjoerdNLD » 2020-05-28 23:31

Fully agree with that. quarantaine doesnt work anyway, and the gui clamwin has more risk than advantages.
I recommend to NOT install clamwin, false positives can destroy your os and mailserver. (see http://forums.clamwin.com/viewtopic.php?p=18970#18970 )
Best to only install the fast clamav service to scan incoming mail, let defender or better handle the rest.
And the https://sanesecurity.com/usage/windows-scripts/ signatures

Thanks for clarifying that!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-28 23:58

Amazing. The thread you write in your reasoning was written by me (on the clamwin forum) and, once again, referred to in the very first post. It also then goes on to say:
(More info: http://forums.clamwin.com/viewtopic.php?p=18970#18970 and http://forums.clamwin.com/viewtopic.php?t=4371).

MY ADVICE: If you choose to perform on-demand or periodical scans of your disks using Clamwin, I urge you to modify the configuration window ('Clamwin Preferences - General) to ensure you have:"Infected Files" set to "Report Only"
"Unload Infected Programs From Memory" - UNTICKED
But it also gives you other advice including refraining from using other solutions (especially Defender which is the worst). Your logic to say 'use clamav and not clamwin because clamwin can't be trusted is laughable. It's the same engine! In any case processes and practices have been improved since i reported that 'error' with Cisco Talos (who make it) being a lot more carefully on their definitions. So you either choose clamav (in whatever form you choose) because you trust it organs follow the specific implementation for hmailserver or simply uninstall and put your faith in something else. (No chance of Defender deleting windows files by accident - Defender don't detect anything!)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 1084
Joined: 2008-06-27 14:42
Location: Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2020-05-30 11:50

@jimimaseye

Something that i came across today, not using ClamAV myself, but might be interesting to update sanesecurity databases without using rsync by adding them directly in freshclam.conf

Code: Select all

# Sanesecurity + Foxhole
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/shelter.ldb
taken from here
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 8634
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-30 20:42

Cheers Ruud.

My only concern is this:

With the rsync method, it pulls in any updated definitions once an hour (thats the frequency Sane do their updates). Clam checks to detect if there is a change in the definitions every 10 minutes (ie, has rsync changed anything) and if it detects then it reloads the definitions in to memory.

However, the method you pointed to relies on 2 things:

1, that web server being available (it is 3rd party after all)
and having up to date definitions (Sane may have updated them within the last hour but has that repository been and reflected the changes? ) And
2, the method of loading them in to memory seems to (by the config file ) at time of service load. So who or what is going to reload the service to get the updated definitions? And how often?

In any case, even if that repository is update we don't know how often after Sane updated and so there will be a further delay between Sane (source) updates to the end user (where an end user updating directly from Sane would have minimal delay - one that you can control depending on your choice and frequency of scheduled rsync checks) .

I might be wrong. But unfortunately i have no way of checking per testing to find the answers out our to prove my doubts unfounded. To that end i personally won't promote the alternative method but certainly your post is there for others to refer to if they wish.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply