Is Clam Antivirus SOSDG dead?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rebus
New user
New user
Posts: 8
Joined: 2006-08-31 03:00

Is Clam Antivirus SOSDG dead?

Post by rebus » 2006-08-31 04:24

I posted here http://www.hmailserver.com/forum/viewto ... 2962#32962 about a problem that seems to be unique to Windows Server 2003. Windows 2000 does not suffer the same.

Without repeating everything I wrote in the referenced thread, the short version is after an install, I can start clamd ONCE. After I stop it, it will not launch again. Not even after a reboot.

Frustratingly, it leaves no cludes in the clamd.log. clamd.exe begins to load, shows up in task manager, then Boom, it disappears. The only way to get it to launch again is uninstall and reinstall. It does not matter how clamd.exe is started-- manually from the command line, or as a service using startclamd -start (in the /thirdparty directory, after installing it with startclamd -install), or even with start-clamd.bat (and stop-clamd.bat).

Bottom line is, once it has run once and been shut down (gracefully by startclamd -stop, or using stop-clamd.bat, or forcefully by End Process Tree in Task Manager) the next time I try to start clamd it abruptly terminates as soon as it loads.

I checked the forum at SOSDG and it appears nobody is watching it anymore.

Help, please? Anyone else seeing this issue on Server 2003?

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2006-08-31 10:22

Hi rebus:

I am using Windows Server 2003 SP1 with SOSDG clamd without issues for more than 2 years. The problem you are mentioning does not appear here. I am using runclamd wich is a thirdparty service that takes care of the clamd daemon, and if it hangs or dies it is automatically killed and restarded (for me it works very well).

Now I am using SOSDG clamd version 0.88-3.1. But it seems Brian Burns SOSDG leader has stopped maintaining it. I see no activity on SOSDG forums and version 0.88-4 has not apeared.

So now I am testing the brand new Official Win32 Native port from Nigel Horne wich has just apeared this August on http://w32.clamav.net .

I've been testing (not on the server yet) it and works very well. It is maintained by one of the Clamav members so I figure it won't be easily abandoned. The version I am testing now is synched with CVS at 29-8-2006 so it is quite updated ;) and of course is 0.88-4. I have not been able to run clamscan, it gives errors, but clamd freshclam and clamdscan work nearly perfect for me.

In a few days or weeks I will try to glue it with hMailserver and see what happens.
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

mbreitba
Senior user
Senior user
Posts: 340
Joined: 2006-04-14 22:25

Post by mbreitba » 2006-08-31 10:42

We use ClamD in conjunction with SpamD on remote FreeBSD systems. We've found that this is the best solution, as it unloads all of the virus and spam scanning off of the actual mailserver.

I'm hoping to get a distro put out at some point in time that will ease the installation process for this, but right now I'm not very good at packaging BSD liveCD's, so it'll be a while...

rebus
New user
New user
Posts: 8
Joined: 2006-08-31 03:00

Post by rebus » 2006-08-31 17:59

iprat wrote:So now I am testing the brand new Official Win32 Native port from Nigel Horne wich has just apeared this August on http://w32.clamav.net .
Wow... thanks for the heads up on that. I installed and clamd/clamdscan seems to be working fine on Server 2003. (can't get clamscan to work, though). It's a shame the Win32 project has been so fragmented, at least until now. I think there would have been a lot more Win32 adoption if there was a central "official" project for it. Am glad to see Win32 being more accepted in the open source community now.

A nice ClamAV feature is it recognizes phishing emails. That is something McAfeeVS on our Imail/MXGuard platform has not offered.

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2006-08-31 18:26

rebus wrote:can't get clamscan to work, though
I couldn't make it work either.

I have been able to work with freshclam clamd and clamdscan. Clamscan fails with an strange temp error.
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

rebus
New user
New user
Posts: 8
Joined: 2006-08-31 03:00

Post by rebus » 2006-08-31 20:48

iprat wrote:I have been able to work with freshclam clamd and clamdscan. Clamscan fails with an strange temp error.
That's what I'm getting, too. Temp error and cannot open the db file. I've messed around with the temp file settings in .conf file with no luck.

If you're interested, check out http://www.sanesecurity.com/clamav/index.htm . It has 2 additional filters for ClamAV; one for phishing scams and one for some of the recent image-only spam. Clam already filters phishing scams, but this guy seems to believe they're a little behind so he writes his own add-on filters.

You'll need wget and gzip for Windows, but they are freely available. Run daily from a batch file. Log files from this afternoon indicate the phish files are working.

You can do a wget to check for newer def files, then make a copy to the /data directory and unpack. (-N downloads only if newer file is found) If you download directly to /data and unpack the original, the .gz file goes away and there will be nothing left to compare against when doing wget.

wget --tries=5 -N http://www.sanesecurity.com/clamav/phish.ndb.gz
wget --tries=5 -N http://www.sanesecurity.com/clamav/scam.ndb.gz

gzip -d -f C:\Progra~1\clamAV\data\phish.ndb.gz
gzip -d -f C:\Progra~1\clamAV\data\scam.ndb.gz



 

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2006-09-01 17:16

Hi everyone:

It seems we have someone very receptive to bug reports at http://w32.clamav.net

I posted the bug mentioned here and instantly got a workarrond yesterday and today we have a new build that solves it with some other RAR issues.

Big thanks to Nigel Horne, I obtained the same fast and efficient support with w32 clamav as with Martin with hMailserver.

Good job.

If no problem arise I'll probably make a test with the production server next week with the new w32.clamav.
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

rebus
New user
New user
Posts: 8
Joined: 2006-08-31 03:00

Post by rebus » 2006-09-01 18:00

Excellent. Thanks for the heads-up, iprat.

 

Aldoir
Normal user
Normal user
Posts: 59
Joined: 2005-12-01 12:20

Post by Aldoir » 2006-09-01 19:52

I'm using ClamAV in service mode (clamdService) and it is at least 10 times faster than using the standalone clamscan.

woyzeck
Normal user
Normal user
Posts: 74
Joined: 2005-10-18 21:35
Location: St. Paul, MN

Post by woyzeck » 2006-09-01 22:26

I'm using ClamAV in service mode (clamdService) and it is at least 10 times faster than using the standalone clamscan.
Are you using this with Hmailserver? In a test or production environment? Also, are you using it for commercial or personal use? I saw here http://www.bandsman.co.uk/clamav.htm that the "power tools" which includes clamdService is commercial software. Price?

I have noticed that it is pretty fast. I scanned some files individually with ClamAV (runing the clamdService) and also with SymantecAV and ah hem... ClamAV for Windows was much faster.

Woyzeck

woyzeck
Normal user
Normal user
Posts: 74
Joined: 2005-10-18 21:35
Location: St. Paul, MN

Post by woyzeck » 2006-09-13 23:37

BUMP


Anything new on this? I have been running this ClamAV with the clamdservice in a test enviroment by itself, not with hmailserver. Has anyone done this? Run into any problems? I have also noticed this in the freshclam logs:

ClamAV update process started at Tue Sep 12 16:55:27 2006
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/faq.html for an explanation.
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily-1861.cdiff [0]
Downloading daily-1862.cdiff [0]
Downloading daily-1863.cdiff [0]
Downloading daily-1864.cdiff [0]
Downloading daily-1865.cdiff [0]
Downloading daily-1866.cdiff [0]
Downloading daily-1867.cdiff [0]
Downloading daily-1868.cdiff [0]
Downloading daily-1869.cdiff [0]
Downloading daily-1870.cdiff [0]
Downloading daily-1871.cdiff [0]
Downloading daily-1872.cdiff [0]
Downloading daily-1873.cdiff [0]
daily.cvd updated (version: 1873, sigs: 4751, f-level: 8, builder: ccordes)
Database updated (68889 signatures) from db.UK.clamav.net (IP: 195.92.99.99)


Woyzeck

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Post by DFitch » 2006-09-24 06:19

Ive been using SOSDG and there still updating. :D

The current recommended release is: 0.88.4-1

http://www.sosdg.org/clamav-win32/

woyzeck
Normal user
Normal user
Posts: 74
Joined: 2005-10-18 21:35
Location: St. Paul, MN

Post by woyzeck » 2006-09-27 20:30

Ive been using SOSDG and there still updating.
Cool - thanks for the heads up. Time to switch back from ClamWin until ClamAV for Windows is in stable release.

Woyzeck

Post Reply