HOW TO run Clamwin and have a ClamAV system SERVICE

This section contains user-submitted tutorials.
Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2018-10-30 14:13

vortexofhate wrote:
2018-10-13 00:49
I have everything set up and it is working. I went to go change the definitions to use sanesecurity and they require rsync and recommend using cwRsync, well they no longer offer a free version by the looks of it so I was wondering if anyone had a recommended rysnc version to use?
I'm interested to see if anyone knows if there is an alternative to rsync that works with sanesecurity?
Or does anyone have the download from the old free version available at all?

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2018-10-30 14:52

Gordonh1970 wrote:
2018-10-30 14:13
vortexofhate wrote:
2018-10-13 00:49
I have everything set up and it is working. I went to go change the definitions to use sanesecurity and they require rsync and recommend using cwRsync, well they no longer offer a free version by the looks of it so I was wondering if anyone had a recommended rysnc version to use?
I'm interested to see if anyone knows if there is an alternative to rsync that works with sanesecurity?
Or does anyone have the download from the old free version available at all?
Never mind, I should have waited another hour before posting
I found a free version of rsync for windows at cnet.com https://download.cnet.com/cwRsync/3000- ... 65181.html
Seems as if I have it all setup and running again :D

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2018-11-09 21:43

CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

ricain
New user
New user
Posts: 25
Joined: 2014-11-12 21:37

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by ricain » 2019-10-04 22:36

Thanks for tutorial save my server with the service ;)

MarHMS
Normal user
Normal user
Posts: 136
Joined: 2015-12-11 17:10

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by MarHMS » 2019-10-27 05:02

I'm assuming Clamwin is no longer being updated. We are unable to update ClamAV to 0.101.4.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2019-10-27 08:45

MarHMS wrote:
2019-10-27 05:02
I'm assuming Clamwin is no longer being updated. We are unable to update ClamAV to 0.101.4.
You may post and ask on the clamwin forum or send an email to gianluigi (from netfarms). I last asked thus:
On 05/10/2018 11:13 PM, Jimimaseye wrote:

Hi Gianluigi

Our last conversation was about the possiblity of you updating the Clamwin offerings (as found on the Clamwin website) in line with your compilation/port of Clamav to your windows version (as found at http://oss.netfarm.it/clamav).  At the time (as you can see below) wou were waiting for version 0.100.0 to be released and as such I waited.

Unfortunately, although you have now compiled 0.100.0, the Clamwin port is now offering only 0.99.4 (offered in March).

I use both versions on our mail server to give a multithreaded service using CLAMD.exe (as provided by you) in conjunction with Clamwin front end and relies on the same versions.  Unfortunately the Clamwin versino is (once again) behind.

May I ask if either:

a,  in your repository you still have win32 (VS 2005 32bit build) of version 0.99.4 (clamav-win32-0.99.4.7z) OR
b,  would you be able to port/upgrade the official build of Clamwin (as found at https://sourceforge.net/projects/clamwin/files/clamwin/  ) to 0.100.0 ?


 11 May 2018 14:55:45 BST, Gianluigi Tiesi <sherpya@netfarm.it> replied :

Hi, you can pick old versions here:
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z
http://oss.netfarm.it/clamav/files/old/ ... -0.99.4.7z

I make clamav builds used in clamwin but the project is still ruled by Alex, I'll ask him to make the new rel

Regards

--
Gianluigi Tiesi <sherpya@netfarm.it>
EDP Project Leader
Netfarm
I think "Alex" is 'Alch' on the clamwin forum/project.
[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-01-02 14:24

5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

vortexofhate
New user
New user
Posts: 13
Joined: 2014-09-17 20:23
Location: Corona, CA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by vortexofhate » 2020-02-28 23:32

I was wondering if anyone has successfully installed v 0.102.1 x64?

I had the 0.99.4 installed but decided to update. I ended up uninstalling the software since I had the x86 version install so I was starting over from fresh. Every time I try to install the service I get the error of "The ordinal 210 could not be located in the dynamic link library E:|Program Files\ClamAV\clamd.exe"

Any suggestions?

I have tried uninstall and reinstalling again and it was not successful.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-02-28 23:35

You haven't used matching versions so it will not work. You need to match clamwin at 0.99.4.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

vortexofhate
New user
New user
Posts: 13
Joined: 2014-09-17 20:23
Location: Corona, CA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by vortexofhate » 2020-02-29 00:02

Even though the oos.netfarm.it they have version 0.102.1 listed?

I download the 0.102.1 from https://www.clamav.net/. So I thought you could use those version together and it should function?

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-02-29 00:49

No. That is not clamwin version. Clamwin version is found on clamwin website. Netfarm does not have clamwin.

I'm afraid deviation from my guide would results in problems (as you are now finding).

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SjoerdNLD
New user
New user
Posts: 5
Joined: 2019-04-03 22:50

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SjoerdNLD » 2020-05-28 22:56

I just extracted https://oss.netfarm.it/clamav/ version 0.102.1 to c:\clamav
followed attached readme.
Made one addition to clamd.conf: TemporaryDirectory c:\clamav\tmp
and added this dir to defender exclusions
set the service to auto and started.

opened hmailserver admin, and save config of clamav.
press test: working ok.

Can somebody tell me why clamwin is needed?
Attachments
README.7z
(1.76 KiB) Downloaded 1136 times

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-28 23:17

As the very first post states:
Clamwin doesnt come as a service. ClamAV does, but it doesnt have a usable GUI like Clamwin such as a system tray, on demand Scan in Context Menu and quarantine program.
Reading what is written will help understand why you are reading it. If you don't want clamwin then this thread is not for you and there is no point reading it.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

SjoerdNLD
New user
New user
Posts: 5
Joined: 2019-04-03 22:50

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SjoerdNLD » 2020-05-28 23:31

Fully agree with that. quarantaine doesnt work anyway, and the gui clamwin has more risk than advantages.
I recommend to NOT install clamwin, false positives can destroy your os and mailserver. (see http://forums.clamwin.com/viewtopic.php?p=18970#18970 )
Best to only install the fast clamav service to scan incoming mail, let defender or better handle the rest.
And the https://sanesecurity.com/usage/windows-scripts/ signatures

Thanks for clarifying that!

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-28 23:58

Amazing. The thread you write in your reasoning was written by me (on the clamwin forum) and, once again, referred to in the very first post. It also then goes on to say:
(More info: http://forums.clamwin.com/viewtopic.php?p=18970#18970 and http://forums.clamwin.com/viewtopic.php?t=4371).

MY ADVICE: If you choose to perform on-demand or periodical scans of your disks using Clamwin, I urge you to modify the configuration window ('Clamwin Preferences - General) to ensure you have:"Infected Files" set to "Report Only"
"Unload Infected Programs From Memory" - UNTICKED
But it also gives you other advice including refraining from using other solutions (especially Defender which is the worst). Your logic to say 'use clamav and not clamwin because clamwin can't be trusted is laughable. It's the same engine! In any case processes and practices have been improved since i reported that 'error' with Cisco Talos (who make it) being a lot more carefully on their definitions. So you either choose clamav (in whatever form you choose) because you trust it organs follow the specific implementation for hmailserver or simply uninstall and put your faith in something else. (No chance of Defender deleting windows files by accident - Defender don't detect anything!)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2020-05-30 11:50

@jimimaseye

Something that i came across today, not using ClamAV myself, but might be interesting to update sanesecurity databases without using rsync by adding them directly in freshclam.conf

Code: Select all

# Sanesecurity + Foxhole
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/shelter.ldb
taken from here
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2020-05-30 20:42

Cheers Ruud.

My only concern is this:

With the rsync method, it pulls in any updated definitions once an hour (thats the frequency Sane do their updates). Clam checks to detect if there is a change in the definitions every 10 minutes (ie, has rsync changed anything) and if it detects then it reloads the definitions in to memory.

However, the method you pointed to relies on 2 things:

1, that web server being available (it is 3rd party after all)
and having up to date definitions (Sane may have updated them within the last hour but has that repository been and reflected the changes? ) And
2, the method of loading them in to memory seems to (by the config file ) at time of service load. So who or what is going to reload the service to get the updated definitions? And how often?

In any case, even if that repository is update we don't know how often after Sane updated and so there will be a further delay between Sane (source) updates to the end user (where an end user updating directly from Sane would have minimal delay - one that you can control depending on your choice and frequency of scheduled rsync checks) .

I might be wrong. But unfortunately i have no way of checking per testing to find the answers out our to prove my doubts unfounded. To that end i personally won't promote the alternative method but certainly your post is there for others to refer to if they wish.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-03 13:20

Hello,

sorry for asking again the OP question. This thread is so huge, it's hard to extract the main answer.
And, first of all, from what I have understood from reading, the answer strongly depends on which ClamAV flavour is used.

Following internet information I found, I understood that ClamAV was bought by Cisco.
Using an official Cisco build seems to me to be the correct choice.
And Cisco provides a portable Version which doesn't need any installation. I prefer implanting ClamAV by copy'n'paste over running a setup.

But, is it really correct, that this version has no daemonizable clamd? Would I need to run clamd from task schedule or however?
clamd --daemon does not work. --help speaks about --foreground to explicitly force not to daemonize.

Confusing. Anybody able to help?

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-05-03 14:20

Well... News travel fast eh? :mrgreen:
The ClamAV project passed into the hands of Cisco in 2013 after the purchase of the Sourcefire company, which develops ClamAV and Snort.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-03 14:43

SorenR wrote:
2021-05-03 14:20
Well... News travel fast eh? :mrgreen:
We've been running ClamAV for years with a stone old daemonizable build, so no need to get new info. :wink:
Maybe it was called ClamWin, maybe not. There are dozens of flavours and forks, mingGW dependend and not. Who shall understand or remember this chaos over the years?

But now I want to choose a professional, commercial and agile maintained version. So once again my question:

Is it correct, that Cisco's clamd and freshclam has no windows style daemon part? Or did I miss or misunderstood something?

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by palinka » 2021-05-03 14:51

prisma wrote:
2021-05-03 14:43
Is it correct, that Cisco's clamd and freshclam has no windows style daemon part? Or did I miss something?
All true. But the very first post spells that out. :D

ClamAV clamd runs as a service. I finally broke down and upgraded to the latest clamAV and abandoned clamwin altogether in order to get definition updates.

However, clam seems to be pretty useless without Sane Security definitions. You'll have to read the whole thread to find the stuff pertaining to that. Its worth it, though.

MarHMS
Normal user
Normal user
Posts: 136
Joined: 2015-12-11 17:10

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by MarHMS » 2021-05-03 15:27

Are there any alternatives?

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-03 16:56

palinka wrote:
2021-05-03 14:51
All true. But the very first post spells that out. :D
Seen that, but Cisco calls its product clamAV, not clamWin. The OP tells us clamAV has a service part. Can't confirm that. Here I got the binaries from: https://www.clamav.net/
palinka wrote:
2021-05-03 14:51
However, clam seems to be pretty useless without Sane Security definitions. You'll have to read the whole thread to find the stuff pertaining to that. Its worth it, though.
Yeah, thanks. I've seen the server list. I'll have that in mind.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-03 18:10

This is what i am using, don't know what the consequences are for such project now Cisco has acquired ClamAV:

https://oss.netfarm.it/clamav/

Code: Select all

Running Clamd and FreshClam as services
import clamav.reg file
create C:\ClamAV and C:\ClamAV\db
put executables in C:\ClamAV
create freshclam.conf in C:\ClamAV
create clamd.conf in C:\ClamAV
install the service with (in Administrator cmd prompt): clamd.exe --install
launch freshclam.exe to download the virus database (run as service: freshclam.exe -install)
freshclam.conf

Code: Select all

DatabaseMirror database.clamav.net
DNSDatabaseInfo current.cvd.clamav.net
clamd.conf

Code: Select all

TCPSocket 3310
TCPAddr 127.0.0.1
MaxThreads 2
LogFile C:\ClamAV\clamd.log
DatabaseDirectory C:\ClamAV\db
As for ClamWin...no use for it, we have Windows Defender now!
Last edited by RvdH on 2021-05-03 18:18, edited 1 time in total.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-03 18:18

Thanks for info Ruud.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by mattg » 2021-05-03 23:49

Clam is useless +++ without the SaneSecurity definitions

I use CLam (on my Linux box) as part of my spamassassin tests, and score for stuff found by SaneSecurity, and little if anything else
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-04 10:12

mattg wrote:
2021-05-03 23:49
Clam is useless +++ without the SaneSecurity definitions

I use CLam (on my Linux box) as part of my spamassassin tests, and score for stuff found by SaneSecurity, and little if anything else
Yesterday I included SaneSecurity DatabaseCustomURLs mentioned above for testing purposes. Worked smoothly.
But I don't fully understand jimimaseye's concerns. freshclam checks for new definitions and notices clamd to reload (had to use 64-bit version, because 32-bit version throw a malloc() error during reloading definitions).

The only thing I see to improve would be to use https rather than http. If available.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-04 12:09

prisma wrote:
2021-05-04 10:12
mattg wrote:
2021-05-03 23:49
Clam is useless +++ without the SaneSecurity definitions

I use CLam (on my Linux box) as part of my spamassassin tests, and score for stuff found by SaneSecurity, and little if anything else
Yesterday I included SaneSecurity DatabaseCustomURLs mentioned above for testing purposes. Worked smoothly.
But I don't fully understand jimimaseye's concerns. freshclam checks for new definitions and notices clamd to reload (had to use 64-bit version, because 32-bit version throw a malloc() error during reloading definitions).

The only thing I see to improve would be to use https rather than http. If available.
This method?

Signatures seems to be offered over https:// as well, simply replace http:// with https:// :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-04 15:34

RvdH wrote:
2021-05-04 12:09

This method?

Signatures seems to be offered over https:// as well, simply replace http:// with https:// :mrgreen:
Yes, this method. Was to lazy to try it myself while writing. But thank you for the test. *thumbsup*

By the way, is this a good source for spamd binaries? https://www.jam-software.de/spamassassin
Any recommendations?

prisma
Senior user
Senior user
Posts: 325
Joined: 2010-07-09 13:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by prisma » 2021-05-04 17:04

prisma wrote:
2021-05-04 15:34
RvdH wrote:
2021-05-04 12:09

This method?

Signatures seems to be offered over https:// as well, simply replace http:// with https:// :mrgreen:
Yes, this method. Was to lazy to try it myself while writing. But thank you for the test. *thumbsup*
EDIT: No, https is not working. Not for us:

Code: Select all

WARNING: Download failed (60) WARNING:  Message: SSL peer certificate or SSH remote key was not OK
WARNING: Can't download junk.ndb from https://ftp.swin.edu.au/sanesecurity/junk.ndb
I suspect a missing openssl configuration. Sometimes it's just a missing ca-bundle.crt besides the executables.

Ruud, did you something special to get it work? Or did you do the test only with your browser? In my browser it works of course, but not with freshclam.exe

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-05-04 17:56

I have just had a good looooong look at my installation ... hMailServer 5.6.8 runs on Windows Server 2003 with 2GB RAM ... Yeah! 32 bit :roll:

The new ClamAV 103.2 32bit from Netfarm is using just over 1 GB RAM :shock:

So........... Killed ClamAV on the 2K3 Server, my BackupMX is running Windows Server 2019 Essential with 6GB RAM and is virtually doing nothing. It is now the new home of ClamAV.

The ClamAV that Ruud referred to is now installed (64bit plug-n-play) on the W2019 Server and test from hMailAdmin on W2K3 Server show connectivity.

Moving ClamAV however gave me another problem. My SpamAssassin is using a ClamAV plugin - yes emails are scanned twice - but after some digging I now have a solution.

The SpamAssassin ClamAV plugin was updated (ver 2.1) in 2017 to allow the use of Perl module ClamAV::Client ... The old plugin used the Perl module File::Scan::ClamAV and supported sockets or TCP on localhost only.

You may ask WHY do I scan files twice ... Well, no more than 10 minutes ago my server received an email that hMailServer says is clean but SpamAssassin says - X-Spam-Virus: Yes (Porcupine.Junk.40702.UNOFFICIAL(9503bd3aef746a857a71d39bd001380e:1653))
hMailServer and SpamAssassin both ask the same instance of ClamAV.

Code: Select all

Tue May  4 17:27:50 2021 -> Accepted connection from 192.168.0.5 on port 1564, fd 1808
Tue May  4 17:27:50 2021 -> Client disconnected (FD 1808)
Tue May  4 17:27:50 2021 -> stream(192.168.0.5@1564): OK
Tue May  4 17:27:50 2021 -> Accepted connection from 192.168.0.5 on port 1673, fd 1808
Tue May  4 17:27:50 2021 -> Client disconnected (FD 1808)
Tue May  4 17:27:50 2021 -> stream(192.168.0.5@1673): Eicar-Signature(62b97e1a78f740a95997f4b24f59ffd3:69) FOUND
Tue May  4 17:37:50 2021 -> SelfCheck: Database status OK.
Tue May  4 17:47:50 2021 -> SelfCheck: Database status OK.
Need I say more?

Files from my SpamAssassin attached.
Attachments
SA-ClamAV.rar
(12.62 KiB) Downloaded 853 times
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-05-04 18:05

prisma wrote:
2021-05-04 17:04
prisma wrote:
2021-05-04 15:34
RvdH wrote:
2021-05-04 12:09

This method?

Signatures seems to be offered over https:// as well, simply replace http:// with https:// :mrgreen:
Yes, this method. Was to lazy to try it myself while writing. But thank you for the test. *thumbsup*
EDIT: No, https is not working. Not for us:

Code: Select all

WARNING: Download failed (60) WARNING:  Message: SSL peer certificate or SSH remote key was not OK
WARNING: Can't download junk.ndb from https://ftp.swin.edu.au/sanesecurity/junk.ndb
I suspect a missing openssl configuration. Sometimes it's just a missing ca-bundle.crt besides the executables.

Ruud, did you something special to get it work? Or did you do the test only with your browser? In my browser it works of course, but not with freshclam.exe
There is an alternative way...

Windows script http://sanesecurity.com/usage/windows-scripts/
scroll down to ClamWin/ClamAV Sigupdate 0.8 beta - that's the one I use.

List of signatures to download http://sanesecurity.com/usage/signatures/
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-04 19:31

prisma wrote:
2021-05-04 17:04
Ruud, did you something special to get it work? Or did you do the test only with your browser? In my browser it works of course, but not with freshclam.exe
Whoops, sorry...i did simply it check within browser
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-04 19:45

SorenR wrote:
2021-05-04 17:56
You may ask WHY do I scan files twice ... Well, no more than 10 minutes ago my server received an email that hMailServer says is clean but SpamAssassin says - X-Spam-Virus: Yes (Porcupine.Junk.40702.UNOFFICIAL(9503bd3aef746a857a71d39bd001380e:1653))
You have to question if junk (Porcupine.Junk) detection qualifies as virus...or would spamassassin on itself have marked that message as spam (junk) as well

Porcupine.Junk != Virus :!:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-05-04 19:55

RvdH wrote:
2021-05-04 19:45
SorenR wrote:
2021-05-04 17:56
You may ask WHY do I scan files twice ... Well, no more than 10 minutes ago my server received an email that hMailServer says is clean but SpamAssassin says - X-Spam-Virus: Yes (Porcupine.Junk.40702.UNOFFICIAL(9503bd3aef746a857a71d39bd001380e:1653))
You have to question if junk (Porcupine.Junk) detection qualifies as virus...or would spamassassin on itself have marked that message as spam (junk) as well

Porcupine.Junk != Virus :!:
Regardless the spam/junk/virus ... should not hMailServer AND SpamAssassin receive the same reply from ClamAV?

Is this a virus??
Attachments
62554848.jpg
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-04 20:06

SorenR wrote:
2021-05-04 19:55
RvdH wrote:
2021-05-04 19:45
SorenR wrote:
2021-05-04 17:56
You may ask WHY do I scan files twice ... Well, no more than 10 minutes ago my server received an email that hMailServer says is clean but SpamAssassin says - X-Spam-Virus: Yes (Porcupine.Junk.40702.UNOFFICIAL(9503bd3aef746a857a71d39bd001380e:1653))
You have to question if junk (Porcupine.Junk) detection qualifies as virus...or would spamassassin on itself have marked that message as spam (junk) as well

Porcupine.Junk != Virus :!:
Regardless the spam/junk/virus ... should not hMailServer AND SpamAssassin receive the same reply from ClamAV?

Is this a virus??
That depends....how are both instances called compared to each other? Same params? Same 'Max Message Size to Scan' configures in HMS between virus/spam scans?
Or perhaps anything detected by unofficial sigs is returned differently? https://github.com/hmailserver/hmailser ... r.cpp#L117
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-05-04 20:36

RvdH wrote:
2021-05-04 20:06
SorenR wrote:
2021-05-04 19:55
RvdH wrote:
2021-05-04 19:45


You have to question if junk (Porcupine.Junk) detection qualifies as virus...or would spamassassin on itself have marked that message as spam (junk) as well

Porcupine.Junk != Virus :!:
Regardless the spam/junk/virus ... should not hMailServer AND SpamAssassin receive the same reply from ClamAV?

Is this a virus??
That depends....how are both instances called compared to each other? Same params? Same 'Max Message Size to Scan' configures in HMS between virus/spam scans?
Or perhaps anything detected by unofficial sigs is returned differently? https://github.com/hmailserver/hmailser ... r.cpp#L117
The message not even remotely close to the limit.
ClamAV will accept up to 100MB.
hMS scan up to 10MB
SA do not seem to have a limit.

ClamAV show result in log so it is not from picking up reply from ClamAV. It can only be the delivery of the email to ClamAV that do the difference.

SpamAssassin send message to ClamAV after OnSMTPData() and hMS send message to ClamAV just before OnDeliverMessage()...
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-04 20:45

SorenR wrote:
2021-05-04 20:36
RvdH wrote:
2021-05-04 20:06
SorenR wrote:
2021-05-04 19:55

Regardless the spam/junk/virus ... should not hMailServer AND SpamAssassin receive the same reply from ClamAV?

Is this a virus??
That depends....how are both instances called compared to each other? Same params? Same 'Max Message Size to Scan' configures in HMS between virus/spam scans?
Or perhaps anything detected by unofficial sigs is returned differently? https://github.com/hmailserver/hmailser ... r.cpp#L117
The message not even remotely close to the limit.
ClamAV will accept up to 100MB.
hMS scan up to 10MB
SA do not seem to have a limit.

ClamAV show result in log so it is not from picking up reply from ClamAV. It can only be the delivery of the email to ClamAV that do the difference.

SpamAssassin send message to ClamAV after OnSMTPData() and hMS send message to ClamAV just before OnDeliverMessage()...
LOG_DEBUG() :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by palinka » 2021-05-05 02:15

SorenR wrote:
2021-05-04 17:56
Files from my SpamAssassin attached.
Updated... Thanks.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-05-07 16:57

# Sanesecurity + Foxhole
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/fo ... eneric.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/fo ... lename.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/lott.ndb
# DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
# DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
# DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
# DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/shelter.ldb
I just checked this method, seems to work fine here using https
No SSL peer certificate or SSH remote key was not OK warning... maybe you should make TLS 1.2 OS default TLS version? This is a Server 2019 Standard instance

Code: Select all

junk.ndb is up to date (version: custom database)
jurlbl.ndb is up to date (version: custom database)
phish.ndb is up to date (version: custom database)
rogue.hdb is up to date (version: custom database)
sanesecurity.ftm is up to date (version: custom database)
sigwhitelist.ign2 is up to date (version: custom database)
scam.ndb is up to date (version: custom database)
spamimg.hdb is up to date (version: custom database)
spamattach.hdb is up to date (version: custom database)
blurl.ndb is up to date (version: custom database)
foxhole_generic.cdb is up to date (version: custom database)
foxhole_filename.cdb is up to date (version: custom database)
foxhole_js.cdb is up to date (version: custom database)
foxhole_js.ndb is up to date (version: custom database)
foxhole_all.cdb is up to date (version: custom database)
foxhole_all.ndb is up to date (version: custom database)
badmacro.ndb is up to date (version: custom database)
lott.ndb is up to date (version: custom database)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

bd9999
New user
New user
Posts: 10
Joined: 2021-06-01 09:47

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by bd9999 » 2021-06-01 19:47

Anyone have a suggestion as to alternatives to Clam for hMail (that work well with hMail)?

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2021-06-08 09:58

CLAMWIN has upgraded to 0.103.2.1

The assocociated ClamD is attached.
ClamD_0.103.2.zip
(66.29 KiB) Downloaded 1060 times
(Archive from netfarm is https://oss.netfarm.it/clamav/files/old ... 0.103.2.7z)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gotspatel
Senior user
Senior user
Posts: 347
Joined: 2013-10-08 05:42
Location: INDIA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by gotspatel » 2021-06-24 10:43

Just a heads up

The latest stable release is 0.103.3

https://www.clamav.net/download.html

https://oss.netfarm.it/clamav/

CHANGELOG HERE

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2021-06-24 12:04

gotspatel wrote:
2021-06-24 10:43
Just a heads up

The latest stable release is 0.103.3

https://www.clamav.net/download.html

https://oss.netfarm.it/clamav/

CHANGELOG HERE
This thread is about clamwin. Clamwin is still at 0.103.2.1.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2021-06-24 12:49

jimimaseye wrote:
2021-06-24 12:04
gotspatel wrote:
2021-06-24 10:43
Just a heads up

The latest stable release is 0.103.3

https://www.clamav.net/download.html

https://oss.netfarm.it/clamav/

CHANGELOG HERE
This thread is about clamwin. Clamwin is still at 0.103.2.1.
I had to upgrade yesterday as I discovered FreshClam was failing...

Code: Select all

Wed Jun 23 11:33:36 2021 -> ClamAV update process started at Wed Jun 23 11:33:36 2021
Wed Jun 23 11:33:36 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:33:36 2021 -> DNS Resolver (dnsapi): Querying current.cvd.clamav.net
Wed Jun 23 11:33:36 2021 -> TTL: 1799
Wed Jun 23 11:33:36 2021 -> fc_dns_query_update_info: Software version from DNS: 0.103.3
Wed Jun 23 11:33:36 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Jun 23 11:33:36 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3
Wed Jun 23 11:33:36 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Jun 23 11:33:36 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:33:36 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:33:36 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:33:36 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:33:52 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:52 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:52 2021 -> downloadFile: Download destination: .\clamav-b781eff068db5e64436a4b0e60e0f872.tmp
Wed Jun 23 11:33:54 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> downloadFile: Download destination: .\clamav-d27d2a0c4c46e4690d90ab36aba5551e.tmp
Wed Jun 23 11:33:54 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> downloadFile: Download destination: .\clamav-f7aa9bb171f342ac5f1c14c68e2e96a4.tmp
Wed Jun 23 11:33:54 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:33:54 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:33:54 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:33:54 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:33:54 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-95adc058543f1463a8fa9532794e6db7.tmp
Wed Jun 23 11:33:54 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:33:54 2021 -> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:33:55 2021 -> Trying again in 5 secs...
Wed Jun 23 11:34:00 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:34:00 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:34:00 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:34:02 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download destination: .\clamav-ab7893996ef4a39020559bd9108f5961.tmp
Wed Jun 23 11:34:02 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download destination: .\clamav-9194e5940cccf94e15fddd3d5eb31900.tmp
Wed Jun 23 11:34:02 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> downloadFile: Download destination: .\clamav-3b71269cb39d2c516df1521632cda77c.tmp
Wed Jun 23 11:34:02 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:02 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:34:02 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:02 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:02 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-3b6a7ef840d88cf8b363da834357ac9f.tmp
Wed Jun 23 11:34:02 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:02 2021 -> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:02 2021 -> Trying again in 5 secs...
Wed Jun 23 11:34:07 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:34:07 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:34:07 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:34:09 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download destination: .\clamav-6e37ad926c5be0e0871d0b07c3a29367.tmp
Wed Jun 23 11:34:09 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download destination: .\clamav-2edfdc8228230f0da4f64087c08202da.tmp
Wed Jun 23 11:34:09 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> downloadFile: Download destination: .\clamav-3b5a378356663070461c69364beb26a9.tmp
Wed Jun 23 11:34:09 2021 -> ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> ERROR: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:09 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:34:09 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:09 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:09 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-3d1fa57c15164cc03529af03a59d5806.tmp
Wed Jun 23 11:34:09 2021 -> ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:09 2021 -> ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:10 2021 -> Giving up on https://database.clamav.net...
Wed Jun 23 11:34:10 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:34:10 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:34:10 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:34:11 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download destination: .\clamav-daa7c5384ac91a033d065af0a42d5dfc.tmp
Wed Jun 23 11:34:11 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download destination: .\clamav-1178729decbaff0a0deca8fbd5f0db45.tmp
Wed Jun 23 11:34:11 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> downloadFile: Download destination: .\clamav-aedd47eb8d01a66f230bc1dcfdd9b772.tmp
Wed Jun 23 11:34:11 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:11 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:34:11 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:11 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:11 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-031564fc4863b0020a09a6830f7e9379.tmp
Wed Jun 23 11:34:11 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:11 2021 -> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:12 2021 -> Trying again in 5 secs...
Wed Jun 23 11:34:17 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:34:17 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:34:17 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:34:18 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:18 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:18 2021 -> downloadFile: Download destination: .\clamav-24d59cb818bb9adef94b819d320df764.tmp
Wed Jun 23 11:34:19 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> downloadFile: Download destination: .\clamav-92a8a487d6353685e997e320b5c2359a.tmp
Wed Jun 23 11:34:19 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> downloadFile: Download destination: .\clamav-44b861f34f00234f3aba3f72c31c7f43.tmp
Wed Jun 23 11:34:19 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:19 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:34:19 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:19 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:19 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-06ade2b808e6cfe362b87d2999e1cb8f.tmp
Wed Jun 23 11:34:19 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:19 2021 -> WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:19 2021 -> Trying again in 5 secs...
Wed Jun 23 11:34:24 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:34:24 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:34:24 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:34:26 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> downloadFile: Download destination: .\clamav-7466e86d899c7ac306ad1f8bf38aeeff.tmp
Wed Jun 23 11:34:26 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:26 2021 -> downloadFile: Download destination: .\clamav-b61ebc3b5126d575f776458afcd9e6e5.tmp
Wed Jun 23 11:34:27 2021 -> WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> WARNING: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> downloadFile: Download destination: .\clamav-8cbae5c2ab187b2e52873e5a14f315bc.tmp
Wed Jun 23 11:34:27 2021 -> ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> ERROR: getpatch: Can't download daily-26192.cdiff from https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:34:27 2021 -> WARNING: Incremental update failed, trying to download daily.cvd
Wed Jun 23 11:34:27 2021 -> Retrieving https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:27 2021 -> downloadFile: Download source:      https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:27 2021 -> downloadFile: Download destination: C:\ClamAV\Data\tmp.1051367984\clamav-92c9fdcf5b4776efa81db2f3afe0b720.tmp
Wed Jun 23 11:34:27 2021 -> ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:27 2021 -> ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Wed Jun 23 11:34:27 2021 -> Giving up on https://database.clamav.net...
Wed Jun 23 11:34:27 2021 -> ERROR: Update failed for database: daily
Wed Jun 23 11:34:27 2021 -> WARNING: fc_update_databases: fc_update_database failed: HTTP GET failed (11)
Wed Jun 23 11:34:27 2021 -> ERROR: Database update process failed: HTTP GET failed (11)
Wed Jun 23 11:34:27 2021 -> ERROR: Update failed.
Wed Jun 23 11:41:26 2021 -> --------------------------------------
Wed Jun 23 11:41:26 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:41:26 2021 -> Can't open freshclam.dat in C:\ClamAV\Data
Wed Jun 23 11:41:26 2021 -> It probably doesn't exist yet. That's ok.
Wed Jun 23 11:41:26 2021 -> Failed to load freshclam.dat; will create a new freshclam.dat
Wed Jun 23 11:41:26 2021 -> Creating new freshclam.dat
Wed Jun 23 11:41:26 2021 -> Saved freshclam.dat
Wed Jun 23 11:41:26 2021 -> ClamAV update process started at Wed Jun 23 11:41:26 2021
Wed Jun 23 11:41:26 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:41:26 2021 -> DNS Resolver (dnsapi): Querying current.cvd.clamav.net
Wed Jun 23 11:41:26 2021 -> TTL: 1328
Wed Jun 23 11:41:26 2021 -> fc_dns_query_update_info: Software version from DNS: 0.103.3
Wed Jun 23 11:41:26 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:41:26 2021 -> check_for_new_database_version: Local copy of daily found: daily.cld.
Wed Jun 23 11:41:26 2021 -> query_remote_database_version: daily.cvd version from DNS: 26209
Wed Jun 23 11:41:26 2021 -> daily database available for update (local version: 26191, remote version: 26209)
Wed Jun 23 11:41:28 2021 -> Retrieving https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:41:28 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26192.cdiff
Wed Jun 23 11:41:28 2021 -> downloadFile: Download destination: .\clamav-53dc98a1862044497d789de380ea4c3f.tmp
Wed Jun 23 11:41:31 2021 -> cdiff_apply: Parsed 376 lines and executed 376 commands
Wed Jun 23 11:41:31 2021 -> Retrieving https://database.clamav.net/daily-26193.cdiff
Wed Jun 23 11:41:31 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26193.cdiff
Wed Jun 23 11:41:31 2021 -> downloadFile: Download destination: .\clamav-e4964aa2b107072698334d31bb8fba64.tmp
Wed Jun 23 11:41:33 2021 -> cdiff_apply: Parsed 425 lines and executed 425 commands
Wed Jun 23 11:41:33 2021 -> Retrieving https://database.clamav.net/daily-26194.cdiff
Wed Jun 23 11:41:33 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26194.cdiff
Wed Jun 23 11:41:33 2021 -> downloadFile: Download destination: .\clamav-99d610c396d2d4bc4de4c7939dfd420f.tmp
Wed Jun 23 11:41:34 2021 -> cdiff_apply: Parsed 157 lines and executed 157 commands
Wed Jun 23 11:41:34 2021 -> Retrieving https://database.clamav.net/daily-26195.cdiff
Wed Jun 23 11:41:34 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26195.cdiff
Wed Jun 23 11:41:34 2021 -> downloadFile: Download destination: .\clamav-a69313ee26c2b0f92a8efca4d02efea6.tmp
Wed Jun 23 11:41:35 2021 -> cdiff_apply: Parsed 551 lines and executed 551 commands
Wed Jun 23 11:41:35 2021 -> Retrieving https://database.clamav.net/daily-26196.cdiff
Wed Jun 23 11:41:35 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26196.cdiff
Wed Jun 23 11:41:35 2021 -> downloadFile: Download destination: .\clamav-408f3ff890a80b8cce8f20f1796a3e78.tmp
Wed Jun 23 11:41:36 2021 -> cdiff_apply: Parsed 562 lines and executed 562 commands
Wed Jun 23 11:41:36 2021 -> Retrieving https://database.clamav.net/daily-26197.cdiff
Wed Jun 23 11:41:36 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26197.cdiff
Wed Jun 23 11:41:36 2021 -> downloadFile: Download destination: .\clamav-24a53c54245625b11f6710aee80ad656.tmp
Wed Jun 23 11:41:37 2021 -> cdiff_apply: Parsed 385 lines and executed 385 commands
Wed Jun 23 11:41:37 2021 -> Retrieving https://database.clamav.net/daily-26198.cdiff
Wed Jun 23 11:41:37 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26198.cdiff
Wed Jun 23 11:41:37 2021 -> downloadFile: Download destination: .\clamav-c437cdf76c13d92337c95dbadc71a04c.tmp
Wed Jun 23 11:41:38 2021 -> cdiff_apply: Parsed 206 lines and executed 206 commands
Wed Jun 23 11:41:38 2021 -> Retrieving https://database.clamav.net/daily-26199.cdiff
Wed Jun 23 11:41:38 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26199.cdiff
Wed Jun 23 11:41:38 2021 -> downloadFile: Download destination: .\clamav-f7105a40455aa45458e3b85c5ac79b97.tmp
Wed Jun 23 11:41:39 2021 -> cdiff_apply: Parsed 313 lines and executed 313 commands
Wed Jun 23 11:41:39 2021 -> Retrieving https://database.clamav.net/daily-26200.cdiff
Wed Jun 23 11:41:39 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26200.cdiff
Wed Jun 23 11:41:39 2021 -> downloadFile: Download destination: .\clamav-38c91424b91dc85c318549adc964326d.tmp
Wed Jun 23 11:41:40 2021 -> cdiff_apply: Parsed 244 lines and executed 244 commands
Wed Jun 23 11:41:40 2021 -> Retrieving https://database.clamav.net/daily-26201.cdiff
Wed Jun 23 11:41:40 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26201.cdiff
Wed Jun 23 11:41:40 2021 -> downloadFile: Download destination: .\clamav-c9229e7671c38a0849e71bbe72d80ec5.tmp
Wed Jun 23 11:41:41 2021 -> cdiff_apply: Parsed 402 lines and executed 402 commands
Wed Jun 23 11:41:41 2021 -> Retrieving https://database.clamav.net/daily-26202.cdiff
Wed Jun 23 11:41:41 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26202.cdiff
Wed Jun 23 11:41:41 2021 -> downloadFile: Download destination: .\clamav-f5b3f39fee46cbb2547c73526822d4aa.tmp
Wed Jun 23 11:41:41 2021 -> cdiff_apply: Parsed 373 lines and executed 373 commands
Wed Jun 23 11:41:41 2021 -> Retrieving https://database.clamav.net/daily-26203.cdiff
Wed Jun 23 11:41:41 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26203.cdiff
Wed Jun 23 11:41:41 2021 -> downloadFile: Download destination: .\clamav-f0831cf527b18e41639a1534c4dbf5de.tmp
Wed Jun 23 11:41:42 2021 -> cdiff_apply: Parsed 601 lines and executed 601 commands
Wed Jun 23 11:41:42 2021 -> Retrieving https://database.clamav.net/daily-26204.cdiff
Wed Jun 23 11:41:42 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26204.cdiff
Wed Jun 23 11:41:42 2021 -> downloadFile: Download destination: .\clamav-ea80f419da62d1eb89e627ed8528edc6.tmp
Wed Jun 23 11:41:44 2021 -> cdiff_apply: Parsed 812 lines and executed 812 commands
Wed Jun 23 11:41:44 2021 -> Retrieving https://database.clamav.net/daily-26205.cdiff
Wed Jun 23 11:41:44 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26205.cdiff
Wed Jun 23 11:41:44 2021 -> downloadFile: Download destination: .\clamav-9323677cee131655d9ce48dabde322e8.tmp
Wed Jun 23 11:41:45 2021 -> cdiff_apply: Parsed 308 lines and executed 308 commands
Wed Jun 23 11:41:45 2021 -> Retrieving https://database.clamav.net/daily-26206.cdiff
Wed Jun 23 11:41:45 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26206.cdiff
Wed Jun 23 11:41:45 2021 -> downloadFile: Download destination: .\clamav-f30a023edc34cb2f494798b4f8a5afb5.tmp
Wed Jun 23 11:41:46 2021 -> cdiff_apply: Parsed 420 lines and executed 420 commands
Wed Jun 23 11:41:46 2021 -> Retrieving https://database.clamav.net/daily-26207.cdiff
Wed Jun 23 11:41:46 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26207.cdiff
Wed Jun 23 11:41:46 2021 -> downloadFile: Download destination: .\clamav-dbd611c0c419cfd350a4f9a640693ad4.tmp
Wed Jun 23 11:41:47 2021 -> cdiff_apply: Parsed 266 lines and executed 266 commands
Wed Jun 23 11:41:47 2021 -> Retrieving https://database.clamav.net/daily-26208.cdiff
Wed Jun 23 11:41:47 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26208.cdiff
Wed Jun 23 11:41:47 2021 -> downloadFile: Download destination: .\clamav-9430ab76618d0adc55e6fdbe88f38c8a.tmp
Wed Jun 23 11:41:47 2021 -> cdiff_apply: Parsed 532 lines and executed 532 commands
Wed Jun 23 11:41:47 2021 -> Retrieving https://database.clamav.net/daily-26209.cdiff
Wed Jun 23 11:41:47 2021 -> downloadFile: Download source:      https://database.clamav.net/daily-26209.cdiff
Wed Jun 23 11:41:47 2021 -> downloadFile: Download destination: .\clamav-ea85ed513018e6b707b14a52295282e3.tmp
Wed Jun 23 11:41:49 2021 -> cdiff_apply: Parsed 276 lines and executed 276 commands
Wed Jun 23 11:41:50 2021 -> updatedb: Running g_cb_download_complete callback...
Wed Jun 23 11:41:50 2021 -> download_complete_callback: Download complete for database : C:\ClamAV\Data\tmp.509edad6b0\clamav-1acac0e82244b773dacb85f3094e3fa8.tmp-daily.cld
Wed Jun 23 11:41:50 2021 -> download_complete_callback:   fc_context->bTestDatabases   : 1
Wed Jun 23 11:41:50 2021 -> download_complete_callback:   fc_context->bBytecodeEnabled : 1
Wed Jun 23 11:41:50 2021 -> Testing database: 'C:\ClamAV\Data\tmp.509edad6b0\clamav-1acac0e82244b773dacb85f3094e3fa8.tmp-daily.cld' ...
Wed Jun 23 11:41:50 2021 -> Loading signatures from C:\ClamAV\Data\tmp.509edad6b0\clamav-1acac0e82244b773dacb85f3094e3fa8.tmp-daily.cld
Wed Jun 23 11:42:02 2021 -> Properly loaded 3992031 signatures from C:\ClamAV\Data\tmp.509edad6b0\clamav-1acac0e82244b773dacb85f3094e3fa8.tmp-daily.cld
Wed Jun 23 11:42:03 2021 -> Database test passed.
Wed Jun 23 11:42:04 2021 -> daily.cld updated (version: 26209, sigs: 3992031, f-level: 63, builder: raynman)
Wed Jun 23 11:42:04 2021 -> fc_update_database: daily.cld updated.
Wed Jun 23 11:42:04 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:42:04 2021 -> check_for_new_database_version: Local copy of main found: main.cvd.
Wed Jun 23 11:42:04 2021 -> query_remote_database_version: main.cvd version from DNS: 59
Wed Jun 23 11:42:04 2021 -> main.cvd database is up-to-date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Wed Jun 23 11:42:04 2021 -> fc_update_database: main.cvd already up-to-date.
Wed Jun 23 11:42:04 2021 -> Current working dir is C:\ClamAV\Data\
Wed Jun 23 11:42:04 2021 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cvd.
Wed Jun 23 11:42:04 2021 -> query_remote_database_version: bytecode.cvd version from DNS: 333
Wed Jun 23 11:42:04 2021 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Jun 23 11:42:04 2021 -> fc_update_database: bytecode.cvd already up-to-date.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

gotspatel
Senior user
Senior user
Posts: 347
Joined: 2013-10-08 05:42
Location: INDIA

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by gotspatel » 2021-06-24 13:06

jimimaseye wrote:
2021-06-24 12:04


This thread is about clamwin. Clamwin is still at 0.103.2.1.
MY BAD. :oops:

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-06-24 13:34

jimimaseye wrote:
2021-06-24 12:04
gotspatel wrote:
2021-06-24 10:43
Just a heads up

The latest stable release is 0.103.3

https://www.clamav.net/download.html

https://oss.netfarm.it/clamav/

CHANGELOG HERE
This thread is about clamwin. Clamwin is still at 0.103.2.1.
ClamWin is useless :mrgreen:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by katip » 2021-06-24 14:07

RvdH wrote:
2021-06-24 13:34
ClamWin is useless :mrgreen:
thread is actually about kinda hybrid ClamWin.
IMO netfarm or original port with a service wrapper is the true companion to HMS.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-06-24 14:14

katip wrote:
2021-06-24 14:07
RvdH wrote:
2021-06-24 13:34
ClamWin is useless :mrgreen:
thread is actually about kinda hybrid ClamWin.
IMO netfarm or original port with a service wrapper is the true companion to HMS.
No it isn't.... ClamAV is the true companion, once you have ClamAV there is no need for ClamWin and you are stupid if you enable both ClamAV and ClamWin within hMailServer (as you are scanning with the same engine)
Besides that ClawWin had no Realtime virus detection, hence my claim it is useless to be qualified as a 'real' antivirus solution
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by katip » 2021-06-24 14:51

RvdH wrote:
2021-06-24 14:14
katip wrote:
2021-06-24 14:07
RvdH wrote:
2021-06-24 13:34
ClamWin is useless :mrgreen:
thread is actually about kinda hybrid ClamWin.
IMO netfarm or original port with a service wrapper is the true companion to HMS.
No it isn't.... ClamAV is the true companion,
what'd i say :lol: ?
unless one uses "real" ClamAV on a seperate Linux VM/box, ClamAV from Netfarm or from clamav.net is the true companion, i meant.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-06-24 14:54

👍
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by palinka » 2021-06-24 15:21

If you like your clamwin, you can keep your clamwin...

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2021-06-24 15:39

I dont understand why comparisons are being made between Clamwin with this additional service (the point of the thread) and ClamAV and concluding that ClamAV is better.

They are the same engine, the same definitions, running the same methods (ie, as a service). However, as pointed out in the opening thread, Clamwin has extra benefits such as a system tray, on demand Scan in Context Menu and quarantine program.

If you want the ease of 'mouse point and click' actions from your desktop interface then you use Clamwin. If you are happy with fiddly command line stuff and back end file scanning for Hmailserver then use ClamAV.

You simply cant make comparisons - they are designed to be ran differently but provide the same protection (whatever, and however, that is).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by RvdH » 2021-06-24 15:55

jimimaseye wrote:
2021-06-24 15:39
I dont understand why comparisons are being made between Clamwin with this additional service (the point of the thread) and ClamAV and concluding that ClamAV is better.

They are the same engine, the same definitions, running the same methods (ie, as a service). However, as pointed out in the opening thread, Clamwin has extra benefits such as a system tray, on demand Scan in Context Menu and quarantine program.

If you want the ease of 'mouse point and click' actions from your desktop interface then you use Clamwin. If you are happy with fiddly command line stuff and back end file scanning for Hmailserver then use ClamAV.

You simply cant make comparisons - they are designed to be ran differently but provide the same protection (whatever, and however, that is).
Maybe because this guide is overcomplicated combining ClamWin (Crap!) and ClamAV (Usefull!)
This guide never made much sense to me anyway....why would a sane person install ClamWin if only ClamAV is needed?

But hey...that just my opinion :wink:
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by palinka » 2021-06-24 16:37

RvdH wrote:
2021-06-24 15:55
why would a sane person install ClamWin if only ClamAV is needed?
You're going to have to show me your "needed police" badge, sonny... :mrgreen:

I had this implemented for a long time before switching to clamav only. I never used clamwin once. All it ever did was give me useless notifications about being updated once a week or whatever (was using sanesec definitions - no update balloon from rsync, of course). However, there is a system outside of hmailserver. Even though I (maybe you as well) use/used MS defender for antivirus doesn't mean nobody should have any choice in the matter. And that's the whole point of the thread.

Are you anti-choice? :lol:

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2021-06-24 17:06

RvdH wrote:
2021-06-24 15:55
.why would a sane person install ClamWin if only ClamAV is needed?
That's exactly the point I was making. If you only want clamAV (for protecting hmailserver) then you only install clamAV. If you only want to clamwin (maybe you use it for other on demand system scanning just as Palinka said) then you install clamwin. If you want both (on demand scanning and hmailserver protection) then this thread is for you. Clamwin does not give clamav capability. Similarly clamAV does not give clamwin capability.

Horses for courses.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by katip » 2021-06-24 19:44

i hardly remember my first experiences with ClamWin, it must have been times when i was using Mercury and looking for an on demand scanner (i remember F-Prot very well and used it a lot).
then i came across to Nico's (tBB) ClamAV windows port (unique then), command line only, slim and portable, service wrapper friendly, very fast. Nico suddenly vanished after some time, since then my HMS companion have been Netfarm builds. currently my ClamAV runs on an Ubuntu VM (along with SA).
in fact i don't underrate this hybrid approach, but it really looks useless to me when there are those command line only builds - not to mention my "portable" passion - suitable for my server setup style. that's just my opinion, YMMV with different setup habits and needs.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

madbadger
New user
New user
Posts: 11
Joined: 2014-09-11 15:53
Location: Ajax, Ontario, Canada

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by madbadger » 2021-10-31 18:40

I have followed the instructions and verified both versions are the same, however when executing the ClamAV test I receive the following error:
"Virus detection failed. Reason:Could not send file c:\Program Files (x86)\hmailserver\Data\{545A8D10-C1Cf-442F-963C-075974921A24}.eml via socket since it does not exist.
The "ClamWin Free Antivirus Scanner Service is running.
Thanks

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by palinka » 2021-10-31 20:29

madbadger wrote:
2021-10-31 18:40
I have followed the instructions and verified both versions are the same, however when executing the ClamAV test I receive the following error:
"Virus detection failed. Reason:Could not send file c:\Program Files (x86)\hmailserver\Data\{545A8D10-C1Cf-442F-963C-075974921A24}.eml via socket since it does not exist.
The "ClamWin Free Antivirus Scanner Service is running.
Thanks
message doesn't exist could be that it was deleted by script or it could be antivirus interference.

madbadger
New user
New user
Posts: 11
Joined: 2014-09-11 15:53
Location: Ajax, Ontario, Canada

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by madbadger » 2021-10-31 20:48

Thanks. Turned off Defender and all OK.
Test Successful.

Post Reply