HOW TO run Clamwin and have a ClamAV system SERVICE

This section contains user-submitted tutorials.
alescan
Normal user
Normal user
Posts: 66
Joined: 2014-11-11 17:29
Location: Italy
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by alescan » 2015-11-24 16:41

Ok. Everything's right. It was my mistake.

Thank you
HMS 5.6.8 B2538 on Win Server 2016 Standard with SQL Server 2019

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2015-11-24 17:02

No worries. I have modified the instructions to emphasise your Location choices.

Dont forget to follow the instructions to the last paragraph and the post it refers to to supplement the definitions.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

andgregor
New user
New user
Posts: 3
Joined: 2015-11-05 13:27

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by andgregor » 2015-11-25 19:03

I have setup the latest version of clamd / clamdscan and using it as an External virus scanner. I only seem to get 0 (zero) back as a result, regardless of the attachment.

It does occasionally strip virus attachments from the email, have yet to get a qualified 'virus found' email.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2015-11-26 14:25

Well that's a contradiction:
It does occasionally strip virus attachments from the email, have yet to get a qualified 'virus found' email.
but then you say:
I only seem to get 0 (zero) back as a result
If you are occasionally getting attachment 'viruses' stripped, then it is working as it is intended to. Whether its working EFFECTIVELY depends on whether you are using ONLY ClamAV definitions or whether you have followed my recommendations at the foot of my installation post (see the link) and supplemented them (with Sane definitions). If you dont supplement it, then your results do not surprise me.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2016-01-29 16:07

I love this solution, really well explained and works well without requiring lots of additional applications etc :)

My only question is:

As ClamWin has moved on to v0.99, does anyone have an up-to-date version of the clamd.exe and clamd.conf files from http://oss.netfarm.it/clamav/ ?

At the moment I'm staying on ClamWin v0.98.7 to try and make this continue working


FYI I have the programs installed in the default directories, when I edited the clamd.conf file with your values of:

LogFile %ProgramFiles(x86)%\ClamWin\bin\clamd.log
DatabaseDirectory C:\ProgramData\.clamwin\db

The service wouldn't start

Putting the full filename in for the LogFile fixed the issue (Windows Server 2008 r2)

LogFile c:\Program Files (x86)\ClamWin\bin\clamd.log
DatabaseDirectory C:\ProgramData\.clamwin\db

That was the only change I made, not sure why it was necessary but it did the job

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-01-29 16:19

Yes Clamwin is still on 0.98.7 so you are advised to state on that until they move CLamd to 0.99 to match. (Theres not that much difference apart from ability to run YARA rules - but without 3rd party definitions clam defs are pretty useless anyway and 0.98.7 is very sufficient from realtime mail scanning threats (with sanesecurity definitions).

I have recently asked 'sherpya' (the provider of oss.netfarm) about the port up but so far there is no movement. The irony is that he is the same man that does the port of Clamav to Clamwin. :/ (See this post and the next 5 or 6 to see discussions on this, the inclusion of Clamd as I have posted here, and his involvement: http://forums.clamwin.com/viewtopic.php?p=18858#18858).

I will checkout your warning about using the %programfile 86% variable, thanks. If I see it causes problems then I will amend the writeup to use actual pathnames rather than the variable.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-01-29 20:18

Gordonh1970 wrote: LogFile %ProgramFiles(x86)%\ClamWin\bin\clamd.log
DatabaseDirectory C:\ProgramData\.clamwin\db

The service wouldn't start

Putting the full filename in for the LogFile fixed the issue (Windows Server 2008 r2)

LogFile c:\Program Files (x86)\ClamWin\bin\clamd.log
DatabaseDirectory C:\ProgramData\.clamwin\db

That was the only change I made, not sure why it was necessary but it did the job
I have tested and confirmed your findings. I have modified the original installation guide to reflect this. Thanks for the feedback.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2016-01-31 15:36

You're very welcome

Thank you once again for providing such a good setup and such a good write up of how to do this :)

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-01-31 18:37

Good stuff.

Out of interest, have you supplemented the definitions with Sanesecurity (as I recommended)? And did you see the instruction about limiting the maximum size? (see point (8) in the instructions - I recently added that and not sure if it would have been there after your implementation)?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2016-02-07 14:12

jimimaseye wrote: Out of interest, have you supplemented the definitions with Sanesecurity (as I recommended)? And did you see the instruction about limiting the maximum size? (see point (8) in the instructions - I recently added that and not sure if it would have been there after your implementation)?
Yes I did. I made sure everything else was workjing first then added the Sansecurity bits and changed the max file size

The instructions to get the sansecurity bit installed were somewhat lacking in clarity but I got there in the end, the batch file and automating those was very easy (the same as I use for MySQL backps scripts), once I'd added their locations to my PATH file. Rsync was the biggest pain, it looks to me like the instructions are much more of a Linux setup, but I did get there :)

I did have to:

uncomment this section:

rem set db=C:\ProgramData\.clamwin\db\


As it didn't find my Clamwin setup (it's all in the default locations)

But once I got that done, it was up and running smoothly

Tip for those using Windows Task Scheduler to setup the Sansecurity update - don't try and schedule a task every hour, it won't give you that option in Task Scheduler, instead set a - One Time Task - Repeat Task every "1 hour" - for a duration of "Indefinitely". Basic I know but operator ignorance on my part meant I spent half an hour working this one out ! I think I should have had more coffee that morning

So my installation, which I am now very happy with, is as follows:

Operating System - Windows Server 2008 R2 on a Hosted VPS (1and1)
Database - MySQL v5.7.1
Database backup - Daily backups using Task Scheduler to run a batch file enclosing a mysqlpump instruction set
Mail Server - hMailServer v5.6.4 Build 2283
Mail Server backup - Robocopy for the entire directory linked with the mysqlpump backup of the DB - I use the internal settings backup
Anti-spam - SpamAssassin for Windows
- annoyingly only v3.4.0 as I can't get v3.4.1 for a Windows install yet and URIBL.com has a new RegistrarBoundaries.pm update required :(
Anti-virus - ClamD + Sansecurity as per this post :)
Security - SSL + SPF + DKIM
Daily Test of mail protocols - using SendMail and verifier.port25.com to check e-mail functionality and Spam scoring

Only things I would like to add are:

- Updated SpamAssassin to allow URIBL.com check for new TLD's

- A DMARC record. But my hosted VPS provider (1and1) won't allow a text record to be created with a _dmarc prefix. I can't think of any way round this (I can't create a sub-domain beginning with _ either) and it is a limit of 1and1 not HMS in any way

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2016-02-07 14:14

jimimaseye wrote:And did you see the instruction about limiting the maximum size? (see point (8) in the instructions - I recently added that and not sure if it would have been there after your implementation)?
Yep, it wasn't there when I started but had seen it later when I was checking point by point I had followed the instructions correctly

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-10 12:31

Note to all:

oss.netfarm.it/clamav/ has today just updated the CLAMD.exe file to version 0.99. It is now compatible with the current download version of Clamwin which is also 0.99. Ive just upgraded both and all is working fine. Benefits of 0.99? Erm..... the main thing is that it can now do rule definitions called "Yara"...(whatever that is. :wink: https://www.google.co.uk/search?q=yara+rules)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Gordonh1970
Normal user
Normal user
Posts: 42
Joined: 2016-01-29 13:50
Location: UK
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Gordonh1970 » 2016-02-11 14:21

jimimaseye wrote:Benefits of 0.99? Erm..... the main thing is that it can now do rule definitions called "Yara"...(whatever that is. :wink: https://www.google.co.uk/search?q=yara+rules)
I'm not 100% sure about yara myself but do note that your Sansecurity solution also uses it

Started: 11/02/2016-12:19:55.16
Downloading files from mirror...
opening tcp connection to rsync.sanesecurity.net port 873
sending daemon args: --server --sender -vvtpze.LsfxC --timeout=120 . "sanesecurity/*" (6 args)
delta-transmission enabled
.f Sanesecurity_sigtest.yara
.f Sanesecurity_sigtest.yara.md5
.f Sanesecurity_sigtest.yara.sha256
.f Sanesecurity_sigtest.yara.sig
.f Sanesecurity_spam.yara
.f Sanesecurity_spam.yara.md5
.f Sanesecurity_spam.yara.sha256
.f Sanesecurity_spam.yara.sig

So it must be good :)

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-11 15:49

Have you included them in you Database list though? If you havent then they wont be loaded and used anyway.

From http://sanesecurity.co.uk/usage/signatures/ :
Sanesecurity_sigtest.yara Yara format: Signature test
Sanesecurity_spam.yara Yara format: Detects Spam emails
Im still unsure on the benefits of inclusion. (Ive just asked for advice ans will post back).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-11 17:25

Update: Advice from author of Sanesecurity definitions:
"I'd leave them off for a bit, there's a couple of bugs which I've reported
to the ClamAV team to look at, nothing major but means I can't use Yara
on a few sig ideas :( "
So, for now dont bother with yara.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-11 21:17

jimimaseye wrote:Note to all:

oss.netfarm.it/clamav/ has today just updated the CLAMD.exe file to version 0.99. It is now compatible with the current download version of Clamwin which is also 0.99. Ive just upgraded both and all is working fine. Benefits of 0.99? Erm..... the main thing is that it can now do rule definitions called "Yara"...(whatever that is. :wink: https://www.google.co.uk/search?q=yara+rules)
Why not get ClamAV directly from the source ???

http://www.clamav.net/downloads#otherversions

I've been on 0.99-rc1 since October '15 and I can see I missed the official release of 0.99 in December.

Info on Yara...

http://plusvic.github.io/yara/
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-11 21:27

Found some Yara rule samples... Have fun... :mrgreen:

https://securelist.com/files/2015/06/Du ... _rules.pdf
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-11 21:52

SorenR wrote:Why not get ClamAV directly from the source ???
Initially there is a benefit on using Clamwin (over Clamav for windows) due to it having the 'all in one' install and the GUI (with windows integration, scheduling etc). ClamAv for Windows does have this (and the Immunet version is not a free version and uses its own definitions). This is what makes it an attractive proposition. However, as you know, its not a threaded application (yet!) and is resource hungry on scanning. The initial procedure here was the way to get the benefit of Clamwin WITH the benefit of Clamd.

Admittedly, I hadnt even thought about whether the compiled 'ready to go' version of Clamd was available from ClamAV itself and yes, in fact, a quick check (in the link you provide) shows a Clamd.exe bundled. My procedure of using Clamwin + clamd doesnt need full installs of both softwares to be installed and only needs the Clamd component to compliment Clamwin. This finding of clamd (from your link) gives us an alternative to obtain clamd instead of me waiting on Sherpya to update his oss.netfarm.it repository.......ASSUMING that that version of Clamd.exe is compiled and compatible with the Clamwin installed libraries in the same way.

I will attempt a test 'later' to see if this is the case and if so I will update my initial write-up about where to obtain it.

EDIT:

It seems the Clamd.exe versions are different despite both being created for the same versions of ClamAV and for Win32. Size is different (and naturally, also the icon of the executable).

(On the left is the Clad from Clamav, on the right is Clamd from Sherpya (oss.netfarm). Note his version says specifically for "Clamwin" and also 'Sherpya' is the man responsible for porting Clamd to Windows and to Clamwin.)
Clamd.PNG
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-11 23:03

Update: Done the test of ClamAV's version of ClamD.

It doesnt work.
CaptureClamdFailure.PNG
CaptureClamdFailure.PNG (9.41 KiB) Viewed 81721 times
Definitely need the oss.netfarm.it (clamwin) version of ClamD to work with the Clamwin installation (as per the purpose of this HOW TO guide).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-12 00:47

jimimaseye wrote:Update: Done the test of ClamAV's version of ClamD.

It doesnt work.
CaptureClamdFailure.PNG
Definitely need the oss.netfarm.it (clamwin) version of ClamD to work with the Clamwin installation (as per the purpose of this HOW TO guide).
Ah... There is no "--install" in the original as it is a port from Linux - and Linux don't work that way ;-)
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by katip » 2016-02-12 06:09

SorenR wrote:There is no "--install" in the original
indeed.
but it can be installed as a service with a wrapper. my favorite : http://www.pirmasoft.de/cms/freeware/runassvc
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-12 10:10

SorenR wrote: Ah... There is no "--install" in the original as it is a port from Linux - and Linux don't work that way ;-)
Thats the beauty of using my Clamwin port - the Clamd version does include the simple 'install' process without the need to mess with service wrappers. That said, the other version (in Clam win32) is a windows port and I dont see any instructions saying that you have to mess with service wrappers for that so how do you actually run it?

Mind you, does that message ("The ordinal 44315 could not be located....") REALLY mean "'install' option not found"? It looks more like an incompatibility of some sort with the libraries in use to me.

Anyway, I will do another test (just curiosity) on my laptop using Clamwin and that Clad version wth a wrapper and I will report back. (Im not hopeful).
katip wrote: but it can be installed as a service with a wrapper. my favorite : http://www.pirmasoft.de/cms/freeware/runassvc
I use NSSM: https://nssm.cc/description (which installs the service of choice with "nssm install" and prompts you for your parameters)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by katip » 2016-02-12 12:00

jimimaseye wrote:Mind you, does that message ("The ordinal 44315 could not be located....") REALLY mean "'install' option not found"?
actually VC redistros are needed. download from MS site vcredist installer (64 or 32 bit). direct copying of msvcp100.dll and msvcr100.dll to Clamav folder may work too but haven't tried.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-12 12:12

It all sounds like hard work. I'll stick with the 'all included' clamwin package.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-13 00:29

jimimaseye wrote: I use NSSM: https://nssm.cc/description (which installs the service of choice with "nssm install" and prompts you for your parameters)
Call me old-fasioned, I use https://support.microsoft.com/en-us/kb/137890 ;-)

I would not call the ClamD code from the ClamWin project a "port" as it has clearly been altered to allow the code to run as a service... It's been "Fork'ed" and therefore should use a different name. Versions are NOT 100% code compatible.

"I wonder what other changes have been made to the code" I phrase while wearing my tinfoil hat... 8)
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-13 01:42

SorenR wrote:
jimimaseye wrote: I use NSSM: https://nssm.cc/description (which installs the service of choice with "nssm install" and prompts you for your parameters)
Call me old-fasioned, I use https://support.microsoft.com/en-us/kb/137890 ;-)
Well......

..... https://support.microsoft.com/en-us/kb/137890 = (feel free to scroll down for speed):
At a MS-DOS command prompt(running CMD.EXE), type the following command:

path\INSTSRV.EXE My Service path\SRVANY.EXE

where path is the drive and directory of the Windows NT Resource Kit (i.e., C:\RESKIT) and My Service is the name of the service you are creating.

Example:
C:\Program Files\Resource Kit\Instsrv.exe Notepad C:\Program Files\Resource Kit\Srvany.exe
NOTE: To verify that the service was created correctly, check the registry to verify that the ImagePath value under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service name
is set to point to SRVANY.EXE. If this is not set correctly, the service will stop shortly after it starts and return an Event ID 7000 "The service name failed to start."

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" online Help topic or the "Add and Delete Information in the Registry" and "Edit Registry Data" online Help topics in Registry Editor.

NOTE: You should back up the registry before you edit it.
Run Registry Editor (Regedt32.exe)and locate the following subkey:
.
.

YOU STILL READING?........
.
.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<My Service>
From the Edit menu, click Add Key. Type the following and click OK:

Key Name: Parameters
Class : <leave blank>
Select the Parameters key.
From the Edit menu, click Add Value. Type the following and click OK:

Value Name: Application
Data Type : REG_SZ
String : <path>\<application.ext>

where <path>\<application.ext> is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)
Close Registry Editor.

By default, a newly created service it configured to run Automatically when the system is restarted. To change this setting to Manual, run the Services applet from Control Panel and change the Startup value to Manual. A service set to Manual can be started in one of several ways:
- From the Services applet in Control Panel

- From a MS-DOS command prompt, type the following:
.
.

KEEP GOING.........

NET START <My Service>

- Use the Sc.exe utility from the Resource Kit. Type the following from a MS-DOS command prompt:

<path>\Sc.exe start <My Service>

where <path> is the drive and directory of the Windows NT Resource Kit (i.e., C:\Reskit).
(Phew! And thats once youve managed to find and download the 'Resource Kit' just to get the INSTSRV program in the first place! Kind of sucks the will out of life.)

or https://nssm.cc/description =
nssm install <servicename>
Hmmmm. (There is a reason why NSSM is called "the Non-Sucking Service Manager") :mrgreen:
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-13 12:55

jimimaseye wrote:(Phew! And thats once youve managed to find and download the 'Resource Kit' just to get the INSTSRV program in the first place! Kind of sucks the will out of life.)

or https://nssm.cc/description =
nssm install <servicename>
Hmmmm. (There is a reason why NSSM is called "the Non-Sucking Service Manager") :mrgreen:
Sitting here by the computer, looking out the window... We have had a bit of snow last night... Birds are picking in the snow - I really should go out and fill up the birdseed dispenser... la la la la la... :mrgreen:
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-13 12:58

:mrgreen:

How is your shoulder doing? Getting any better?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-02-13 13:43

jimimaseye wrote::mrgreen:

How is your shoulder doing? Getting any better?
Same, same, but with less pain... Waiting for doctor to pull finger from <behind> and check MR scan...
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-02-18 19:06

i want to update my installation too (running 0.99 with 0.98 as Service)

Do you only replace only the clam.exe (single file) (downloaded from here http://oss.netfarm.it/clamav/) with the existing in the clamwin directory?
Or do you replace the other files in the directory too?

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-18 19:18

1, disable ANTIVIRUS scanning in hmailserver

then as privileged ADMINISTRATOR cmd:

2, net stop CLAMD (this stops Clamd)
3, sc delete clamd (this deletes the existing clamd service)
4, run the install of Clamwin latest over the top of current installation and REBOOT when prompted.
5, Copy over the new Clamd.exe (only) from Oss site (as per instructions)
6, Run the "Clamd --install" command (as per instructions)
7, recheck and restart the services and enable Antivirus (as per instructions)

That should do you.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-02-18 19:22

thank you very much :)

it is really awesome how much this configuration blocks.
It seems no Virus has pass through since i am using this.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-18 19:30

yeah, good aint it. Thanks to Sane definitions. (always worth a donation - does the job better than commercial paid versions. A lot quicker out of the blocks.).

Dont forget to REBOOT after the install of Clamwin when prompted BEFORE you attempt to install Clamd.

EDIT: Ive just updated my initial instructions with the above UPDATE procedure. Thanks for the prompt. :mrgreen:
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-02-18 20:05

do you know a way how to see if we are using the newest antivirus defs?

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-02-18 20:13

The only way is to view your update logs.

With Clamwin, right click on the systray icon : DISPLAY REPORTS - VIRUS DATABASE UPDATE REPORTS

For sane, view your update log file that you enabled in your update Bat file. :wink:

You might want to look at your Clamd.log file too and verify that it is 'reloading' defintions every 10 minutes after seeing there are new defs added.

eg,
Thu Feb 18 17:13:05 2016 -> SelfCheck: Database status OK.
Thu Feb 18 17:23:05 2016 -> SelfCheck: Database modification detected. Forcing reload.
Thu Feb 18 17:23:06 2016 -> Reading databases from C:\ProgramData\.clamwin\db
Thu Feb 18 17:23:23 2016 -> Database correctly reloaded (4375566 signatures)
Thu Feb 18 17:33:23 2016 -> SelfCheck: Database status OK.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-03-01 23:44

SorenR wrote:
jimimaseye wrote::mrgreen:

How is your shoulder doing? Getting any better?
Same, same, but with less pain... Waiting for doctor to pull finger from <behind> and check MR scan...
Well.... MR scan says supraspinatus and infraspinatus tendons snapped (off). Description also says "Biceps caput longum tendinose" and some other stuff... So... I'm officially defunct... :cry:

Upside is it's not frozen/locked, I don't have to wait 3 years for it to release itself... :mrgreen:

The challenge is who will operate... I'm also a haemophiliac :roll:
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-02 00:00

Is surgery is the only option to repair/heal? Wont it recover itself? (The caputum tendonsnappen, I mean, not the haemophelia)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-03-02 00:44

jimimaseye wrote:Is surgery is the only option to repair/heal? Wont it recover itself? (The caputum tendonsnappen, I mean, not the haemophelia)
Like a rubber band, tendons are under tension as they connect the muscle to the bone. If a tendon is torn or cut, the ends of the tendon will pull far apart, making it impossible for the tendon to heal on its own.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by mattg » 2016-03-02 01:07

Well that sucks

Good luck SorenR
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-03-04 21:41

today i did a look at the hmailserver box (monthly manual checking) and i found that clamAV does not update signatures anymore.

The Sanesecurity Updates are running fine via my batch.
But clamAV itself does not update anymore.


It greeted me with this message:
Image

ClamWIN does not update anymore:
Image

What i did without success:
1)Check Name Resolution
2)Multiple Reboots of Machine
3)Disabling Windows Firewall
4)Check Name Resolution again

pinging db.clamav.net works fine:
Image

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-04 21:45

Just checked, mine are ok:

Code: Select all

ClamAV update process started at Sun Feb 28 21:58:01 2016
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21425.cdiff [100%]
daily.cld updated (version: 21425, sigs: 1858725, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4282997 signatures) from database.clamav.net (IP: 130.59.10.36)
--------------------------------------
ClamAV update process started at Mon Feb 29 21:58:00 2016
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21426.cdiff [100%]
Downloading daily-21427.cdiff [100%]
Downloading daily-21428.cdiff [100%]
daily.cld updated (version: 21428, sigs: 1860907, f-level: 63, builder: anvilleg)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4285179 signatures) from database.clamav.net (IP: 129.67.1.218)
--------------------------------------
ClamAV update process started at Tue Mar 01 21:58:01 2016
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21429.cdiff [100%]
Downloading daily-21430.cdiff [100%]
Downloading daily-21431.cdiff [100%]
daily.cld updated (version: 21431, sigs: 1862867, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4287139 signatures) from database.clamav.net (IP: 129.67.1.218)
--------------------------------------
ClamAV update process started at Wed Mar 02 21:58:01 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99 Recommended version: 0.99.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21432.cdiff [100%]
Downloading daily-21433.cdiff [100%]
Downloading daily-21434.cdiff [100%]
Downloading daily-21435.cdiff [100%]
daily.cld updated (version: 21435, sigs: 1864966, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4289238 signatures) from database.clamav.net (IP: 130.59.10.36)
--------------------------------------
ClamAV update process started at Thu Mar 03 21:58:00 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99 Recommended version: 0.99.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21436.cdiff [100%]
daily.cld updated (version: 21436, sigs: 1866555, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4290827 signatures) from database.clamav.net (IP: 129.67.1.218)
What version of Clamwin are you on? (I upgraded to 0.99 some days ago - upgrade process detailed on first post).

(Support for it is at http://forums.clamwin.com/ )
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-03-04 22:07

What version of Clamwin are you on? (I upgraded to 0.99 some days ago - upgrade process detailed on first post).
i am running 0.99

tomtom76
Normal user
Normal user
Posts: 33
Joined: 2012-04-05 16:16

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by tomtom76 » 2016-03-04 22:25

do you update both signatures?
sanesecurity and clamav ?

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by SorenR » 2016-03-04 23:04

3 new lines in the logfile after upgrading clamd 0.99 to clamd 0.99.1 8)

Code: Select all

Fri Mar 04 21:57:58 2016 -> Limits: MaxRecHWP3 limit set to 16.

Fri Mar 04 21:57:58 2016 -> XMLDOCS support enabled.
Fri Mar 04 21:57:58 2016 -> HWP3 support enabled.
http://blog.clamav.net/
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-05 01:55

tomtom76 wrote:do you update both signatures?
sanesecurity and clamav ?
Yes. Clamwin default databases handled by clamwin by default. And sane by its Bat file.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

alecwood
New user
New user
Posts: 6
Joined: 2009-11-19 10:32

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by alecwood » 2016-03-11 13:32

Thanks for the guide, and the sanesecurity info, wish I had found it ages ago

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-11 13:36

Thanks
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

sew
New user
New user
Posts: 7
Joined: 2016-03-18 11:26

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by sew » 2016-03-18 11:39

If not, then you will have to abort this procedure until they do become the same version (or contact someone here to see if they have copies of versions that do match :wink: )
Currently on offer is clamwin-0.99-setup.exe and clamav-win32-0.99.1.

So does anyone have clamav-win32-0.99 please (or clamwin-0.99.1-setup.exe)? Would REALLY appreciate it - thanks.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-18 11:45

This attachment contains the Clamd 0.99 that is compatible with Clamwin-0.99. These are the files you would extract in the "Procedure stage (2)" of the instructions.
Attachments
ClamD_099.zip
(44.02 KiB) Downloaded 897 times
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

sew
New user
New user
Posts: 7
Joined: 2016-03-18 11:26

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by sew » 2016-03-18 11:49

That's so fast I thought I was seeing things on refresh - thank you!

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-18 11:52

No problems. Good luck. (Dont forget the sane definitions! Very important.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

sew
New user
New user
Posts: 7
Joined: 2016-03-18 11:26

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by sew » 2016-03-18 12:16

Thanks working fine as per your instuctions

sew
New user
New user
Posts: 7
Joined: 2016-03-18 11:26

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by sew » 2016-03-18 21:19

Seems though that it doesn't scan certain files such as compressed files eg .zip. Did a test via http://www.emailsecuritycheck.net/ and 6/7 got through. Do my results reflect other users? I have set ScanArchive yes in clamd.conf

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by mattg » 2016-03-19 00:50

If the zip is not password protected, they should be scanned to the level in your clamd.config

If the zip is password protected, no scanning will be able to check the zip
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-03-19 01:13

sew wrote:Seems though that it doesn't scan certain files such as compressed files eg .zip. Did a test via http://www.emailsecuritycheck.net/ and 6/7 got through. Do my results reflect other users? I have set ScanArchive yes in clamd.conf
Im not sure what you are expecting to see.

GTUBE test:
was identified correctly by Spamassassin (email 3) - has nothing to do with Antivirus

ZIP file with eicar inside: was identified correctly (email 2)

(Only 1 Zip file is sent.)

There is only the one that is the responsibility of Antivirus (Clam) and it has performed correctly.

The rest is about the ability of Hmailserver ATTACHMENT BLOCKER (which we know has some flaws):

2x 'attached.bat' : was identified and stripped correctly. (email 1 and 4)

the others (with various random symbols to disguise it): failed complete strip and replacement - a fault of Hmailserver (emails 5, 6 and 7).

Rest assured that the Zips ARE being scanned inside by default especially is you have sane security 'foxhole' databases included.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

sew
New user
New user
Posts: 7
Joined: 2016-03-18 11:26

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by sew » 2016-03-21 15:05

Thanks for explanation

MarHMS
Normal user
Normal user
Posts: 136
Joined: 2015-12-11 17:10

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by MarHMS » 2016-05-01 23:21

Successfully upgraded to v0.99.1 for both...
GREAT instructions! :D

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-05-01 23:36

THanks.

That reminds me, I might look at upgrading my versions now.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Nime
Normal user
Normal user
Posts: 169
Joined: 2009-03-12 11:50
Contact:

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by Nime » 2016-05-26 08:24

A few days ago I've added foxhole signatures, they worked at first then cryptolocker class viruses appeared again.
Training the Spamassassin was useless either; the score of infected message file was 0.8 *damn*

I set scheduled updates hourly. However official sigupdate.bat couldn't help. I googled for latest signatures and found
one site where the signatures publicly hosted, tons of signatures: http://ftp.swin.edu.au/sanesecurity/

I've downloaded the necessary signatures then checked the infected message file and viola! It's infected.

I've wrote a simple hardcoded batch script which one downloads & updates all the necessary ClamAV database files
and Sanesecurity Foxhole signatures and then restarts ClamD service if required.

Script: http://pastebin.com/KEdqknXq

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: HOW TO run Clamwin and have a ClamAV system SERVICE

Post by jimimaseye » 2016-05-26 11:51

Nime wrote: Training the Spamassassin was useless either; the score of infected message file was 0.8 *damn*
Remember Spamassasin doesnt check for viruses, antivirus products check for viruses.

I think its very strange that the latest signatures didnt pick up what you expected yet an older 'mirror' did. Are we sure the configuration for the default databases is correct and the rsync has performed correctly?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply