clam antivirus - variations

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
cijiro
New user
New user
Posts: 22
Joined: 2017-10-05 22:08

clam antivirus - variations

Post by cijiro » 2017-11-18 15:57

Hi,
because I don't have clear mind about Clam antiviruses, I try to ask here, because I know, it's used by Hmail users here.

As I read here, it's recommended, to use clamd as service + clamwin + sanesecurity.

Is there any difference between ClamWin + clamd and ClamAV + clamd?
What is main difference between ClamWin and ClamAV? It looks by version and files simillar.

About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?

Thanks

User avatar
jimimaseye
Moderator
Moderator
Posts: 8077
Joined: 2011-09-08 17:48

Re: clam antivirus - variations

Post by jimimaseye » 2017-11-18 20:38

cijiro wrote:Hi,
Is there any difference between ClamWin + clamd and ClamAV + clamd?
No, not really. (Technically yes because Clamwin is still at 0.99.1 where ClamAV is not at 0.93 (I think) but the differences are minimal (can now handle Yara rules) and barely make a difference). But they both use the same definitons from the ClamAV default repository from ClamAV.
cijiro wrote:What is main difference between ClamWin and ClamAV? It looks by version and files simillar.
Clamwin has a nice windows GUI with shell context menu on demand scanning and system tray. Clamwin DOESNT run as a service and isnt multi-threaded therefore has to load itself (engine and defintions) every time a mail is passed to it and eats memory and process each time.

Clam is the opposite of the above two points.
cijiro wrote:About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?
Yes. Sane adds important and useful definition that actually work filling the holes that the Clam definitions miss. If you read my thread here yopu will see how useful they can be and how I got to the conclusion they were necessary to have a successful implementation of Clam.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20000
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: clam antivirus - variations

Post by mattg » 2017-11-18 22:13

cijiro wrote:Is there any difference between ClamWin + clamd and ClamAV + clamd?
jimimaseye wrote:...they both use the same definitons from the ClamAV default repository from ClamAV.
The same TERRIBLE definitions. CLAM (either one) couldn't catch a cold on it's own
cijiro wrote:What is main difference between ClamWin and ClamAV?
jimimaseye wrote: Clamwin DOESNT run as a service and isnt multi-threaded therefore has to load itself (engine and defintions) every time a mail is passed to it and eats memory and process each time.
+1
ClamWIN will kill a remotely busy server - don't use it, unless you use the ClamAV service as described in that thread.
cijiro wrote:About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?
jimimaseye wrote:Yes. Sane adds important and useful definition that actually work filling the holes that the Clam definitions miss.
I'll go further. Without the SANE definitions, Clam would be useless. With SANE definitions it is the best product for catching Malware being spread via email.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

topper
Normal user
Normal user
Posts: 49
Joined: 2009-10-15 09:23

Re: clam antivirus - variations

Post by topper » 2017-11-20 16:11

I'm still using this version of ClamAV, like this. It's easy to setup service, but only 0.98
CLAM.png
I had tried other version, but can't start service, I don't know why.
ESXi -> hmail.v5.6.7B2425 + ClamAV + SpamAssassin

User avatar
jimimaseye
Moderator
Moderator
Posts: 8077
Joined: 2011-09-08 17:48

Re: clam antivirus - variations

Post by jimimaseye » 2017-11-20 17:16

Clamwin 0.99.1 (latest available) and Clamd 0.99.1: viewtopic.php?p=186601#p186601

viewtopic.php?f=21&t=26829
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

topper
Normal user
Normal user
Posts: 49
Joined: 2009-10-15 09:23

Re: clam antivirus - variations

Post by topper » 2017-11-21 04:28

I had upgraded to 0.99.1, download from Sourceforge.

By Cisco Systems, Inc.?
20171121101711.png
This version using RunAsSvc.exe to setup clamd.exe, It's more easy to use
20171121102058.png
20171121102058.png (8.5 KiB) Viewed 1021 times
ESXi -> hmail.v5.6.7B2425 + ClamAV + SpamAssassin

User avatar
jimimaseye
Moderator
Moderator
Posts: 8077
Joined: 2011-09-08 17:48

Re: clam antivirus - variations

Post by jimimaseye » 2017-11-21 09:34

ClamAV For Windows is also available from ClamAV, yes. It will do the same thing. However, it does not have the frontend GUI of Clamwin and it is not compatible with the Clamwin installation. The tutorial above is specific to those that wish to have Clamwin and the service living together.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply