ClamAV for Windows

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
kanobe
New user
New user
Posts: 3
Joined: 2005-12-01 14:08

ClamAV for Windows

Post by kanobe » 2006-11-28 00:37

Hi everyone

At last there is native clamav for windows at http://w32.clamav.net.

It's merged to Clamav main development, no emulation layer, compiled with vs2005, clamd and windows service app.

Enjoy!

kanobe
New user
New user
Posts: 3
Joined: 2005-12-01 14:08

and...

Post by kanobe » 2006-11-28 00:39

http://www.bandsman.co.uk/clamav.htm

there are powertoys (service app)

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2006-11-28 00:50

About time to :)

Thanks for the links...

Dragwyr
Normal user
Normal user
Posts: 66
Joined: 2006-01-06 19:10
Location: Michigan, USA

Post by Dragwyr » 2006-11-29 15:01

I guess I don't quite understand. What would be the advantage to using this as opposed to ClamWin? Are the virus scans any faster?

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2006-11-29 15:03

I tried installing this with the added power tools, and buggered if I can get the power tools to play with clamav ???

Michael
Missing Hmailserver ... Now running Debian servers

Hotlanta
Normal user
Normal user
Posts: 46
Joined: 2006-12-04 20:46

Post by Hotlanta » 2006-12-29 22:45

I finally got the w32 version of clamav working well, and it's quite nice. This particular build uses native window code and can run as a service, so it's better than ClamWin. It also has clamd and clamdscan which makes for much more efficient running of the software since clamd has the signature files and only loads once. I found that since HMailServer is running separate threads for clamscan, that my system and memory usage was going through the roof and even crashing. Now that I'm usind clamd/clamdscan, it's running great.

Here's specifically what I did to make this work:

1. Go to http://www.bandsman.co.uk/clamav.htm and download both the windows ClamAV and the PowerTools. I used the ClamAV from http://w32.clamav.net before finding the link for the PowerTools, and I couldn't get them to work together. Once I used the version of ClamAV that came from the same site where powertools is located, they worked fine together.

2. Install ClamAV first, then install PowerTools. Do not change their default folders.

3. Powertools will set itself up as a service. It also loads freshclam (which allows for automatic updates of the virus database). Go into your Windows Services and start the ClamD service.

4. Go into HmailServer AntiVirus and set the paths. It will not autodetect the paths since this is ClamAV and not ClamWin.

Make sure you set the executable to C:\Program Files\clamAV\clamdscan.exe and not clamscan.exe. Clamscan.exe doesn't take advantage of the clamd client, and if it loads enough times, it can crash the server. Clamdscan is much nicer with system resources (but won't screen anything if clamd isn't running).

Set the data path to C:\Program Files\clamAV\data and save it.

At this point, everything should be working well. Run a test with a test file from http://www.eicar.org/anti_virus_test_file.htm . If you watch the processes running in Taskmanager as you send the email in, you can see clamd and freshclam running all the time, and clamdscan will pop up as the mail processes.

The Freshclam.conf file can be edited slightly to make it run better. Since it's based on Unix and they use line feeds instead of carriage return/linefeed for end of lines, it's a bit fun trying to edit it, but in the end, it's just a text file and notepad can handle it.

Do a search on "UK" and change it to "US". This allows it to update from the US mirror server.

Do a search on "check 24", and remove the # from the "#check 24" so that it will check for updates on an hourly basis.

Make no other edits and save it.

Here are some other odds and ends...

There is a place where you can get phishing signatures for clamav at http://www.sanesecurity.com/clamav/ .

I found an interesting downloader that only downloads updated files. I haven't had a chance to play with it yet, but you can get it at http://www2.sosdg.org/%7Etbb/ss-updater.zip

Hope this helps.

John

g0yjs0
Senior user
Senior user
Posts: 282
Joined: 2006-01-26 10:18

Post by g0yjs0 » 2006-12-30 00:31

Does anyone know how this will impact the HOWTO found below?

(See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x)

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2006-12-30 06:03

Thanks Hotlanta

I will give this a try.

Michael
Missing Hmailserver ... Now running Debian servers

woyzeck
Normal user
Normal user
Posts: 74
Joined: 2005-10-18 21:35
Location: St. Paul, MN

Post by woyzeck » 2006-12-31 18:25

Does anyone know how this will impact the HOWTO found below?

(See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x)
It shouldn't. This version of Clamav for Windows run natively on windows, whereas, the one from SOSDG runs under cygwin.

Woyzeck

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-01-09 17:09

Hey Hotlanta

what return code are you using ??

Thanks
Michael
Missing Hmailserver ... Now running Debian servers

Hotlanta
Normal user
Normal user
Posts: 46
Joined: 2006-12-04 20:46

Post by Hotlanta » 2007-01-11 20:52

Slug wrote:Hey Hotlanta

what return code are you using ??

Thanks
Michael

I'm not sure what your referring to as "return code" for this. Could you be more specific?

Although hMailServer allows us to set return codes for spam, it automatically handles the return codes for AntiVirus mail that has a virus. If that's what you're referring to, then it's already handled. I'm running 4.3, and maybe that's changed since you appear to be on 4.4.

John

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-01-12 14:50

Hotlanta wrote:
Slug wrote: I'm not sure what your referring to as "return code" for this. Could you be more specific?
Sure

In the same section that you set the path of the external virus scanner hMs also asks for the "return value"

Without this the virus scanner wont work.

Thanks
Michael
Missing Hmailserver ... Now running Debian servers

Hotlanta
Normal user
Normal user
Posts: 46
Joined: 2006-12-04 20:46

Post by Hotlanta » 2007-01-13 23:10

Slug wrote:
Hotlanta wrote:
Slug wrote: I'm not sure what your referring to as "return code" for this. Could you be more specific?
Sure

In the same section that you set the path of the external virus scanner hMs also asks for the "return value"

Without this the virus scanner wont work.

Thanks
Michael
Actually, I'm not using the external virus scanner part of this. I'm using the ClamWin part. In there, I have:

Use ClamWin is checked

ClamScan Executable
C:\Program Files\clamAV\clamdscan.exe

Path To ClamScan Database
C:\Program Files\clamAV\data

I'm sure you can use the other, but I didn't choose to, so I didn't have to set a return value.

Regards,

John

g0yjs0
Senior user
Senior user
Posts: 282
Joined: 2006-01-26 10:18

Post by g0yjs0 » 2007-01-13 23:46

The return value listed in the HowTo thread (See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x) is "1." I can't guarantee this works with the Win32 native build, but I would guess so.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-01-14 08:47

Hotlanta wrote:
Actually, I'm not using the external virus scanner part of this. I'm using the ClamWin part.

Regards,

John
Yeah I guess thats what you did.

Thanks
Michael
Missing Hmailserver ... Now running Debian servers

trofosila
New user
New user
Posts: 9
Joined: 2007-02-06 12:48
Location: Romania

Post by trofosila » 2007-02-06 12:57

Has anybody switched from SOSDG to ClamAV for Windows? Is there a significant improvement regarding CPU time?

I am sending daily newsletters which contains about 20 inline images, so for every message i send there are 20 instances of clamdscan.exe which offen result in hMail hangup.

I don't want to move the virus scaning process to another machine and i am interested wich antivirus could do the job better.

Thanks,
Trofosila

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-02-06 13:39

trofosila wrote: I am sending daily newsletters which contains about 20 inline images, so for every message i send there are 20 instances of clamdscan.exe which offen result in hMail hangup.
From what I can see, there is only one instance of clamd running. So this should fix your problem. If you can post back to let us know how you go, that would be good.

Michael
Missing Hmailserver ... Now running Debian servers

trofosila
New user
New user
Posts: 9
Joined: 2007-02-06 12:48
Location: Romania

Post by trofosila » 2007-02-06 20:00

There is only one instance of clamd, but i'm guessing that hMail is scaning the .eml file of the message and then it scans 20 .tmp files (witch are the images in the message - the message is multipart, 1 part text, 1 part html and then 20 parts of images). I have not found a way to inform ClamAV not to scan images in the mail body.

Anyway, i will install ClamAV for Windows and will post a conclusion regarding performance.

trofosila
New user
New user
Posts: 9
Joined: 2007-02-06 12:48
Location: Romania

Post by trofosila » 2007-02-07 13:00

Current version of ClamAV for Windows has the folowing advantages over SOSDG:
- more stable (i have sent 9500 messages each containing about 20 inline images and my hMailserver is still up. Until now i was forced to stop the antivirus while i has sending newsletters).
- definetly is nicer with system resources (memory).

The minus is CPU time. It keeps my 2.8 GHz Xeon at 50% almost all the time. Maybe the guys from NJH Software will keep this in mind and next version will be better.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-02-07 14:32

trofosila wrote: The minus is CPU time. It keeps my 2.8 GHz Xeon at 50% almost all the time. Maybe the guys from NJH Software will keep this in mind and next version will be better.
The test server I have with ClamAv is not using 50% CPU ? is this 50% when running or 50% when idle ??

Michael
Missing Hmailserver ... Now running Debian servers

trofosila
New user
New user
Posts: 9
Joined: 2007-02-06 12:48
Location: Romania

Post by trofosila » 2007-02-07 23:37

@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.

Bellow is a part of a log for a single message, and this is the cause why CPU jumps to 50%
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Data\{D7396781-A218-40B1-AF91-194BD51C364D}.eml" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{E94F4974-1289-4832-ADD3-96B08F834604}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{77723B33-0B8D-4169-9B84-2C4F8E0CA2DB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{F8CD501B-43A8-4B9A-AEC1-E0A40D23CDC8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{588ADE5B-654D-45EA-B215-73B9E79311A7}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{DB913492-F642-41E3-9A41-CE8C03524A3E}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{96677E09-8FC8-4BB7-A845-8F75B8787C71}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{5BC60287-5F8C-407B-9219-D37237068643}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{A496204D-F0CB-40DC-B0D3-361AB7D08F44}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.670" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BC51B453-9520-4784-A90D-022D386D1E21}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D54BF725-1BCC-45D4-A81A-8F65D7EFACCB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BB62329C-7FB0-4C72-8CE9-758F04F08829}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D5BD9363-E658-446A-9E8A-1AECFC988F76}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{4812DC14-9A88-4164-8E54-73D1CF6A4186}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{B93DEFE5-A6B2-4358-8BA3-631BA3A8527D}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{C02924AD-17C8-4D94-814D-B6C5728037D8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::~Scan()"


As you can see the first scaned file is the .eml, but after that it scans separately every inline image. But I guess this is normal behaviour.
The only thing it would help is having a way to disable virus scaning from localhost or local network (i know it is a poll on this forum for such a feature), or a better antivirus.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-02-08 03:37

trofosila wrote:@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.
Ok, I am seeing the same thing. Perhaps over time this will be sorted. But in the mean time for a free AV it works very well. So I will put up with it :wink:

BTW it took just under 1 second to scan your message, not too bad I think.

Michael
Missing Hmailserver ... Now running Debian servers

Greta
Senior user
Senior user
Posts: 339
Joined: 2007-01-02 13:23
Contact:

Post by Greta » 2007-03-23 16:41

Hotlanta wrote: Here's specifically what I did to make this work:

1. Go to http://www.bandsman.co.uk/clamav.htm and download both the windows ClamAV and the PowerTools. I used the ClamAV from http://w32.clamav.net before finding the link for the PowerTools, and I couldn't get them to work together. Once I used the version of ClamAV that came from the same site where powertools is located, they worked fine together.
On the url you given you can’t download ClamAV
Anymore so I downloaded it from http://w32.clamav.net/. Only Power tools, as you mention, doesn’t work then.

My question, do I need power tools. What is the profit of it.

trofosila
New user
New user
Posts: 9
Joined: 2007-02-06 12:48
Location: Romania

Post by trofosila » 2007-03-24 14:20

@Slug:
ClamAV trully does a great job, but in my case i'm forced do disable virus scanning while i send the newsletter.
I send daily about 9500 messages, one every 3 seconds and it does kill the CPU and after few messages are sent, hMailServer stops delivering emails (marks them with "As soon as posible").
While i was using Qmail i could disable virus scaning for outgoing emails.
Maybe this is what hMailServer is missing: an option for not scaning outgoing emails.

And maybe Martin will tell us if he has plans to do such a feature.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-03-24 14:23

Greta wrote: My question, do I need power tools. What is the profit of it.
Yes you do, its seems to give you a gui and sets up a few other things. You will also notice that a lot of the features in the power tools program don't work.

Michael
Missing Hmailserver ... Now running Debian servers

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-03-24 14:26

trofosila wrote: Maybe this is what hMailServer is missing: an option for not scaning outgoing emails.
Search the feature section, I thought someone asked for this. If its not there add a feature request for it. If you don't then it will never be added :wink:

Michael
Missing Hmailserver ... Now running Debian servers

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-03-24 14:35

Yeah I did although it was for IPRanges rather than outgoing. :)

http://www.hmailserver.com/forum/viewtopic.php?t=5865

racman
Normal user
Normal user
Posts: 107
Joined: 2006-02-06 16:14

Post by racman » 2007-03-25 00:13

Can someone please post the EXACT download locations for the ClamAV and PowerTools files that work together?

All the links posted so far are not correct. On keeps gouing round and round in circles with links that do not work or do not contain the correct files.


Greta
Senior user
Senior user
Posts: 339
Joined: 2007-01-02 13:23
Contact:

Post by Greta » 2007-03-25 11:31

These two have I tested but they doesn’t work together. See my post earlier in the thread. And that was the reason of my question if you absolute need powere tools only for use in hMail.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-03-25 13:36

They are working for me together....

Michael
Missing Hmailserver ... Now running Debian servers

Greta
Senior user
Senior user
Posts: 339
Joined: 2007-01-02 13:23
Contact:

Post by Greta » 2007-03-25 15:25

Strange…
I’m now trying this http://www.hmailserver.com/forum/viewtopic.php?p=46195. Can anyone tell what the difference is between these two installations?

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-03-25 16:26

That install uses Cygwin layer. (not a native Windows port)

Michael
Missing Hmailserver ... Now running Debian servers

racman
Normal user
Normal user
Posts: 107
Joined: 2006-02-06 16:14

Post by racman » 2007-03-25 21:48

Hi All,

Which of these two installations works better? The ClamAV for wwindows or the one that uses the cygwin layer?

It appears that the one that uses cygwin is a much smaller installation and pretty straightforward to get setup. The one for windows is a much larger installation and of course, harder to setup especially in combination with powertools.

What do you think? Is there any need to get rid of the SOSDG installation and replace it with the new one?

:wink:

User avatar
danny6167
Senior user
Senior user
Posts: 472
Joined: 2007-02-07 15:24
Location: Western Australia
Contact:

Post by danny6167 » 2007-03-26 07:26

I believe the native windows is more stable and faster.
It only took me 20 min's to setup clamAV

nmendes
New user
New user
Posts: 3
Joined: 2007-04-01 18:52

Post by nmendes » 2007-04-05 19:07

danny6167 wrote:I believe the native windows is more stable and faster.
It only took me 20 min's to setup clamAV
Just to say that I follows your advice, I'm using clamav since a couple of days and it's working very well, much faster than with clamwin. Thanks!

Nuno

hdms
New user
New user
Posts: 25
Joined: 2007-03-23 16:27

Post by hdms » 2007-04-08 07:06

I had ClamWin installed (which hM have native support for)

I uninstalled (no need to reboot, seems like it is just a shell-ext dll left after uninstall) and used versions of powertool and ClamAV linked in this thread. OMG... What a difference. I had to actually send myself some "viruses" just to make sure it did in fact work. [http://www.aleph-tec.com/eicar/index.php]

Talk about difference in speed...

It would be really nice if hM had native support (auto detecting paths) for clamdscan as well, ClamWin really is not an option in the long run. It uses way to much CPU/mem compared to clamdscan
hM 4.4.1 on WHS

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Post by porcupine » 2007-04-27 11:36

anyone notice the licensing for PowerTools?
Power Tools (25/9/06): This software is free for personal use. Commercial licences and support agreements are available from NJH Software. No warranty is made either explicitly or implicitly for its use.
Yet no more information on the commercial aspect.

So what are the downsides for hMailServer to not using PowerTools? I haven't tested yet but I guess it will be, having to schedule freshclam manually.

EDIT:
OK, to answer my own question... yes schedule freshclam, but runclamd.exe is needed to setup the service, as found here: http://www.asspsmtp.org/wiki/ClamAV_Win32

texinick
New user
New user
Posts: 25
Joined: 2007-01-15 01:41

Post by texinick » 2007-05-08 07:52

Ever since I switched over from ClamWin to ClamAV I've had to restart the server every couple of days because the memory usage of the ClamAV service is going through the roof. I just checked then, and memory usage is at 245Meg.

Is anyone else experiencing this problem? I downloaded ClamAV & Powertools, and followed the instructions in Hotlanta's post above.

Thanks
Nick

User avatar
danny6167
Senior user
Senior user
Posts: 472
Joined: 2007-02-07 15:24
Location: Western Australia
Contact:

Post by danny6167 » 2007-05-08 09:25

I am verry happy with my ClamAv Setup and have had no problems with it.

Check to see if you have the latest version of ClamAV.

texinick
New user
New user
Posts: 25
Joined: 2007-01-15 01:41

Post by texinick » 2007-05-08 09:47

Hi, I've just downloaded what I believe is to be the latest version (it's an april version as opposed to the february one I was running before).

It's only been running for half an hour or so, and the memory seems to be sitting around the 40meg level. It's crept up, and dropped down to 34, but at least it's not continuely increasing. I'll monitor it over the next 24 hours and see how it goes.

The last version I was running came from the bandsman link (mentioned above), but this version I just installed came from the w32.clamav.net server? Does anyone know if there are any differences?

Thanks again
Nick

ralcoriza
Normal user
Normal user
Posts: 30
Joined: 2007-04-28 15:31

Post by ralcoriza » 2007-05-08 10:34

ClamAV for Windows

Requirements: Windows XP, Pentium processor.

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Post by porcupine » 2007-05-10 09:53

I don't know of the differences (if any), I took ClamAV from w32.clamav.net and using runclamd.exe on all our servers, clamd.exe sits at about 40MB. No leakage even after prolonged uptimes.

Make sure you point hMailServer to clamdscan.exe

Performance over ClamWin is easily in the x100 range.

texinick
New user
New user
Posts: 25
Joined: 2007-01-15 01:41

Post by texinick » 2007-05-10 10:28

Maybe this new version has fixed my problem. Since I installed it a few days ago, it's been hovering around the 40mg mark as well. Phew!! No more rebooting every 2 - 3 days! :^)

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-05-15 20:21

Hey All,

I just installed the latest version of ClamAV and Powertools on my production system.

If you follow hotlanta's guide missing out the service starting step (ClamD as it is now already started for you) the rest works flawlessly.

Amazed at speed increase, I thought it would be only slightly faster, heh I was wrong. My memory usage dropped from a little over 300mb down to 220 and CPU peaks at around 5% now instead of 50 .. Wish I had done this sooner :)

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Post by porcupine » 2007-05-16 03:00

for commercial use, PowerTools (just running on the server) is charged at around US$200

and considering its only really needed to provide clamd, I would suggest runclamd is a much simpler and free solution.

I've installed runclamd on our servers without a problem.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-05-16 10:15

Do you have a link to runclamd?

porcupine
Normal user
Normal user
Posts: 40
Joined: 2007-03-12 09:02

Post by porcupine » 2007-05-16 10:21

yes, instructions and download link here:
http://www.asspsmtp.org/wiki/ClamAV_Win32
skipping the ASSP section ;-)

you will also have to set a scheduled task for freshclam.exe (to get updates however often you want)

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-05-16 10:36

Nice one thank you. :)

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-05-16 14:57

Seconded, thankyou. (I was going to ask for a link too)

Michael
Missing Hmailserver ... Now running Debian servers

User avatar
Hosters.at
New user
New user
Posts: 20
Joined: 2006-09-08 16:29
Location: Austria
Contact:

Post by Hosters.at » 2007-05-23 16:19

ok i used that now

powery toys+clamav


it runs good, virus check runs too.


when i try to open AVGui.exe it starts up but all buttons on the right side are "grey" and i cant klick them.......is that normal or not?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-05-23 19:32

That didn't work for me either. probably incompatibilities between the 2 programs. Anyways I uninstalled that and just used the runclamd from here http://www.asspsmtp.org/wiki/ClamAV_Win32 instead

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Post by Slug » 2007-06-10 17:37

Anyone else notice the wheels fell off the latest version 30/5/07 of ClamAV32, it keeps telling me it cant parse the config file ?? :cry:

Michael
Missing Hmailserver ... Now running Debian servers

alps_xing
New user
New user
Posts: 10
Joined: 2007-06-11 04:47
Location: Beijing, China

Tips to use the latest clamav for hMailServer

Post by alps_xing » 2007-06-11 07:56

The following is the precedures to setup the latest clamAV in my win2k3 server for hMailServer. The performance is really better than ClamWin.

1. Download latest ClamAV for windows from http://w32.clamav.net/, and install it to the default locaton"C:\Program Files\clamAV".

2. Modify clamd.conf, comment this line:

Code: Select all

#FixStaleSocket yes
Set the tcpip listening address and port:

Code: Select all

TCPSocket 3310
TCPAddr 127.0.0.1
3. Install "Windows Server 2003 Resource Kit Tools" from Microsoft Website.

4. Start the windows server 2003 resource kit tools command shell from "Start->All Programs-> WIndows Server 2003 Resource Kit Tools->Command Shell".

5. Type the below command to install the clamd service:

Code: Select all

instsrv ClamAV "C:\Program Files\Windows Resource Kits\Tools\srvany.exe"
6. Create a file named "clamav.reg" with the below contents:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV\Parameters]
"Application"="C:\\Program Files\\clamAV\\clamd.exe"
Double click this file to import the item into reg table.

7. From "Start->Run->services.msc", browse the service lists, and startup "ClamAV". If it's not "Automatic", make it "Automatic".

8. Now you can use

Code: Select all

telnet 127.0.0.1 3310
to confirm the ClamAV server is running.

9. From "Start->All Programs->Accessories->System Tools->Schedule Task", add "C:\Program Files\clamAV\freshclam.exe" in the list, and configure the frequency of database updating.

10. Configure your hMailServer to use "ClamWin", but manully input the running path "C:\Program Files\clamAV\clamdscan.exe" and data path "C:\Program Files\clamAV\data", instead of using "Auto Detect".

Done now.

westdam
Senior user
Senior user
Posts: 731
Joined: 2006-08-01 21:24
Location: Padova, Italy
Contact:

Post by westdam » 2007-06-11 12:47

Slug wrote:
trofosila wrote:@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.
Ok, I am seeing the same thing. Perhaps over time this will be sorted. But in the mean time for a free AV it works very well. So I will put up with it :wink:

BTW it took just under 1 second to scan your message, not too bad I think.

Michael
hi mihael
well 1 sec it's TOO bad to scan mail... clamwin generally takes about 1 sec to scan 1 mail , if you have 100 mail simult. you will have 100 istances of clamwin for 1 sec and it depends on the load of the email...

what about w32 clamav? ( not the SOSDG ) .. it's fast? does it use a lot of CPU ?

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2007-06-11 12:53

westdam wrote: what about w32 clamav? ( not the SOSDG ) .. it's fast? does it use a lot of CPU ?
FAST:Yes and Lot of CPU:no :D I still use SOSDG but if you disable html follow up they are up to par with very few differences (the main difference is that w32 clamav comes with html follow up enabled by default, whereas SOSDG defaults it disabled).
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

jamie
Normal user
Normal user
Posts: 57
Joined: 2005-12-26 13:17
Location: A Coruña, Spain
Contact:

Well that was fun while it lasted !!!

Post by jamie » 2007-06-20 10:52

I followed the instructions and was up and running, only to discover that CLAMAV was calling ANY email with an attachment, a VIRUS, including those that had bmp signatures...

Oh well, back to the drawing board.

jamie
Normal user
Normal user
Posts: 57
Joined: 2005-12-26 13:17
Location: A Coruña, Spain
Contact:

Post by jamie » 2007-06-20 11:15

Hotlanta wrote: 4. Go into HmailServer AntiVirus and set the paths. It will not autodetect the paths since this is ClamAV and not ClamWin.

Make sure you set the executable to C:\Program Files\clamAV\clamdscan.exe and not clamscan.exe. Clamscan.exe doesn't take advantage of the clamd client, and if it loads enough times, it can crash the server. Clamdscan is much nicer with system resources (but won't screen anything if clamd isn't running).

Set the data path to C:\Program Files\clamAV\data and save it.
What DATA PATH? Where do I find an opportunity to set a data path?

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2007-06-20 11:31

In the clamwin area not the external AV settings.

westdam
Senior user
Senior user
Posts: 731
Joined: 2006-08-01 21:24
Location: Padova, Italy
Contact:

Post by westdam » 2007-07-08 16:12

damn, doesnt load the wiki for runclamd.
anyone has suggestion?

Post Reply