ClamAV for Windows
ClamAV for Windows
Hi everyone
At last there is native clamav for windows at http://w32.clamav.net.
It's merged to Clamav main development, no emulation layer, compiled with vs2005, clamd and windows service app.
Enjoy!
At last there is native clamav for windows at http://w32.clamav.net.
It's merged to Clamav main development, no emulation layer, compiled with vs2005, clamd and windows service app.
Enjoy!
I finally got the w32 version of clamav working well, and it's quite nice. This particular build uses native window code and can run as a service, so it's better than ClamWin. It also has clamd and clamdscan which makes for much more efficient running of the software since clamd has the signature files and only loads once. I found that since HMailServer is running separate threads for clamscan, that my system and memory usage was going through the roof and even crashing. Now that I'm usind clamd/clamdscan, it's running great.
Here's specifically what I did to make this work:
1. Go to http://www.bandsman.co.uk/clamav.htm and download both the windows ClamAV and the PowerTools. I used the ClamAV from http://w32.clamav.net before finding the link for the PowerTools, and I couldn't get them to work together. Once I used the version of ClamAV that came from the same site where powertools is located, they worked fine together.
2. Install ClamAV first, then install PowerTools. Do not change their default folders.
3. Powertools will set itself up as a service. It also loads freshclam (which allows for automatic updates of the virus database). Go into your Windows Services and start the ClamD service.
4. Go into HmailServer AntiVirus and set the paths. It will not autodetect the paths since this is ClamAV and not ClamWin.
Make sure you set the executable to C:\Program Files\clamAV\clamdscan.exe and not clamscan.exe. Clamscan.exe doesn't take advantage of the clamd client, and if it loads enough times, it can crash the server. Clamdscan is much nicer with system resources (but won't screen anything if clamd isn't running).
Set the data path to C:\Program Files\clamAV\data and save it.
At this point, everything should be working well. Run a test with a test file from http://www.eicar.org/anti_virus_test_file.htm . If you watch the processes running in Taskmanager as you send the email in, you can see clamd and freshclam running all the time, and clamdscan will pop up as the mail processes.
The Freshclam.conf file can be edited slightly to make it run better. Since it's based on Unix and they use line feeds instead of carriage return/linefeed for end of lines, it's a bit fun trying to edit it, but in the end, it's just a text file and notepad can handle it.
Do a search on "UK" and change it to "US". This allows it to update from the US mirror server.
Do a search on "check 24", and remove the # from the "#check 24" so that it will check for updates on an hourly basis.
Make no other edits and save it.
Here are some other odds and ends...
There is a place where you can get phishing signatures for clamav at http://www.sanesecurity.com/clamav/ .
I found an interesting downloader that only downloads updated files. I haven't had a chance to play with it yet, but you can get it at http://www2.sosdg.org/%7Etbb/ss-updater.zip
Hope this helps.
John
Here's specifically what I did to make this work:
1. Go to http://www.bandsman.co.uk/clamav.htm and download both the windows ClamAV and the PowerTools. I used the ClamAV from http://w32.clamav.net before finding the link for the PowerTools, and I couldn't get them to work together. Once I used the version of ClamAV that came from the same site where powertools is located, they worked fine together.
2. Install ClamAV first, then install PowerTools. Do not change their default folders.
3. Powertools will set itself up as a service. It also loads freshclam (which allows for automatic updates of the virus database). Go into your Windows Services and start the ClamD service.
4. Go into HmailServer AntiVirus and set the paths. It will not autodetect the paths since this is ClamAV and not ClamWin.
Make sure you set the executable to C:\Program Files\clamAV\clamdscan.exe and not clamscan.exe. Clamscan.exe doesn't take advantage of the clamd client, and if it loads enough times, it can crash the server. Clamdscan is much nicer with system resources (but won't screen anything if clamd isn't running).
Set the data path to C:\Program Files\clamAV\data and save it.
At this point, everything should be working well. Run a test with a test file from http://www.eicar.org/anti_virus_test_file.htm . If you watch the processes running in Taskmanager as you send the email in, you can see clamd and freshclam running all the time, and clamdscan will pop up as the mail processes.
The Freshclam.conf file can be edited slightly to make it run better. Since it's based on Unix and they use line feeds instead of carriage return/linefeed for end of lines, it's a bit fun trying to edit it, but in the end, it's just a text file and notepad can handle it.
Do a search on "UK" and change it to "US". This allows it to update from the US mirror server.
Do a search on "check 24", and remove the # from the "#check 24" so that it will check for updates on an hourly basis.
Make no other edits and save it.
Here are some other odds and ends...
There is a place where you can get phishing signatures for clamav at http://www.sanesecurity.com/clamav/ .
I found an interesting downloader that only downloads updated files. I haven't had a chance to play with it yet, but you can get it at http://www2.sosdg.org/%7Etbb/ss-updater.zip
Hope this helps.
John
Does anyone know how this will impact the HOWTO found below?
(See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x)
(See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x)
Slug wrote:Hey Hotlanta
what return code are you using ??
Thanks
Michael
I'm not sure what your referring to as "return code" for this. Could you be more specific?
Although hMailServer allows us to set return codes for spam, it automatically handles the return codes for AntiVirus mail that has a virus. If that's what you're referring to, then it's already handled. I'm running 4.3, and maybe that's changed since you appear to be on 4.4.
John
SureHotlanta wrote:Slug wrote: I'm not sure what your referring to as "return code" for this. Could you be more specific?
In the same section that you set the path of the external virus scanner hMs also asks for the "return value"
Without this the virus scanner wont work.
Thanks
Michael
Missing Hmailserver ... Now running Debian servers
Actually, I'm not using the external virus scanner part of this. I'm using the ClamWin part. In there, I have:Slug wrote:Hotlanta wrote:SureSlug wrote: I'm not sure what your referring to as "return code" for this. Could you be more specific?
In the same section that you set the path of the external virus scanner hMs also asks for the "return value"
Without this the virus scanner wont work.
Thanks
Michael
Use ClamWin is checked
ClamScan Executable
C:\Program Files\clamAV\clamdscan.exe
Path To ClamScan Database
C:\Program Files\clamAV\data
I'm sure you can use the other, but I didn't choose to, so I didn't have to set a return value.
Regards,
John
The return value listed in the HowTo thread (See thread: How To's | HOWTO: Use SOSDG ClamAV Daemon as Service on hMailServer 4.x) is "1." I can't guarantee this works with the Win32 native build, but I would guess so.
Has anybody switched from SOSDG to ClamAV for Windows? Is there a significant improvement regarding CPU time?
I am sending daily newsletters which contains about 20 inline images, so for every message i send there are 20 instances of clamdscan.exe which offen result in hMail hangup.
I don't want to move the virus scaning process to another machine and i am interested wich antivirus could do the job better.
Thanks,
Trofosila
I am sending daily newsletters which contains about 20 inline images, so for every message i send there are 20 instances of clamdscan.exe which offen result in hMail hangup.
I don't want to move the virus scaning process to another machine and i am interested wich antivirus could do the job better.
Thanks,
Trofosila
From what I can see, there is only one instance of clamd running. So this should fix your problem. If you can post back to let us know how you go, that would be good.trofosila wrote: I am sending daily newsletters which contains about 20 inline images, so for every message i send there are 20 instances of clamdscan.exe which offen result in hMail hangup.
Michael
Missing Hmailserver ... Now running Debian servers
There is only one instance of clamd, but i'm guessing that hMail is scaning the .eml file of the message and then it scans 20 .tmp files (witch are the images in the message - the message is multipart, 1 part text, 1 part html and then 20 parts of images). I have not found a way to inform ClamAV not to scan images in the mail body.
Anyway, i will install ClamAV for Windows and will post a conclusion regarding performance.
Anyway, i will install ClamAV for Windows and will post a conclusion regarding performance.
Current version of ClamAV for Windows has the folowing advantages over SOSDG:
- more stable (i have sent 9500 messages each containing about 20 inline images and my hMailserver is still up. Until now i was forced to stop the antivirus while i has sending newsletters).
- definetly is nicer with system resources (memory).
The minus is CPU time. It keeps my 2.8 GHz Xeon at 50% almost all the time. Maybe the guys from NJH Software will keep this in mind and next version will be better.
- more stable (i have sent 9500 messages each containing about 20 inline images and my hMailserver is still up. Until now i was forced to stop the antivirus while i has sending newsletters).
- definetly is nicer with system resources (memory).
The minus is CPU time. It keeps my 2.8 GHz Xeon at 50% almost all the time. Maybe the guys from NJH Software will keep this in mind and next version will be better.
The test server I have with ClamAv is not using 50% CPU ? is this 50% when running or 50% when idle ??trofosila wrote: The minus is CPU time. It keeps my 2.8 GHz Xeon at 50% almost all the time. Maybe the guys from NJH Software will keep this in mind and next version will be better.
Michael
Missing Hmailserver ... Now running Debian servers
@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.
Bellow is a part of a log for a single message, and this is the cause why CPU jumps to 50%
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Data\{D7396781-A218-40B1-AF91-194BD51C364D}.eml" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{E94F4974-1289-4832-ADD3-96B08F834604}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{77723B33-0B8D-4169-9B84-2C4F8E0CA2DB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{F8CD501B-43A8-4B9A-AEC1-E0A40D23CDC8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{588ADE5B-654D-45EA-B215-73B9E79311A7}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{DB913492-F642-41E3-9A41-CE8C03524A3E}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{96677E09-8FC8-4BB7-A845-8F75B8787C71}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{5BC60287-5F8C-407B-9219-D37237068643}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{A496204D-F0CB-40DC-B0D3-361AB7D08F44}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.670" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BC51B453-9520-4784-A90D-022D386D1E21}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D54BF725-1BCC-45D4-A81A-8F65D7EFACCB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BB62329C-7FB0-4C72-8CE9-758F04F08829}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D5BD9363-E658-446A-9E8A-1AECFC988F76}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{4812DC14-9A88-4164-8E54-73D1CF6A4186}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{B93DEFE5-A6B2-4358-8BA3-631BA3A8527D}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{C02924AD-17C8-4D94-814D-B6C5728037D8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::~Scan()"
As you can see the first scaned file is the .eml, but after that it scans separately every inline image. But I guess this is normal behaviour.
The only thing it would help is having a way to disable virus scaning from localhost or local network (i know it is a poll on this forum for such a feature), or a better antivirus.
Bellow is a part of a log for a single message, and this is the cause why CPU jumps to 50%
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Data\{D7396781-A218-40B1-AF91-194BD51C364D}.eml" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.107" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{E94F4974-1289-4832-ADD3-96B08F834604}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.170" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{77723B33-0B8D-4169-9B84-2C4F8E0CA2DB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.232" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{F8CD501B-43A8-4B9A-AEC1-E0A40D23CDC8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.295" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{588ADE5B-654D-45EA-B215-73B9E79311A7}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.357" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{DB913492-F642-41E3-9A41-CE8C03524A3E}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.420" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{96677E09-8FC8-4BB7-A845-8F75B8787C71}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.482" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{5BC60287-5F8C-407B-9219-D37237068643}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.545" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{A496204D-F0CB-40DC-B0D3-361AB7D08F44}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.607" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.670" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BC51B453-9520-4784-A90D-022D386D1E21}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.685" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D54BF725-1BCC-45D4-A81A-8F65D7EFACCB}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.748" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{BB62329C-7FB0-4C72-8CE9-758F04F08829}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.810" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{D5BD9363-E658-446A-9E8A-1AECFC988F76}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.873" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{4812DC14-9A88-4164-8E54-73D1CF6A4186}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.935" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{B93DEFE5-A6B2-4358-8BA3-631BA3A8527D}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::~Scan()"
"DEBUG" 3636 "2007-02-06 19:51:11.998" "CustomVirusScanner::Scan()"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::Scan() - C:\clamav-devel\bin\clamdscan.exe --no-summary --stdout "D:\hMailServer\Temp\{C02924AD-17C8-4D94-814D-B6C5728037D8}.tmp" - Returned 0"
"DEBUG" 3636 "2007-02-06 19:51:12.060" "CustomVirusScanner::~Scan()"
As you can see the first scaned file is the .eml, but after that it scans separately every inline image. But I guess this is normal behaviour.
The only thing it would help is having a way to disable virus scaning from localhost or local network (i know it is a poll on this forum for such a feature), or a better antivirus.
Ok, I am seeing the same thing. Perhaps over time this will be sorted. But in the mean time for a free AV it works very well. So I will put up with ittrofosila wrote:@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.
BTW it took just under 1 second to scan your message, not too bad I think.
Michael
Missing Hmailserver ... Now running Debian servers
On the url you given you can’t download ClamAVHotlanta wrote: Here's specifically what I did to make this work:
1. Go to http://www.bandsman.co.uk/clamav.htm and download both the windows ClamAV and the PowerTools. I used the ClamAV from http://w32.clamav.net before finding the link for the PowerTools, and I couldn't get them to work together. Once I used the version of ClamAV that came from the same site where powertools is located, they worked fine together.
Anymore so I downloaded it from http://w32.clamav.net/. Only Power tools, as you mention, doesn’t work then.
My question, do I need power tools. What is the profit of it.
@Slug:
ClamAV trully does a great job, but in my case i'm forced do disable virus scanning while i send the newsletter.
I send daily about 9500 messages, one every 3 seconds and it does kill the CPU and after few messages are sent, hMailServer stops delivering emails (marks them with "As soon as posible").
While i was using Qmail i could disable virus scaning for outgoing emails.
Maybe this is what hMailServer is missing: an option for not scaning outgoing emails.
And maybe Martin will tell us if he has plans to do such a feature.
ClamAV trully does a great job, but in my case i'm forced do disable virus scanning while i send the newsletter.
I send daily about 9500 messages, one every 3 seconds and it does kill the CPU and after few messages are sent, hMailServer stops delivering emails (marks them with "As soon as posible").
While i was using Qmail i could disable virus scaning for outgoing emails.
Maybe this is what hMailServer is missing: an option for not scaning outgoing emails.
And maybe Martin will tell us if he has plans to do such a feature.
Search the feature section, I thought someone asked for this. If its not there add a feature request for it. If you don't then it will never be addedtrofosila wrote: Maybe this is what hMailServer is missing: an option for not scaning outgoing emails.
Michael
Missing Hmailserver ... Now running Debian servers
Yeah I did although it was for IPRanges rather than outgoing.
http://www.hmailserver.com/forum/viewtopic.php?t=5865
http://www.hmailserver.com/forum/viewtopic.php?t=5865
Strange…
I’m now trying this http://www.hmailserver.com/forum/viewtopic.php?p=46195. Can anyone tell what the difference is between these two installations?
I’m now trying this http://www.hmailserver.com/forum/viewtopic.php?p=46195. Can anyone tell what the difference is between these two installations?
Hi All,
Which of these two installations works better? The ClamAV for wwindows or the one that uses the cygwin layer?
It appears that the one that uses cygwin is a much smaller installation and pretty straightforward to get setup. The one for windows is a much larger installation and of course, harder to setup especially in combination with powertools.
What do you think? Is there any need to get rid of the SOSDG installation and replace it with the new one?
Which of these two installations works better? The ClamAV for wwindows or the one that uses the cygwin layer?
It appears that the one that uses cygwin is a much smaller installation and pretty straightforward to get setup. The one for windows is a much larger installation and of course, harder to setup especially in combination with powertools.
What do you think? Is there any need to get rid of the SOSDG installation and replace it with the new one?
I had ClamWin installed (which hM have native support for)
I uninstalled (no need to reboot, seems like it is just a shell-ext dll left after uninstall) and used versions of powertool and ClamAV linked in this thread. OMG... What a difference. I had to actually send myself some "viruses" just to make sure it did in fact work. [http://www.aleph-tec.com/eicar/index.php]
Talk about difference in speed...
It would be really nice if hM had native support (auto detecting paths) for clamdscan as well, ClamWin really is not an option in the long run. It uses way to much CPU/mem compared to clamdscan
I uninstalled (no need to reboot, seems like it is just a shell-ext dll left after uninstall) and used versions of powertool and ClamAV linked in this thread. OMG... What a difference. I had to actually send myself some "viruses" just to make sure it did in fact work. [http://www.aleph-tec.com/eicar/index.php]
Talk about difference in speed...
It would be really nice if hM had native support (auto detecting paths) for clamdscan as well, ClamWin really is not an option in the long run. It uses way to much CPU/mem compared to clamdscan
hM 4.4.1 on WHS
anyone notice the licensing for PowerTools?
So what are the downsides for hMailServer to not using PowerTools? I haven't tested yet but I guess it will be, having to schedule freshclam manually.
EDIT:
OK, to answer my own question... yes schedule freshclam, but runclamd.exe is needed to setup the service, as found here: http://www.asspsmtp.org/wiki/ClamAV_Win32
Yet no more information on the commercial aspect.Power Tools (25/9/06): This software is free for personal use. Commercial licences and support agreements are available from NJH Software. No warranty is made either explicitly or implicitly for its use.
So what are the downsides for hMailServer to not using PowerTools? I haven't tested yet but I guess it will be, having to schedule freshclam manually.
EDIT:
OK, to answer my own question... yes schedule freshclam, but runclamd.exe is needed to setup the service, as found here: http://www.asspsmtp.org/wiki/ClamAV_Win32
Ever since I switched over from ClamWin to ClamAV I've had to restart the server every couple of days because the memory usage of the ClamAV service is going through the roof. I just checked then, and memory usage is at 245Meg.
Is anyone else experiencing this problem? I downloaded ClamAV & Powertools, and followed the instructions in Hotlanta's post above.
Thanks
Nick
Is anyone else experiencing this problem? I downloaded ClamAV & Powertools, and followed the instructions in Hotlanta's post above.
Thanks
Nick
Hi, I've just downloaded what I believe is to be the latest version (it's an april version as opposed to the february one I was running before).
It's only been running for half an hour or so, and the memory seems to be sitting around the 40meg level. It's crept up, and dropped down to 34, but at least it's not continuely increasing. I'll monitor it over the next 24 hours and see how it goes.
The last version I was running came from the bandsman link (mentioned above), but this version I just installed came from the w32.clamav.net server? Does anyone know if there are any differences?
Thanks again
Nick
It's only been running for half an hour or so, and the memory seems to be sitting around the 40meg level. It's crept up, and dropped down to 34, but at least it's not continuely increasing. I'll monitor it over the next 24 hours and see how it goes.
The last version I was running came from the bandsman link (mentioned above), but this version I just installed came from the w32.clamav.net server? Does anyone know if there are any differences?
Thanks again
Nick
Hey All,
I just installed the latest version of ClamAV and Powertools on my production system.
If you follow hotlanta's guide missing out the service starting step (ClamD as it is now already started for you) the rest works flawlessly.
Amazed at speed increase, I thought it would be only slightly faster, heh I was wrong. My memory usage dropped from a little over 300mb down to 220 and CPU peaks at around 5% now instead of 50 .. Wish I had done this sooner
I just installed the latest version of ClamAV and Powertools on my production system.
If you follow hotlanta's guide missing out the service starting step (ClamD as it is now already started for you) the rest works flawlessly.
Amazed at speed increase, I thought it would be only slightly faster, heh I was wrong. My memory usage dropped from a little over 300mb down to 220 and CPU peaks at around 5% now instead of 50 .. Wish I had done this sooner
yes, instructions and download link here:
http://www.asspsmtp.org/wiki/ClamAV_Win32
skipping the ASSP section
you will also have to set a scheduled task for freshclam.exe (to get updates however often you want)
http://www.asspsmtp.org/wiki/ClamAV_Win32
skipping the ASSP section
you will also have to set a scheduled task for freshclam.exe (to get updates however often you want)
- Hosters.at
- New user
- Posts: 20
- Joined: 2006-09-08 16:29
- Location: Austria
- Contact:
That didn't work for me either. probably incompatibilities between the 2 programs. Anyways I uninstalled that and just used the runclamd from here http://www.asspsmtp.org/wiki/ClamAV_Win32 instead
Tips to use the latest clamav for hMailServer
The following is the precedures to setup the latest clamAV in my win2k3 server for hMailServer. The performance is really better than ClamWin.
1. Download latest ClamAV for windows from http://w32.clamav.net/, and install it to the default locaton"C:\Program Files\clamAV".
2. Modify clamd.conf, comment this line:
Set the tcpip listening address and port:
3. Install "Windows Server 2003 Resource Kit Tools" from Microsoft Website.
4. Start the windows server 2003 resource kit tools command shell from "Start->All Programs-> WIndows Server 2003 Resource Kit Tools->Command Shell".
5. Type the below command to install the clamd service:
6. Create a file named "clamav.reg" with the below contents:
Double click this file to import the item into reg table.
7. From "Start->Run->services.msc", browse the service lists, and startup "ClamAV". If it's not "Automatic", make it "Automatic".
8. Now you can use to confirm the ClamAV server is running.
9. From "Start->All Programs->Accessories->System Tools->Schedule Task", add "C:\Program Files\clamAV\freshclam.exe" in the list, and configure the frequency of database updating.
10. Configure your hMailServer to use "ClamWin", but manully input the running path "C:\Program Files\clamAV\clamdscan.exe" and data path "C:\Program Files\clamAV\data", instead of using "Auto Detect".
Done now.
1. Download latest ClamAV for windows from http://w32.clamav.net/, and install it to the default locaton"C:\Program Files\clamAV".
2. Modify clamd.conf, comment this line:
Code: Select all
#FixStaleSocket yes
Code: Select all
TCPSocket 3310
TCPAddr 127.0.0.1
4. Start the windows server 2003 resource kit tools command shell from "Start->All Programs-> WIndows Server 2003 Resource Kit Tools->Command Shell".
5. Type the below command to install the clamd service:
Code: Select all
instsrv ClamAV "C:\Program Files\Windows Resource Kits\Tools\srvany.exe"
Code: Select all
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV\Parameters]
"Application"="C:\\Program Files\\clamAV\\clamd.exe"
7. From "Start->Run->services.msc", browse the service lists, and startup "ClamAV". If it's not "Automatic", make it "Automatic".
8. Now you can use
Code: Select all
telnet 127.0.0.1 3310
9. From "Start->All Programs->Accessories->System Tools->Schedule Task", add "C:\Program Files\clamAV\freshclam.exe" in the list, and configure the frequency of database updating.
10. Configure your hMailServer to use "ClamWin", but manully input the running path "C:\Program Files\clamAV\clamdscan.exe" and data path "C:\Program Files\clamAV\data", instead of using "Auto Detect".
Done now.
hi mihaelSlug wrote:Ok, I am seeing the same thing. Perhaps over time this will be sorted. But in the mean time for a free AV it works very well. So I will put up with ittrofosila wrote:@Michael: 50% just after hMailserver receive a message. When iddle CPU is below 5%.
BTW it took just under 1 second to scan your message, not too bad I think.
Michael
well 1 sec it's TOO bad to scan mail... clamwin generally takes about 1 sec to scan 1 mail , if you have 100 mail simult. you will have 100 istances of clamwin for 1 sec and it depends on the load of the email...
what about w32 clamav? ( not the SOSDG ) .. it's fast? does it use a lot of CPU ?
FAST:Yes and Lot of CPU:no I still use SOSDG but if you disable html follow up they are up to par with very few differences (the main difference is that w32 clamav comes with html follow up enabled by default, whereas SOSDG defaults it disabled).westdam wrote: what about w32 clamav? ( not the SOSDG ) .. it's fast? does it use a lot of CPU ?
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)
Well that was fun while it lasted !!!
I followed the instructions and was up and running, only to discover that CLAMAV was calling ANY email with an attachment, a VIRUS, including those that had bmp signatures...
Oh well, back to the drawing board.
Oh well, back to the drawing board.
What DATA PATH? Where do I find an opportunity to set a data path?Hotlanta wrote: 4. Go into HmailServer AntiVirus and set the paths. It will not autodetect the paths since this is ClamAV and not ClamWin.
Make sure you set the executable to C:\Program Files\clamAV\clamdscan.exe and not clamscan.exe. Clamscan.exe doesn't take advantage of the clamd client, and if it loads enough times, it can crash the server. Clamdscan is much nicer with system resources (but won't screen anything if clamd isn't running).
Set the data path to C:\Program Files\clamAV\data and save it.