Clamwin doesnt come as a service. ClamAV does, but it doesnt have a usable GUI like Clamwin such as a system tray, on demand Scan in Context Menu and quarantine program.
This procedure details how to easily use Clamwin for its prettiness, but as a service as ClamAV...easily. Running as a service provides the ability to pass threads to it on port 3310. As it is multithreaded it is therefore lower on system resources and faster.
An example to demonstrate the benefits:
Using the Hmailserver TEST button, the time taken to respond with result:
Clamwin (if chosen as the preferred antivirus option) = 20 seconds (visible CPU increased to 24% in the system's taskmanager monitor)
ClamAV service = 5 seconds (and no visible CPU increase).
I then tried the tests again but by launching THREE test all at the same time and they all performed inline with above tests (all clamav service returned 5 secs and no CPU, clamwin sent CPU to 70odd percent with 3 separate processes being launched).
A LOT quicker for mail scanning and with less system resources. A high usage system will crumble using Clamwin alone.
HOW TO IMPLEMENT
You will need:
A, the installation set of Clamwin (if you havent already done it) from clamwin.com and
B, the ported Zip file of "clamav-win32-A.BB.c.7Z" from http://oss.netfarm.it/clamav/ "[Download Binaries]" section (which is an unofficial windows port of Clamav, used to create Clamwin, where A.BB.c is the version number). We need this Zip as we are going to use 2 files from it. Get it from the "Current Stable" under [Download Binaries] and ensure the version number matches the same version of Clamwin.
C, To read the whole of this post for further information on making Clam actually effective (with the use of 3rd party definitions).
BEFORE BEGINNING: It is important to ensure that Clamwin (A) and the Clamd port (B) are of the same version. ie, "v0.99" clamwin is not the same as "v0.98.7" clamd
If not, then you will have to abort this procedure until they do become the same version (or contact someone here to see if they have copies of versions that do match . Read this full thread for possible contributions where matching versions have already been posted. eg Page 3: viewtopic.php?p=204122#p204122)
1, Install Clamwin ((A) above). Run it, be happy. (I will assume all default file locations for the sake of this instruction*).
2, Open the 7Z zip file (downloaded from netfarm (B)- above) and extract CLAMD.EXE and CLAMD.CONF.
3, Copy those 2 files in to the Clamwin program directory (usually: %ProgramFiles(x86)%\ClamWin\bin\)*
4, With text editor (eg notepad) edit CLAMD.CONF and change the following 2 lines (leaving the other lines alone):
LogFile C:\Program Files (x86)\ClamWin\bin\clamd.log
(Note: the above reflects default locations and is the representation for ENGLISH language operating systems. You should reword the program directory to reflect your OS language. You can place the log file where you wish, and the 'DatabaseDirectory' must reflect your existing Clamwin DB directory - refer to clamwin.conf locations if unsure whether you have changed it or not).
5, From command line (CMD), cd to the program directory %ProgramFiles(x86)%\ClamWin\bin* and run:
This installs the service called "ClamWin Free Antivirus Scanner Service" running clamd.exe
*Usually the DEFAULT locations for installation is %ProgramFiles(x86)%\ClamWin\bin\ (with anecdotal evidence it might be %ProgramFiles%\ClamWin\bin\ for Win8+). If you choose to change from them then ensure you change CONF files and placement of ClamD.exe consistent with your choice.
6, Go to windows SERVICES ('services.msc') and search for the service, right click and Properties of the service, and change it to
Startup Type = AUTOMATIC.
You may then click START to run the service.
7, In Hmailserver - Settings - Antivirus, Choose ClamAV as the selected antivirus option (do not enable 'Clamwin'!).
8, In Hmailserver - Settings - Antivirus, GENERAL tab, enter 26214 for 'Maximum Message Size To Scan' **
** By default Clamd service will allow an upper limit of 25MB for each mail message being passed to it. If it receives an email message from HMS larger than this (26,214,400 bytes) then HMS will error in this event. 26214 is the HMS equivalent in KB and prevents this scenario (25*1048576/1000). If you wish to lower this File scan size limit in Clamd, then modify CLAMD.CONF (in (4) above) and add the following line:
where '20M' means 20MB ('18M' would be 18MB etc). The same value should then be set in HMS by changing from 26214 to the new rounded down value calculated thus:
- value (M) * 1048576 / 1000
(The definition database update that gets performed by Clamwin scheduler (in Preferences) will get loaded and included into the Clamd service within 10 minutes due to the service automatically checking the database for changes every 600 seconds and reloading it if changes are found).
For UPDATING your existing installation, see the foot of this post "UPDATING VERSIONS OF CLAMWIN/CLAMD"
Hope you find this useful.
Now for a gripe (dont worry I still advocate using the service but do read on......)
I performed a test of the system with REAL email viruses recently proliferating around the net. It took me ages, though, to find a virus that Clam recognises - I tried 3 different ones that came in over the last 10 days and none were recognised. I had to go back 3 weeks before I found one with a definition Clam knew about. It kind of makes me wonder really how effective Clam is. 3 weeks before getting updated effective definitions is ridiculous (especially considering the effectiveness of new viruses are in the first 36 hours after which the proliferation usually drops and MOST antivirus definitions get updated to catch them. 36 hours, not 3 weeks!!)
My conclusion, the Clamd service with Clamwin does work as we want it to and is quick.....but overall Clam simply is pants for stopping REAL threat viruses. So why bother?!
18 months after writing the above installation and then denouncing the worthiness of Clam, I now have an update that makes all this worth while and Clamwin+clamd as a viable option. I recommend you now implement Sane Security 3rd party definitions - read and action against this post below: viewtopic.php?p=180258#p180258. Consequently I stand by and recommend this as a solution. (More information on Memory Usage of Clam + 3rd party definitions can be found here: http://lists.clamav.net/pipermail/clama ... 03903.html)
I will advise, however, to exercise caution if using on-demand or Scheduled Scans feature with Clam/Clamwin. Experience shows me that Clamwin is unreliable in its default definitions not only being unproductive against actual threats, but also have an extremely (sometimes infeasibly) high level of false positives. Recently, I and many other users had their windows servers effectively disabled overnight due to a signature that effectively quarantined (deleted) a vast amount of genuine windows DLL's during an overnight scan, including removing Hmailserver program/DLL's and its own clamwin DLLs!. (More info: http://forums.clamwin.com/viewtopic.php?p=18970#18970 and http://forums.clamwin.com/viewtopic.php?t=4371).
MY ADVICE: If you choose to perform on-demand or periodical scans of your disks using Clamwin, I urge you to modify the configuration window ('Clamwin Preferences - General) to ensure you have:
- "Infected Files" set to "Report Only"
"Unload Infected Programs From Memory" - UNTICKED
UPDATING VERSIONS OF CLAMWIN/CLAMD
Both Clamwin and Clamd need to be at the same version. (eg both at v0.99 or whatever is available at the time). When a new version of Clamwin is released, and the Clamd equivalent version is also available to match, then the following upgrade procedure should be followed:
1, Disable ANTIVIRUS scanning within hmailserver
then as privileged ADMINISTRATOR cmd:
2, type "net stop clamd" (this stops the Clamd service)
3, type "sc delete clamd" (this deletes the existing clamd service)
4, run the install of the latest Clamwin over the top of current installation and reboot if prompted.
TIP: As you are upgrading you may wish to download the program only without the database signatures (8MB instead of 120MB). You can obtain this (and the full included version) from its development page (look for the clamwin-0.9x.x-setup-nodb.exe version) at https://sourceforge.net/projects/clamwin/files/clamwin/
5, Copy over the new Clamd.exe (only) from the http://oss.netfarm.it/clamav/ site (as per installation instructions above in "PROCEDURE" (2) and (3) )
6, Run the "Clamd --install" command (as per instructions above)
7, reset the service (modify the startup options etc) and restart the Clamd service and re-enable Antivirus in HMS and test (as per instructions above)
That should do you.