ClamWin Vs ClamAV
ClamWin Vs ClamAV
I have been using ClamWin for a few months now without any issue. But I thought I would have a look at the base ClamAV. Just a quick look shows that its ClamScan.Exe is 43kb in size compaired to ClamWins version which is 723kb. I am guessing that this is due to library's and the like being directly linked into the ClamWin version instead of using .Dll's. This was just my first look but I am sure there will be other differences to.
Has anyone got any ideas or have you used the ClamAV version with ME instead of the ClamWin version ?
Thanks
Martyn
Has anyone got any ideas or have you used the ClamAV version with ME instead of the ClamWin version ?
Thanks
Martyn
Re: ClamWin Vs ClamAV
Hi Martyn,MartynK wrote:
Has anyone got any ideas or have you used the ClamAV version with ME instead of the ClamWin version ?
Thanks
Martyn
I use ClamAv (the windows port) and I'm very happy with it. It has just been upgraded to a DLL build in the last few weeks wich will decrease scan times (if you use clamd) and simplify/reduce upgrades.
I tried ClamWin as well, but I feel that ClamAv is better for my purposes.
Not a huge difference by any means. ClamAv has no GUI available, but as I only run it from the command line, that's of no concern to me.
We'll have to see how things go in the future as the guy who maintains the ClamAv for Windows port is now working full time, so that may affect update lead times in the future.
There is a thread on the ClamAv forum about the differences between the two ports.
http://forums.sosdg.org/viewtopic.php?t=85
cheers,
Owen
I've been using SOSDG ClamAV for some time on my plesk 7 Windows machine, I worked great for a long time, even without ME Pro (plesk 7.0 loads it directly somehow).
I just upgraded my machine to Plesk 7.5.4 (Windows) and finally upgraded to ME Pro, The Antivirus plugin option looks great and powerfull, but unfortunatelly ClamAV its not supported by default, I read many many threads, I can only find info on how include ClamWin into the antivirus plugin.
How did you get ClamAV working with ME pro? Can you please help me out?
My goal would be to setup ClamAV (SOSDG) to scan messages, then something like F-Prot after, I woudl also want the recipient of the infected message to be notified when and infected atachment its removed.
Thanks in Advance
I just upgraded my machine to Plesk 7.5.4 (Windows) and finally upgraded to ME Pro, The Antivirus plugin option looks great and powerfull, but unfortunatelly ClamAV its not supported by default, I read many many threads, I can only find info on how include ClamWin into the antivirus plugin.
How did you get ClamAV working with ME pro? Can you please help me out?
My goal would be to setup ClamAV (SOSDG) to scan messages, then something like F-Prot after, I woudl also want the recipient of the infected message to be notified when and infected atachment its removed.
Thanks in Advance
-Andres Tinoco
PuntoWEB de Venezuela C.A.
PuntoWEB de Venezuela C.A.
-
- Posts: 19
- Joined: Tue Nov 18, 2003 6:17 am
- Location: Singapore
- Contact:
ClamAV antivirus
Hi atinoco,
The best way to use ClamAV is to use clamd because it loads up only once and runs in the memory waiting to scan for viruses. Clamd is not like the regular realtime virus scanners, it will only scan data through a client software. It works exactly like clamscan except that clamd stays in the memory and the clamd client acts as an agent for clamd to scan data.
You can check out how to run clamd in the documentation provided by ClamAV. Once you have clamd running, you can use my clamdclient to configure your ME Pro to connect to clamd. You may download it using the link below.
http://www.whiteknightconsultancy.com/d ... client.zip
The registry file included will insert the appropriate registry entries so that the clamd client configuration will appear in you antivirus list. You just need to do minor adjustments to point it to the correct path and to include the correct parameters, you can find more information and help by running clamdclient in the command line.
The best way to use ClamAV is to use clamd because it loads up only once and runs in the memory waiting to scan for viruses. Clamd is not like the regular realtime virus scanners, it will only scan data through a client software. It works exactly like clamscan except that clamd stays in the memory and the clamd client acts as an agent for clamd to scan data.
You can check out how to run clamd in the documentation provided by ClamAV. Once you have clamd running, you can use my clamdclient to configure your ME Pro to connect to clamd. You may download it using the link below.
http://www.whiteknightconsultancy.com/d ... client.zip
The registry file included will insert the appropriate registry entries so that the clamd client configuration will appear in you antivirus list. You just need to do minor adjustments to point it to the correct path and to include the correct parameters, you can find more information and help by running clamdclient in the command line.
White Knight
-
- Posts: 19
- Joined: Tue Nov 18, 2003 6:17 am
- Location: Singapore
- Contact:
-
- Posts: 19
- Joined: Tue Nov 18, 2003 6:17 am
- Location: Singapore
- Contact:
ClamAV
Hi,
I seriously recommend you to use clamd and clamdclient to connect and scan your messages. If you use clamav directly, you will find a lot of activity in your processor. I have included a link to my clamdclient a few posts up.
Regards,
Terrence
I seriously recommend you to use clamd and clamdclient to connect and scan your messages. If you use clamav directly, you will find a lot of activity in your processor. I have included a link to my clamdclient a few posts up.
Regards,
Terrence
White Knight
-
- Posts: 844
- Joined: Mon Dec 05, 2005 7:51 am
- Location: Canada
Make sure you take a look at the registry entry for Clam. I don't think it was setup correctly (you'll see why I say that in step 5 of the way I setup my clam to work).rockinthesixstring wrote:the new ME2.0 has built in support for Clam but i cant seem to get it up and running... does anyone have any idea why?
I use a windows porting of clamav from w32.clamav.net and a registry entry I found elsewhere in this forum for clam from a long time ago (had to modify it for this version of the program, but it worked well. It may have been a post by MartynK, but I am not sure, and don't want to take the time to look up the thread right now).
Here are the steps I did to make clam work for me.
1. Download and install clamav from http://w32.clamav.net. If you click on the link at the bottom for "Mirror Site". It actually takes you to the developer's site which is http://www.bandsman.co.uk/clamav.htm. Which is where you can download Powertools for clamav.
2. Download and install Powertools. (This allows you to run a windows version of clamd as a service in windows, no cygwin linux porting!)
3. Modify the clamd.conf and freshclam.conf to your liking. I changed the temp directory in the clamd.conf and the default database mirror to db.US.clamav.net since I am in the US (default is for UK). You can change the amount of times it checks for updates in here too. I changed mine to 24 checks instead of the default 12. ** After changing the .conf files you will want to restart the ClamAV service for these settings to take effect. **
4. Open a blank text document and put in this:
Code: Select all
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM]
"Antivirus Agent"="C:\\Program Files\\clamAV\\clamdscan.exe"
"Antivirus Parameters"=""[AGENT]" "[FILENAME]" --no-summary --quiet"
"Antivirus Notification Message"="WARNING: An attachment has been removed by the clamAV AntiVirus Scanner because it appears to contain a virus."
"Antivirus Scratch Directory"="C:\\TempClamAV"
"Capture Output"=dword:00000001
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001
"Message Handling"=dword:00000000
"Notification Address"="postmaster@yourdomain.com"
"Old Params"=""
"Program Info"="clamAV - A Free Antivirus for Windows. Visit w32.clamav.net for information."
"Program Name"="clamAV"
"Provider DLL"="MEAVGEN.DLL"
"Send Return Notification"=dword:00000000
"Status"=dword:00000001
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Default]
"Antivirus Agent"="C:\\Program Files\\clamAV\\clamdscan.exe"
"Antivirus Parameters"=""[AGENT]" "[FILENAME]" --no-summary --quiet"
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001
Then save this document as MEAVCLM.reg to your desktop or somewhere you know where it is. After it is saved, browse to it and right click on the file and select merge.
5. Then check the setup in the Enterprise Management Console and see if clamav is selected and hit test and if it comes back with a 1, it should be working. (I noticed after an update at one point, something screwed with my registry entry for clam, it removed "Antivirus Parameters" and a couple of other entries under that registry key. So I had to go in and remove the reg entry for it and remerge the reg file created earlier. This may be needed for installs that have a clam entry in the registry already as well. Check the registry entry to be sure in regedit and make sure it looks like the created reg file.)
6. Assuming antivirus filtering is setup, send through a few eicar test emails and check if it worked.
7. Now also on a side note you can add in updated scam and phishing signatures from http://www.sanesecurity.com/clamav/.
There is a batch file updater that checks to see if it has a newer version or not for these signatures from http://www2.sosdg.org/%7Etbb/ss-updater.zip. It only downloads if there is a new version of the file. The owner of the signatures who is very helpful I might add, really appreciates it if people would only download signatues when they are updated as bandwidth isn't free, but his signatures are.
8. I modified the batch file in the ss-updater to work with this version of clamav for the local folder setting as follows:
Code: Select all
::-[ Local path where the update should be downloaded/extracted to ]-::
SET LOCALFOLDER=C:\Progra~1\clamAV\data
10. That should be it to get clamav up and going. This makes clam run as a service locally and much more efficently than the clamscan.exe command alone. It is also much faster than SAV IMHO and much easier on system resources.
Hope this helps.
-Marcus