ClamWin Vs ClamAV

Discussion, support and announcements for third party applications that work with MailEnable.
Post Reply
MartynK
Posts: 1376
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

ClamWin Vs ClamAV

Post by MartynK »

I have been using ClamWin for a few months now without any issue. But I thought I would have a look at the base ClamAV. Just a quick look shows that its ClamScan.Exe is 43kb in size compaired to ClamWins version which is 723kb. I am guessing that this is due to library's and the like being directly linked into the ClamWin version instead of using .Dll's. This was just my first look but I am sure there will be other differences to.

Has anyone got any ideas or have you used the ClamAV version with ME instead of the ClamWin version ?

Thanks

Martyn

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX »

From what I can tell, ClamAV is unix/linux based. ClamWin is a windows wrapper for ClamAV.

MartynK
Posts: 1376
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK »

There is a straight Windows compile of the ClamAV software.

All the ClamWin build does it takes the main source and adds a nice windows front end.

So at the end of the day you can use both because they both have the program "ClamScan".

OwenD
Posts: 39
Joined: Wed Sep 22, 2004 7:33 am
Location: Gladstone - Australia

Re: ClamWin Vs ClamAV

Post by OwenD »

MartynK wrote:
Has anyone got any ideas or have you used the ClamAV version with ME instead of the ClamWin version ?

Thanks

Martyn
Hi Martyn,
I use ClamAv (the windows port) and I'm very happy with it. It has just been upgraded to a DLL build in the last few weeks wich will decrease scan times (if you use clamd) and simplify/reduce upgrades.
I tried ClamWin as well, but I feel that ClamAv is better for my purposes.
Not a huge difference by any means. ClamAv has no GUI available, but as I only run it from the command line, that's of no concern to me.
We'll have to see how things go in the future as the guy who maintains the ClamAv for Windows port is now working full time, so that may affect update lead times in the future.
There is a thread on the ClamAv forum about the differences between the two ports.
http://forums.sosdg.org/viewtopic.php?t=85

cheers,
Owen

atinoco
Posts: 19
Joined: Tue Jun 21, 2005 4:56 pm

Post by atinoco »

I've been using SOSDG ClamAV for some time on my plesk 7 Windows machine, I worked great for a long time, even without ME Pro (plesk 7.0 loads it directly somehow).

I just upgraded my machine to Plesk 7.5.4 (Windows) and finally upgraded to ME Pro, The Antivirus plugin option looks great and powerfull, but unfortunatelly ClamAV its not supported by default, I read many many threads, I can only find info on how include ClamWin into the antivirus plugin.

How did you get ClamAV working with ME pro? Can you please help me out?

My goal would be to setup ClamAV (SOSDG) to scan messages, then something like F-Prot after, I woudl also want the recipient of the infected message to be notified when and infected atachment its removed.

Thanks in Advance
-Andres Tinoco
PuntoWEB de Venezuela C.A.

whiteknight
Posts: 19
Joined: Tue Nov 18, 2003 6:17 am
Location: Singapore
Contact:

ClamAV antivirus

Post by whiteknight »

Hi atinoco,

The best way to use ClamAV is to use clamd because it loads up only once and runs in the memory waiting to scan for viruses. Clamd is not like the regular realtime virus scanners, it will only scan data through a client software. It works exactly like clamscan except that clamd stays in the memory and the clamd client acts as an agent for clamd to scan data.
You can check out how to run clamd in the documentation provided by ClamAV. Once you have clamd running, you can use my clamdclient to configure your ME Pro to connect to clamd. You may download it using the link below.
http://www.whiteknightconsultancy.com/d ... client.zip
The registry file included will insert the appropriate registry entries so that the clamd client configuration will appear in you antivirus list. You just need to do minor adjustments to point it to the correct path and to include the correct parameters, you can find more information and help by running clamdclient in the command line.
White Knight

wisp
Posts: 217
Joined: Sun Jan 29, 2006 12:26 am

Post by wisp »

Would this work with Enterprise edition?

whiteknight
Posts: 19
Joined: Tue Nov 18, 2003 6:17 am
Location: Singapore
Contact:

Post by whiteknight »

These programs are external to MailEnable. However I believe there should not be any problems with Enterprise Edition.
White Knight

MartynK
Posts: 1376
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK »

I use ClamWin in two Enterprise system and also a Professional development system. All works fine.

alberto
Posts: 12
Joined: Fri Mar 18, 2005 10:23 am

Post by alberto »

is it possible to use clamav with mailenable standard?
if yes can you please give me a link with an how to or something like that?

thank you.

whiteknight
Posts: 19
Joined: Tue Nov 18, 2003 6:17 am
Location: Singapore
Contact:

ClamAV

Post by whiteknight »

Hi,
I seriously recommend you to use clamd and clamdclient to connect and scan your messages. If you use clamav directly, you will find a lot of activity in your processor. I have included a link to my clamdclient a few posts up.

Regards,
Terrence
White Knight

LumTech
Posts: 6
Joined: Wed Jun 28, 2006 4:16 am

Post by LumTech »

whiteknight,

I got your clamdclient working (it stops e-mails with the EICAR test from going through), but it just deletes the e-mail completely I think, instead of allowing it through. How would I test this better?

David

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring »

the new ME2.0 has built in support for Clam but i cant seem to get it up and running... does anyone have any idea why?
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

rchinasky
Posts: 8
Joined: Tue Jun 07, 2005 5:21 pm

Post by rchinasky »

rockinthesixstring wrote:the new ME2.0 has built in support for Clam but i cant seem to get it up and running... does anyone have any idea why?
It happens the same for me. I could not make it work ...

Marconius
Posts: 47
Joined: Wed Oct 11, 2006 6:55 pm

Post by Marconius »

rockinthesixstring wrote:the new ME2.0 has built in support for Clam but i cant seem to get it up and running... does anyone have any idea why?
Make sure you take a look at the registry entry for Clam. I don't think it was setup correctly (you'll see why I say that in step 5 of the way I setup my clam to work).

I use a windows porting of clamav from w32.clamav.net and a registry entry I found elsewhere in this forum for clam from a long time ago (had to modify it for this version of the program, but it worked well. It may have been a post by MartynK, but I am not sure, and don't want to take the time to look up the thread right now).

Here are the steps I did to make clam work for me.

1. Download and install clamav from http://w32.clamav.net. If you click on the link at the bottom for "Mirror Site". It actually takes you to the developer's site which is http://www.bandsman.co.uk/clamav.htm. Which is where you can download Powertools for clamav.
2. Download and install Powertools. (This allows you to run a windows version of clamd as a service in windows, no cygwin linux porting!)
3. Modify the clamd.conf and freshclam.conf to your liking. I changed the temp directory in the clamd.conf and the default database mirror to db.US.clamav.net since I am in the US (default is for UK). You can change the amount of times it checks for updates in here too. I changed mine to 24 checks instead of the default 12. ** After changing the .conf files you will want to restart the ClamAV service for these settings to take effect. **
4. Open a blank text document and put in this:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM]
"Antivirus Agent"="C:\\Program Files\\clamAV\\clamdscan.exe"
"Antivirus Parameters"=""[AGENT]" "[FILENAME]" --no-summary --quiet"
"Antivirus Notification Message"="WARNING: An attachment has been removed by the clamAV AntiVirus Scanner because it appears to contain a virus."
"Antivirus Scratch Directory"="C:\\TempClamAV"
"Capture Output"=dword:00000001
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001
"Message Handling"=dword:00000000
"Notification Address"="postmaster@yourdomain.com"
"Old Params"=""
"Program Info"="clamAV - A Free Antivirus for Windows. Visit w32.clamav.net for information."
"Program Name"="clamAV"
"Provider DLL"="MEAVGEN.DLL"
"Send Return Notification"=dword:00000000
"Status"=dword:00000001
"Type"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Default]
"Antivirus Agent"="C:\\Program Files\\clamAV\\clamdscan.exe"
"Antivirus Parameters"=""[AGENT]" "[FILENAME]" --no-summary --quiet"
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001

(For the scratch directory setting, I put in my own directory instead of the mailenable one, because I had issues getting it to work. Make sure if you use this setting to create a directory that matches whatever scratch directory is in the regfile, as you see from my example all I did was create a folder in the c drive called TempClamAV. Also you need to change the postmaster@yourdomain to the proper email for your domain. I send it an administrative email that I just use to keep a running tally of caught virus messages.)

Then save this document as MEAVCLM.reg to your desktop or somewhere you know where it is. After it is saved, browse to it and right click on the file and select merge.

5. Then check the setup in the Enterprise Management Console and see if clamav is selected and hit test and if it comes back with a 1, it should be working. (I noticed after an update at one point, something screwed with my registry entry for clam, it removed "Antivirus Parameters" and a couple of other entries under that registry key. So I had to go in and remove the reg entry for it and remerge the reg file created earlier. This may be needed for installs that have a clam entry in the registry already as well. Check the registry entry to be sure in regedit and make sure it looks like the created reg file.)

6. Assuming antivirus filtering is setup, send through a few eicar test emails and check if it worked.

7. Now also on a side note you can add in updated scam and phishing signatures from http://www.sanesecurity.com/clamav/.
There is a batch file updater that checks to see if it has a newer version or not for these signatures from http://www2.sosdg.org/%7Etbb/ss-updater.zip. It only downloads if there is a new version of the file. The owner of the signatures who is very helpful I might add, really appreciates it if people would only download signatues when they are updated as bandwidth isn't free, but his signatures are. :)

8. I modified the batch file in the ss-updater to work with this version of clamav for the local folder setting as follows:

Code: Select all

::-[ Local path where the update should be downloaded/extracted to ]-::

SET LOCALFOLDER=C:\Progra~1\clamAV\data
9. Now after you get all that setup, make it run as a scheduled job 4 times a day and that should be plenty good enough for the amount that they update.

10. That should be it to get clamav up and going. This makes clam run as a service locally and much more efficently than the clamscan.exe command alone. It is also much faster than SAV IMHO and much easier on system resources.

Hope this helps.

-Marcus

Post Reply