ClamAV antivirus

Discussions on webmail and the Professional version.
Post Reply
Cwizard

ClamWin AV

Post by Cwizard » Thu Sep 16, 2004 12:41 am

Thanks for the info on how to install ClamWin, unfortunatly I hit one problem, when trying to add MEAVCLM to the processing order, it was not there.

I have HKLM\Software\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Default but none of the folders contain Processing order.

If I have to add it manually, please explain in FULL detail how to do it as I am not familiar with editing the registry!

This sounds like a great AV solution, ypour help would be appreciated.

Nick

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX » Wed Sep 22, 2004 11:36 am

What settings need to be set in the mmc for MTA to work with ClamAV?

paarlberg
Posts: 1071
Joined: Tue Mar 02, 2004 7:33 pm
Location: Atlanta, GA, USA

Post by paarlberg » Wed Sep 22, 2004 12:16 pm

You can copy this to a .reg file and import it into the registry..

Code: Select all

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters]
"Processing Order"="MEAVCLM,MEAVFPI,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MTAFILTER"
"Enabled"=dword:00000001
"Process Timeout"=dword:00004e20
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM]
"Antivirus Agent"="C:\\Program Files\\ClamWin\\bin\\clamscan.exe"
"Antivirus Notification Message"="WARNING: An attachment has been removed by the ClamWin AntiVirus Scanner because it appears to contain a virus."
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" --no-summary --database=\"C:\\Program Files\\ClamWin\\VirusDB\" --tempdir=\"C:\\Program Files\\Mail Enable\\Scratch\" "
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch"
"Capture Output"=dword:00000001
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001
"Message Handling"=dword:00000000
"Notification Address"="clamwin@baspnet.net"
"Old Params"=""
"Program Info"="ClamWin - A Free Antivirus for Windows. Visit www.claimwin.org for information."
"Program Name"="ClamWin"
"Provider DLL"="MEAVGEN.DLL"
"Send Return Notification"=dword:00000000
"Status"=dword:00000001
"Type"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Default]
"Antivirus Agent"="C:\\Program Files\\ClamWin\\bin\\clamscan.exe"
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" --no-summary --database=\"C:\\Program Files\\ClamWin\\VirusDB\" --tempdir=\"C:\\Program Files\\Mail Enable\\Scratch\" "
"Exit Code Enabled"=dword:00000001
"Exit Codes"="1"
"Exit Codes Error Inclusive"=dword:00000001

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX » Mon Sep 27, 2004 2:14 pm

Does ClamAV automatically update virus definitions? How do you configure that with this setup?

MartynK
Posts: 1364
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK » Mon Sep 27, 2004 2:23 pm

Yes it does, If I remember, by default it does on a daily basis, I have changed it to run on an hourly basis.

MrK
Posts: 66
Joined: Wed Jun 25, 2003 1:54 pm
Location: UK

Post by MrK » Tue Sep 28, 2004 7:11 pm

If your mail server is logged in and the tray application is running it updates the definitions automatically based on the settings you specify under the "Internet Updates" tab of the preferences screen.

If you log the server out you can use freshclam.exe to update the definitions, but configuration isn't as straightforward. We've scheduled freshclam.exe to run every hour which has been working fine so far. If you need help with a configuration file for freshclam.exe let me know and I'll post ours once I'm back in the office.

Really impressed with ClamAV so far, 100% catch-rate in our tests! :)

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX » Wed Sep 29, 2004 12:45 pm

Can you post your freshdam.exe config?

Thanks.

MrK
Posts: 66
Joined: Wed Jun 25, 2003 1:54 pm
Location: UK

Post by MrK » Wed Sep 29, 2004 1:08 pm

Oops, meant to post it earlier...

Copy the following into a text file and save it as "FreshClam.conf" in the "bin" directory under your ClamWin install dir. Change the paths so they match your installation. If you installed ClamAV under the "Program Files" directory make sure you keep the path as "Progra~1" because it wont allow spaces even if you try using quotes (that applies to the whole path actually, no spaces anywhere).

Code: Select all

##
## config file for freshclam
##

# Path to the directory containing your Virus database files
DatabaseDirectory C:\Progra~1\ClamWin\VirusDB

# FQDN of Clam database mirror to download definitions
DatabaseMirror database.clamav.net

# Log file path 
UpdateLogFile C:\Progra~1\ClamWin\Logs\ClamUpdateLog.txt

# Number of connection attempts to make before giving up
MaxAttempts 3

# Enable verbose logging
#LogVerbose

# Proxy server settings
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
As you can see we don't have verbose logging enabled but I've left it in there in case you want to try it. Same goes for the HTTP proxy items if you need them, if you're on a direct connection leave them commented out. There are other options but these are the only ones we've found to be necessary under Windows.

Now create a scheduled task to run the following command, remembering to change the path to suit your own installation...

Code: Select all

C:\Progra~1\ClamWin\bin\freshclam.exe --config-file="C:\Progra~1\ClamWin\bin\FreshClam.conf"
Schedule it to run at your desired interval, we have it running every hour. Don't forget to run the task as an account that has write permissions to the virus DB and log file directories.

I think that's everything - hope it helps!

Martin
Last edited by MrK on Fri Oct 01, 2004 2:37 pm, edited 1 time in total.

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX » Fri Oct 01, 2004 1:58 pm

Trying to run on command line to test, I'm getting the following error. Any Ideas?
Error: Can't parse the config file C:\Progra~1\ClamWin\bin\FreshClam.conf.

My config file:
##
## config file for freshclam
##

# Path to the directory containing your Virus database files
DatabaseDirectory C:\Progra~1\ClamWin\VirusDB

# FQDN of Clam database mirror to download definitions
DatabaseMirror database.clamav.net

# Number of connection attempts to make before giving up
MaxAttempts 3

# Enable verbose logging
#LogVerbose

# Proxy server settings
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

What I'm running from command line:
C:\Progra~1\ClamWin\bin\freshclam.exe --config-file="C:\Progra~1\ClamWin\bin\FreshClam.conf"

MartynK
Posts: 1364
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK » Fri Oct 01, 2004 2:07 pm

This is a total guess as I have not even used this, but.

Is it because you don't need the " (quotes) on the config file path as it is not using long filenames (or is has not got any spaces) and maybe does not support them.

MrK
Posts: 66
Joined: Wed Jun 25, 2003 1:54 pm
Location: UK

Post by MrK » Fri Oct 01, 2004 2:35 pm

Oops, this could be my fault! :oops:

Whilst looking at your configuration I see I missed a line out of the config example which might be required for it to work properly.

Try adding the following line to your config file:

Code: Select all

# Log file path
UpdateLogFile C:\Progra~1\ClamWin\Logs\ClamUpdateLog.txt
Make sure the directory exists and the account that will be running the scheduled task has write permissions.

I guess that's the problem, but just in case, some other things to try...

MartynK's suggestion is a good guess, but it works from the command line even with the quotes on our win2k box. Worth a try though.

I see you're using the exact same path's that we are (C:\Program Files\ClamWin\") - that definitely is the correct path and you haven't just copied my example and not updated the location, yes? :wink:

FreshClam.conf also definitely exists and is in the "bin" directory with appropriate permissions?

If all else fails I would try stripping out everything except the following from FreshClam.conf so you're left with only these three lines, and see if that helps.

DatabaseDirectory C:\Progra~1\ClamWin\VirusDB
UpdateLogFile C:\Progra~1\ClamWin\Logs\ClamUpdateLog.txt
DatabaseMirror database.clamav.net

I've edited my original post to correct the conf file example.

JasonCMX
Posts: 33
Joined: Fri Apr 09, 2004 12:22 pm
Location: Michigan, USA

Post by JasonCMX » Fri Oct 01, 2004 2:58 pm

Thanks it was the UpdateLog variable.
Everything is working now.

GaryNg
Posts: 7
Joined: Sun Oct 17, 2004 1:18 pm
Location: Singapore

Post by GaryNg » Mon Oct 18, 2004 2:48 am

MartynK wrote:10. Press the "Test" button
No results should be returned in the window, but the message "Command line scanner returned: 1" should be at the bottom of the window.

And thats it.
Martyn,

I've got a return code of 50 and prompts me "There appears to be an error with the antivirus configuration. Please check your setting and make sure no resident scanner is active."

Any help.?

Gary

MartynK
Posts: 1364
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK » Mon Oct 18, 2004 4:20 am

Gary,

Sorry all I can say is that you need to go back and review your settings and all you have done. These instructions have been used by a number of people. All details are posted in this forum thread.

webafrica
Posts: 252
Joined: Thu Dec 11, 2003 4:56 pm
Contact:

Post by webafrica » Tue Oct 19, 2004 10:28 am

Does ClamAV work well under pressure? - we were using Nod32 but it hangs the server after a day or so of mail throughput.

Can it be configured to just kill the whole mail entirely not just the attachment?

Post Reply