Mailing List Archive: ClamAV: win32

Getting started with ClamAV for Windows as a service

Index | Next | Previous | View Threaded

jeff_j_dunlap at yahoo

Dec 20, 2007, 11:05 AM

Post #1 of 12 (2915 views)
Permalink

Getting started with ClamAV for Windows as a service

Dear ClamAV users:

What I am hoping to do is to install ClamAV for Windows on a W2003 server running as a service. My main objective is to scan all inbound internet mail and to delete all attachments having viruses.

Unfortuately, I'm having difficulty getting ClamAV for Windows installed as a service and I
cannot instructions on what needs to be done anywhere. I installed ClamAV for Windows, then I installed Powertoys from http://www.bandsman.co.uk/clamav.htm

Unfortunately, Clamd is not installed as a service. It did install a clamAV (clamdService.exe) and I started the service yet Clamd was not installed as a service.

Any suggestions would be greatly appreciated.

Thank you,

Jeff Dunlap

---------------------------------
Never miss a thing. Make Yahoo your homepage.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

bret.miller at wcg

Dec 20, 2007, 11:59 AM

Post #2 of 12 (2829 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

> What I am hoping to do is to install ClamAV for Windows on
> a W2003 server running as a service. My main objective is to
> scan all inbound internet mail and to delete all attachments
> having viruses.
>
> Unfortuately, I'm having difficulty getting ClamAV for
> Windows installed as a service and I
> cannot instructions on what needs to be done anywhere. I
> installed ClamAV for Windows, then I installed Powertoys from
> http://www.bandsman.co.uk/clamav.htm
>
> Unfortunately, Clamd is not installed as a service. It did
> install a clamAV (clamdService.exe) and I started the service
> yet Clamd was not installed as a service.

AFAIK, the clamAV service should run clamd as a process under it. You might
get Process Explorer from sysinternals so you can see for sure. Another
thing you might check is whether clamd.exe runs from the command line. If
the configuration file has errors, it won't run at all, and therefore won't
run as part of the service.

Bret

jeff_j_dunlap at yahoo

Dec 20, 2007, 12:22 PM

Post #3 of 12 (2826 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

>> AFAIK, the clamAV service should run clamd as a
>> process under it. You might get Process Explorer
>> from sysinternals so you can see for sure. Another
>> thing you might check is whether clamd.exe runs
>> from the command line. If the configuration file has
>> errors, it won't run at all, and therefore won't run as
>> part of the service.

Thanks for responding Bret. I thought that clamd.exe was supposed to run as a service but there was something that I was missing causing my headaches.

I had run the installation from http://www.bandsman.co.uk/clamav.htm, and was just about ready to give up when I went to http://w32.clamav.net/ and downloaded the clamAV installation from there and noticed there that I needed to download pthreadVC2.dll as well.

The problem was that I was missing that darned dll!

I then installed powertoys again and was able to scan files. I noticed a process called clamd.exe running whenever I scan a file so I think that I'm good so far.

The next step will be to integrate it into hMailServer and see how that goes.

Thanks again,

Jeff

P.S. I found a message indicating that powertoys was not compatible with the clamAV download from http://w32.clamav.net/ but it seems to work so far.

---------------------------------
Never miss a thing. Make Yahoo your homepage.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

olivarobinson at gmail

Dec 20, 2007, 2:46 PM

Post #4 of 12 (2826 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Hi Jeff:

If you want to scan mail files in windows server...you need to hook to your
mail server program...
as exchange server....

2007/12/20, Jeff Dunlap <jeff_j_dunlap [at] yahoo>:
>
> >> AFAIK, the clamAV service should run clamd as a
> >> process under it. You might get Process Explorer
> >> from sysinternals so you can see for sure. Another
> >> thing you might check is whether clamd.exe runs
> >> from the command line. If the configuration file has
> >> errors, it won't run at all, and therefore won't run as
> >> part of the service.
>
> Thanks for responding Bret. I thought that clamd.exe was supposed to run
> as a service but there was something that I was missing causing my
> headaches.
>
> I had run the installation from http://www.bandsman.co.uk/clamav.htm, and
> was just about ready to give up when I went to http://w32.clamav.net/ and
> downloaded the clamAV installation from there and noticed there that I
> needed to download pthreadVC2.dll as well.
>
> The problem was that I was missing that darned dll!
>
> I then installed powertoys again and was able to scan files. I noticed a
> process called clamd.exe running whenever I scan a file so I think that
> I'm good so far.
>
> The next step will be to integrate it into hMailServer and see how that
> goes.
>
> Thanks again,
>
> Jeff
>
> P.S. I found a message indicating that powertoys was not compatible with
> the clamAV download from http://w32.clamav.net/ but it seems to work so
> far.
>
>
> ---------------------------------
> Never miss a thing. Make Yahoo your homepage.
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

jeff_j_dunlap at yahoo

Dec 20, 2007, 5:06 PM

Post #5 of 12 (2828 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Hello Robinson:

I have clamAV running as a service and scanning e-mail to the server now, my mail server is removing the infected attachments like it should. The only clamAV modification I did was for freshclam and that was to set the country code for DatabaseMirror, so it now will update the virus signatures.

Thank you,

Jeff

---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

sherpya at netfarm

Dec 20, 2007, 6:39 PM

Post #6 of 12 (2827 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff Dunlap wrote:
> Hello Robinson:
>
> I have clamAV running as a service and scanning e-mail to the server now, my mail server is removing the infected attachments like it should. The only clamAV modification I did was for freshclam and that was to set the country code for DatabaseMirror, so it now will update the virus signatures.
>
> Thank you,
>
no need
db.local.clamav.net and database.clamav.net
are geo-resolved you'll always get your mirror based on ip

regards

- --
Gianluigi Tiesi <sherpya [at] netfarm>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHaydd3UE5cRfnO04RArIlAJoDXpNOjUdMrJSTwOqsF9KRf47+nwCfRmWV
xWFKTLx+BPYJHqbxt31T+lA=
=YL3/
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

jkratka at tymewyse

Dec 20, 2007, 9:33 PM

Post #7 of 12 (2825 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Jeff,

Could you share your hMailServer/ClamAv config. I changed to ClamAv from
ClamWin and it doesn't see to be catching stuff yet.

Jeff Kratka
************************************************
TymeWyse, Inc.
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel: (541) 839-6027 - info [at] tymewyse
************************************************

> Hello Robinson:
>
> I have clamAV running as a service and scanning e-mail to the server
> now, my mail server is removing the infected attachments like it should.
> The only clamAV modification I did was for freshclam and that was to
> set the country code for DatabaseMirror, so it now will update the virus
> signatures.
>
> Thank you,
>
> Jeff
>
>
> ---------------------------------
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
> now.
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

matej.sostaric at gmail

Dec 20, 2007, 10:55 PM

Post #8 of 12 (2820 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Hello.

What i have done is that i have also download from this page, but i have
installed clamav version 0.91.2 and powertools. first i have installed
clamav 0.91.2, then powertools. Then i went to conf file and set up right IP
of My server and database mirror in freshclam.conf. I have changed local to
my area code. then i went to services and i start ClamAV-Powertools has put
this service into machine. then i checked Task Manager and ClamDservice.exeand
clamd.exe was there and working.

I have tried with version 0.92 and its working, but i had some problems with
daily.cvd and i got suggestion about this problem in this mailing list but i
didn't try it.

Regard's Matej

2007/12/20, Jeff Dunlap <jeff_j_dunlap [at] yahoo>:
>
> Dear ClamAV users:
>
> What I am hoping to do is to install ClamAV for Windows on a W2003 server
> running as a service. My main objective is to scan all inbound internet
> mail and to delete all attachments having viruses.
>
> Unfortuately, I'm having difficulty getting ClamAV for Windows installed
> as a service and I
> cannot instructions on what needs to be done anywhere. I installed ClamAV
> for Windows, then I installed Powertoys from
> http://www.bandsman.co.uk/clamav.htm
>
> Unfortunately, Clamd is not installed as a service. It did install a
> clamAV (clamdService.exe) and I started the service yet Clamd was not
> installed as a service.
>
> Any suggestions would be greatly appreciated.
>
> Thank you,
>
> Jeff Dunlap
>
>
> ---------------------------------
> Never miss a thing. Make Yahoo your homepage.
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

matej.sostaric at gmail

Dec 20, 2007, 10:59 PM

Post #9 of 12 (2817 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Hello.

You must also put file from

ftp://sourceware.org/pub/pthreads-win32/dll-latest/lib/pthreadVC2.dll into
C:\program files\clamav

Regard's

Matej

2007/12/21, matej sostaric <matej.sostaric [at] gmail>:
>
> Hello.
>
> What i have done is that i have also download from this page, but i have
> installed clamav version 0.91.2 and powertools. first i have installed
> clamav 0.91.2, then powertools. Then i went to conf file and set up right
> IP of My server and database mirror in freshclam.conf. I have changed
> local to my area code. then i went to services and i start ClamAV-Powertools
> has put this service into machine. then i checked Task Manager and
> ClamDservice.exe and clamd.exe was there and working.
>
> I have tried with version 0.92 and its working, but i had some problems
> with daily.cvd and i got suggestion about this problem in this mailing
> list but i didn't try it.
>
> Regard's Matej
>
>
>
>
> 2007/12/20, Jeff Dunlap <jeff_j_dunlap [at] yahoo>:
> >
> > Dear ClamAV users:
> >
> > What I am hoping to do is to install ClamAV for Windows on a W2003
> > server running as a service. My main objective is to scan all inbound
> > internet mail and to delete all attachments having viruses.
> >
> > Unfortuately, I'm having difficulty getting ClamAV for Windows installed
> > as a service and I
> > cannot instructions on what needs to be done anywhere. I installed
> > ClamAV for Windows, then I installed Powertoys from
> > http://www.bandsman.co.uk/clamav.htm
> >
> > Unfortunately, Clamd is not installed as a service. It did install a
> > clamAV (clamdService.exe) and I started the service yet Clamd was not
> > installed as a service.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Thank you,
> >
> > Jeff Dunlap
> >
> >
> > ---------------------------------
> > Never miss a thing. Make Yahoo your homepage.
> > _______________________________________________
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
> >
>
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ryanreg at e-telligent

Dec 20, 2007, 11:14 PM

Post #10 of 12 (2820 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

I'm not Jeff, but I'm also using ClamAV & hMailServer (successfully), so
hopefully the configs below will be of use. I'm assuming that you've made it
as far as running ClamAV as a service. If not you'll want to review the
archives from the last week or so. Note that if you're running 0.920, you
might want to download it again to make sure you have the newest build. The
1st release of didn't give exit codes to the caller (hMailServer) even
though the detection was recorded by clamd.log.

Ryan

hMailServer AntiVirus:
Use ClamWin: Check
ClamScan executable: C:\Program Files\ClamAV\clamdscan.exe
Path to ClamScan database: C:\Program Files\ClamAV\data

clamd.conf (comments & whitespace removed):
LogFile "C:\Program Files\clamAV\log\clamd.log"
LogTime Yes
LogSyslog Yes
PidFile "C:\Program Files\clamAV\run\clamd.pid"
TemporaryDirectory "C:\Program Files\clamAV\temp"
DatabaseDirectory "C:\Program Files\clamAV\data"
FixStaleSocket Yes
TCPSocket 3310
StreamMaxLength 10M
MaxDirectoryRecursion 15
Foreground Yes
ScanPE Yes
DetectBrokenExecutables Yes
DetectPUA Yes
ScanOLE2 Yes
ScanPDF yes
ScanMail Yes
ScanHTML Yes
ScanArchive Yes
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 100
ClamukoScanOnOpen No
ClamukoScanOnClose No
ClamukoScanOnExec No
ClamukoIncludePath /home
ClamukoMaxFileSize 1M

----- Original Message -----
From: "Jeff Kratka - TymeWyse, Inc." <jkratka [at] tymewyse>
To: <clamav-win32 [at] lists>
Sent: Thursday, December 20, 2007 20:33
Subject: Re: [clamav-win32] Getting started with ClamAV for Windows as a
service

> Jeff,
>
> Could you share your hMailServer/ClamAv config. I changed to ClamAv from
> ClamWin and it doesn't see to be catching stuff yet.
>
> Jeff Kratka
> ************************************************
> TymeWyse, Inc.
> P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
> tel: (541) 839-6027 - info [at] tymewyse
> ************************************************
>
>> Hello Robinson:
>>
>> I have clamAV running as a service and scanning e-mail to the server
>> now, my mail server is removing the infected attachments like it should.
>> The only clamAV modification I did was for freshclam and that was to
>> set the country code for DatabaseMirror, so it now will update the virus
>> signatures.
>>
>> Thank you,
>>
>> Jeff
>>
>>
>> ---------------------------------
>> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
>> it
>> now.
>> _______________________________________________
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>>
>
>
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

jeff_j_dunlap at yahoo

Dec 21, 2007, 10:18 AM

Post #11 of 12 (2818 views)
Permalink

Re: Getting started with ClamAV for Windows as a service [In reply to]

Hi Ryan,

I noticed that you have ClamWin checked, and in fact I had read a message on this forum about checking that for ClamAV for Windows, but it seemed a little weird to me since we are not using ClamWin.

What I had done was to ensure that the ClamWin tab is totally blank (no checkmarks nor any info in the fields).

In the External virus scanner tab, I checked 'Use external scanner'

Scanner Executable:
"c:\program files\clamav\clamdscan.exe" "%FILE%"

Return Value
1

In the General tab, I chose to 'Notifiy recipient' and to delete attachments.

What this configuration does is delete any infected attachments yet the message is sent. The subject is automatically prefixed with VIRUS DETECTED, and a short message indicating that the attachment was deleted.

Could you share your hMailServer/ClamAv config. I changed to ClamAv from
ClamWin and it doesn't see to be catching stuff yet.

Regarding Jeff Kratka's problem catching viruses, I would suggest to try scanning a single file using the powertoys gui. If you get an error there, you know that something is wrong with your ClamAv configuration, and quite possibly you may have the problem that I had which was a missing pthreadVC2.dll file that should be installed. A link to this file can be found at http://w32.clamav.net/

Best Regards,

Jeff Dunlap

Ryan <ryanreg [at] e-telligent> wrote:
I'm not Jeff, but I'm also using ClamAV & hMailServer (successfully), so
hopefully the configs below will be of use. I'm assuming that you've made it
as far as running ClamAV as a service. If not you'll want to review the
archives from the last week or so. Note that if you're running 0.920, you
might want to download it again to make sure you have the newest build. The
1st release of didn't give exit codes to the caller (hMailServer) even
though the detection was recorded by clamd.log.

Ryan

hMailServer AntiVirus:
Use ClamWin: Check
ClamScan executable: C:\Program Files\ClamAV\clamdscan.exe
Path to ClamScan database: C:\Program Files\ClamAV\data

---------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ryanreg at e-telligent

Dec 21, 2007, 11:47 AM

Post #12 of 12 (2824 views)
Permalink

Re: Getting started with ClamAV for Windows as aservice [In reply to]

Either way - The result is the same so I went for the modified "ClamWin"
option since it seemed more straightforward to me. My 2� regarding positive
detection is: Just delete the e-mail w/o recipient notify. I used to notify
but it's effectively spam since most virii are spewed out from zombie hosts
anyway. But I digress...

As far as testing clamd goes - The GUI didn't immediately work for me and I
didn't spend any time looking into it since I only need hMailServer & script
support. I test clamd at the cmd line the same way you use it in
hMailServer: "path\clamdscan.exe path\eicar.txt". If clamd detection works
but the errorlevel is still 0 then you know you have the "bad" 0.92 build
and should download it again.

Ryan

----- Original Message -----
From: "Jeff Dunlap" <jeff_j_dunlap [at] yahoo>
To: <clamav-win32 [at] lists>
Sent: Friday, December 21, 2007 09:18
Subject: Re: [clamav-win32] Getting started with ClamAV for Windows as
aservice

> Hi Ryan,
>
> I noticed that you have ClamWin checked, and in fact I had read a message
> on this forum about checking that for ClamAV for Windows, but it seemed a
> little weird to me since we are not using ClamWin.
>
> What I had done was to ensure that the ClamWin tab is totally blank (no
> checkmarks nor any info in the fields).
>
> In the External virus scanner tab, I checked 'Use external scanner'
>
> Scanner Executable:
> "c:\program files\clamav\clamdscan.exe" "%FILE%"
>
> Return Value
> 1
>
> In the General tab, I chose to 'Notifiy recipient' and to delete
> attachments.
>
> What this configuration does is delete any infected attachments yet the
> message is sent. The subject is automatically prefixed with VIRUS
> DETECTED, and a short message indicating that the attachment was deleted.
>
> Best Regards,
>
> Jeff Dunlap
>

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads