3
Can ClamAV bundled with SmarterMail be updated to latest version?
Problem reported by Webio - 2/6/2015 at 12:14 AM
Resolved
Hello,
 
can ST SmarterMail dev team consider updating ClamAV delivered with SmarterMail? Version bundled with SM is from 2012-09-17 (according to http://sourceforge.net/projects/clamav/files/clamav/) so I'm sure that plenty issues has been fixed and other things optimised.
 
Regards

12 Replies

Reply to Thread
0
Employee Replied
Employee Post
Hello Webio,
 
Thanks for the information. I have discussed this issue with my Team and at the moment we are looking into the possibility of updating the current engine used with the SmarterMail application. We do not have an estimated time on when this will occur.
 
Thank You.
 
0
Linda Pagillo Replied
Hi Joseph. I wanted to add to this. We have had a lot of people reporting that the ClamAV that comes with SM is letting a lot of viruses through. I have been having people send me samples so I can run them through totalvirus.com and a handful of the scanners catch them, but ClamAV does not. People are getting concerned. Have you guys had these reports as well? If yes, what can be done about it? Thanks.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Joe Wolf Replied
I agree with Linda. Updating the ClamAV engine will not solve the current problems (as can be verified by VirusTotal). ClamAV is just not catching these pdf.zip infected files inside a .eml file. Here's a VirusTotal example of an infected file that goes right thru ClamAV (and has been for well over a week). https://www.virustotal.com/en/file/4c1f8e12c3647094303d27a3827a2f7d97faed53f7ea441842744ba0643610a2/analysis/1424645627/
Thanks, -Joe
1
Steve Reid Replied
As if updating ClamAV is something you need to have a meeting about... That's insane. Why don't you have a meeting about committing to keeping the engine updated at all times? The community keeps having to bring this up... You guys obviously do not see the importance of this.
 
Come on, you guys need to get serious.
0
Webio Replied
IMHO after some testing and checking ClamAV is not any reliable solution even with latest virus definitions. It just not finding viruses in emails. I've started testing very cheap Avast as a command line scanner used with Declude. IMHO it works great. IMHO Avast is less CPU consuming than ESET File Security that I had tested also (licensing model is not so friendly with ESET).
0
Steve Reid Replied
I think they would need a solution that can be distributed with Smartermail.
0
Webio Replied
You can also use Avast as a Command Line scanner directly from SmarterMail with proper command line setting (this is how it is done from Declude but Declude offers other AV settings). IMHO ClamAV should be just ditched in a favor for examples of Command Line utilities from various companies and maybe additinal options what should be done with a message which contains a virus. For example Avast is returning "1" return code when command line util found a virus in a message but this information for now can't be used by SmarterMail because there are no additional options for command line AV scanning so IMHO when command line scanner will find a virus this will not be even noticed in SmarterMail virus statistics because exit/return code of command line AV util is not being catched (for example ESET command line util returns "50" when virus has been found).
0
Employee Replied
Employee Post
I want to thank everyone who has brought to our attention the shortcomings of ClamAV at this time.  We are aware of the issue, and we are diligently researching options.  For SM 14, at a minimum we are planning on updating the packaged ClamAV to the latest version.  As stated, we are also looking at possible replacements, if necessary.
 
Webio, I have added your suggestion of adding command line scanner results to the SM virus statistics to our features request list.  Obviously, this option would have to be configurable because the various products do return different results.
 
I am changing this thread from a Question to a Problem and marking it as Being Fixed.
0
Webio Replied
Robert I've updated ClamAV on my end manually directly in SmarterMail service directory but it has not helped to find finding viruses which are being sent currently so IMHO updating to latest ClamAV is not a good solution.
2
Webio Replied
Something interesting came up. It looks like Avast has free business version of their AV scanner which can be used with SmarterMail or Declude command line scanning without any limits:
 
0
Bruce Barnes Replied
@Webio:  Have you integrated this with SmarterMail?
 
If so, can you explain what you did and how you accomplished the integration?
 
Thanks.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Webio Replied
Hello,

so far I've returned to ClamAV but I will probably rereturn to Avast. When I was using Avast I had to use it with Declude because it has mechanism which makes precheck on messages and run AV for only selected messages. Additionally SmaterMail command line AV scanner does not allow to enter any AV scanner return code so AV scanner will have to perform message cleaning or removal and thats why Declude is better here. It allows to give command line scanner return code so it knows which message contains virus and which not and then allows to perform action on that message (like move to virus folder for checking).

Please check this topic:

http://portal.smartertools.com/community/a2157/eset-nod-as-an-additional-virus-scanner.aspx

My last message contains information how I configured Avast with Declude. I think I can say that I have high volume usage and when I tried to run AV command line scanning directly from SM so every message was scanned on my incoming gateway it caused 100% CPU usage since for every message was spawned ashCmd.exe process so in my situation Declude is only way for using command line scanning. Feel free to ask any questions about this solution.

Regards

Reply to Thread