20
How to greatly improve ClamAV - even zero hour style protection for FREE!
Idea shared by Joe Wolf - April 1, 2015 at 7:24 PM
Completed
Warning:  The below configuration works great for me, but use any of the following information at your own risk.
 
Notice:  The process has somewhat changed (as of June 12, 2015).  Please see  http://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx#90480 for the latest configuration updates.  The paths may be different but the file names will remain the same.
 
Problem:  The standard SmarterMail install of ClamAV is very poor at catching viruses, trojans, and other malware.  Currently any .zip file attachment can contain a .exe payload and ClamAV will not catch it.  
 
I originally started at looking for ways to use the SpamAssassin MIMEHeader plugin to check for .exe files inside .zip files, but couldn't make it work.  I've tried to use various command line antivirus scanners and none seemed to work well for me.  I then started to try and write a ClamAV signature rule that would catch these messages, but I happened to find the below solution.  I installed the below solution and then sent myself 18 different examples of .zip attachments with .exe virus / trojan payloads (all verified via VirusTotal).  Before the below solution was installed all 18 were delivered to my Inbox, after the solution all 18 were caught and put into my Virus Quarantine.  Zero false positives to date.
 
The below solution has the ability to stop a lot of spam, but I have disabled most of those tests because I don't believe spam filtering should be done by ClamAV.  I just want to stop the viruses, trojans, phishing, and other malware.  I have left the tests that accomplish this enabled.
 
Solution:  I found that many of the original ClamAV developers and others have developed third party signatures that greatly increase the effectiveness of ClamAV.  I do not take credit for any of the below.  You can investigate all of the below at Sanesecutity http://sanesecurity.com and you can do all of what I've done below yourself if you desire  I've just made installation easier and configured it for use with the standard ClamAV installed by SmarterMail.  Essentially all you're doing is adding thousands of additional signatures to ClamAV and automating hourly updates to catch the newest threats.
 
The below should work with any recent version of SmarterMail and ClamAV.
 
#1  You can download my pre-configured package from this link: https://www.dropbox.com/l/kQfIHSio6bUWk5VcX8o2hr  You will be downloading a file named ClamSup.zip.  It is virus free and you are free to scan it with any scanner you choose.  
 
#2  Extract the contents of ClamSup.zip to the location of your choice.  I used C:\ClamSup but you can use any location you choose, but my instructions will reference C:\ClamSup so if you choose a different location adjust accordingly.
 
#3  If your SmarterMail program files are installed on C:\Program Files (x86).... you don't need to do any editing, etc.  If you've installed SmarterMail on a different drive or path you will need to edit the C:\ClamSup\ClamSup.cfg file to represent the proper paths.  The file is simple to understand and you will need to change the path in four places in the ClamSup.cfg file. (On Edit:  Some SmarterMail installations have the Clamd.conf file in the \etc folder instead of \bin - please verify that the proper path to Clamd.conf in the ClamSup.cfg matches the actual location of your Clamd.conf).  An easy way to find the proper path for the ClamSup.cfg file just find your EXISTING clamd.conf and open it in notepad (or any text editor of you choice).  You will see a line in the clamd.conf that says "Database Directory" and you can use that path for the "LOCALFOLDER" value in the ClamSup.cfg.  The others should be simple to figure out.
 
#4  Run the ClamSup.bat file.  This will download all the signatures to your ClamAV installation.  There is a built in delay in the batch file so ClamAV can validate each new signature.  It may take 10 minutes or so for the batch file to complete (most of this is delay time and adds very little load to your server).  ClamAV will use slightly more RAM after the installation of the additional signatures.  
 
#4  I suggest you add a scheduled task in Windows Task Scheduler to run C:\ClamSup\ClamSup.bat every hour to download any updated signatures (some are updated hourly).  If you stay logged in to your SmarterMail server all the time you can run the ClamSup.bat in loop mode by changing the last line in your ClamSup.cfg from "LOOP_MODE=N" to "LOOP_MODE=Y".  When the batch file is run in loop mode it will automatically download the signatures hourly, but if you log off the computer it will not run and you will need to use the Task Scheduler method.
 
#5  If you want to verify that your ClamSup installation is working properly take a look at your C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder (or whatever your path may be).  You should see a total of 20 files and one folder called "SIG_TMP" (this temp folder holds the new verified signatures to be integrated into ClamAV and can be ignored).
 
That's all there is to it and you've turned ClamAV into one of the best antivirus solutions possible.  I suggest you enable the Virus Quarantine and monitor the results.  The signatures I enabled will catch a lot more than the stock ClamAV.  
 
NOTES:  I have only enabled the signatures I feel are appropriate.  You can add or remove them as desired.  This is done by editing the C:\ClamSup\ClamSup.ini file.  The description of the various signatures are at: http://sanesecurity.com/usage/signatures/   All of the signatures preceded by a "-" in the ClamSup.ini are disabled.  All of the signatures enabled in my installation have a LOW false positive rate.  If you decide to disable a signature add the "-" in from of that line in the ClamSup.ini and delete the associated file from the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder and the "SIG_TMP" folder.
 
I believe you'll see how good ClamAV can be.  The above does increase memory usage slightly, but I see no additional load on my server.  The ClamSup.bat file will only download new signatures when they are newer than those currently installed so it's very efficient.  If you choose to use more aggressive signatures monitor your Virus Quarantine regularly.
 
I know everyone has different levels of abilities to make such changes.  This is not a difficult process and I can implement it on a SmarterMail server in less than 4 minutes and never have to stop the SmarterMail service (it's transparent and just works great).  The Path values are the most important part.  Verify your path values!  Also install it as an Administrator.
 
-Joe
Thanks,
-Joe

34 Replies

Reply to Thread
0
CCWH Replied
April 1, 2015 at 11:57 PM
Fantastic Joe! Thank you! It just so happens I have a little free time later today so I will complete the changes as above and confirm the outcome. We've been getting so many viruses going through the email servers lately and have tried external AV scanners with little to no success as you have. Again, really appreciate you sharing this solution!
0
Bruce Barnes Replied
April 2, 2015 at 3:46 AM
Great job, Joe.  Thanks for putting in all of the time and sharing this resource!
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Steve Reid Replied
April 2, 2015 at 5:45 AM
Thanks a lot for this!!
 
I got an error:
 
ERROR: The configured ClamD.conf file (C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\bin\clamd.conf) was not found.
 
 
But after I changed the last folder in the path to etc instead of bin, everything worked fine.
1
Steve Reid Replied
April 2, 2015 at 10:39 AM
I would like to test the effectiveness of this update... How were you testing it?
1
CCWH Replied
April 2, 2015 at 11:06 AM
Just carrying out some testing.
 
Using Email Security Check (http://www.emailsecuritycheck.net/) pre Clam AV Signature update all 7 tests get through.  After the update 6 out of the 7 still get through.  I will keep testing.
0
Bruce Barnes Replied
April 2, 2015 at 4:43 PM
Getting the following error:
 
Date: Thu 04/02/2015 
Time: 18:40:21.41 
 
ERROR: The configured local folder does not exist! 
 
ClamSup directory is on the "D" drive, along with SmarterMail
 
Been a very long day.  Am I missing something?
 
Here's the batch file, modified to show the ETC folder and "D" drive for SmarterMail:
 
#
# - [ ClamSup Updater options ] - #
#

# - [ The local path where updates should be downloaded/extracted to ] - #

LOCALFOLDER=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\share\clamav

# - [ Filename/Location of Clamscan.exe ] - #
# - [ Needed if the testing of downloaded signatures is enabled ] - #

CLAMSCAN=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\bin\clamscan.exe

# - [ Filename/Location of ClamDscan.exe ] - #
# - [ Needed if ClamD should be signaled to reload it's signatures ] - #
# - [ Leave empty to disable ] - #

CLAMDSCAN=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\bin\clamdscan.exe

# - [ Filename/Location of ClamDscan's config file (clamd.conf) ] - #
# - [ Only needed if ClamD should reload it's signatures (See above) ] - #

CLAMD_CONFIGFILE=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf

# - [ What errors should be logged to the error log file ] - #
# - [ 1: Only critical errors ] - #
# - [ 2: All errors (recommended) ] - #

LOG_LEVEL=2

# - [ Lets the scrip run infinitely ] - #

LOOP_MODE=N
Thanks!
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Joe Wolf Replied
April 2, 2015 at 8:18 PM
I have noticed that the number of failed connections to ClamAV increased since installing ClamSup and I was monitoring what was going on.  I found two things.  First that the version of ClamAV installed by SmarterMail is outdated and only a  32-bit process.  The additional signatures were taking longer than SmarterMail allowed and the file was moved from the spool before ClamAV finished scanning.  I found two ways to help this problem.
 
Solution #1:  In SmarterMail | Settings | General Settings | Spool | Delivery Delay have at least 3 seconds for the Delivery Delay. This is probably a good idea even if you decide to implement Solution #2 below.
 
NOTICE:  Several people running Windows Server 2012 have reported problems running the 64-bit version of ClamAV.  I'm not having any problems but Server 2012 adds additional risk. (4/10/15 UPDATE: Apparently Windows Server 2012 need to have C++ Redistributable Package 2010 x64 package installed for proper operation).
 
Solution #2  I decided to update my ClamAV install to ClamAV 0.98.60 64-bit instead of the default SmarterMail installed version of 0.97.1.0 32-bit.  Keep in mind that you can't do this unless you're on a 64-bit OS.  The 64-bit version runs much faster than the 32-bit version of ClamAV.
 
If you want to do this it's rather simple to do.  I've packaged the proper files here (it's a clean .zip file) https://www.dropbox.com/s/ns4k2jml0zpc8d5/ClamAV-x64.zip?dl=0  
 
Download the file and unzip it in any temporary folder you desire.
Locate your existing ClamAV "bin" folder (for example on my system is at: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\clam\bin ).  Make a backup of this folder.
 
To install the new 64-bit ClamAV you will need to Stop the SmarterMail service, then end the "clamd.exe *32" process in the Task  Manager.  Then delete all the files in your ClamAV "bin" folder EXCEPT the clamd.conf and freshclam.conf files if they are present. Once you've done that then simply copy the files from the download above into the ClamAV bin folder (but keeping the existing clamd.conf and freshclam.conf if they were already present in that folder if not we'll take care of that in the next step).  Open the clamd.conf file and remove the line near the bottom that says: "MailFollowURLs no" (even if it says MailFollowURLs yes).  The MailFollowURLs value is no longer valid in ClamAV.
 
If you do NOT have a clamd.conf and freshclam.conf in the \bin folder you will need to find them in the \etc and COPY them to the \bin folder (remove the MailFollowURLs line from the clamd.conf first or just remove it from both copies).  It's fine for you to have the .conf files in both locations as long as they're identical.  Make sure to remove the "MailFollowURLs no" or "MailFollowURLs yes" from all your clamd.conf files.
 
Verify that your ClamAV can update the signature files.  To do this open a command prompt in your ClamAV /bin folder (while viewing that folder in Windows Explorer just hold down the Shift key and right click on any whitespace (not on a file or with a file selected) and select "Open command window here".  Verify the command window is open in the \bin folder (in my example I would be located at: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin> ).  At the command prompt enter "freshclam.exe" (without the quotes) and hit enter.  You should see ClamAV either verifying or downloading the latest signature files.  Once finished you can close the command window.  You can navigate to the \clam\log folder and open the freshclam.log in notepad or text editor of your choice and you can verify that freshclam.exe ran properly.
 
Once the new files are copied all you need to do is Start the SmarterMail service.  SmarterMail will automatically use the newer ClamAV version in 64-bit mode.  You can verify this in your Task Manager by noting that is now listed as "clamd.exe" instead of "clamd.exe *32".  You can also verify that SmarterMail will update the ClamAV signatures by going to Security | Antivirus Administration | ClamAV tab | select Update ClamAV.  All SmarterMail does is open an instance of freshclam.exe.  If you think you have a problem you can take a look at the clam\log\freshclam.log and look for any errors.  Please note that SmarterMail will show "updating" and will not show the update was successful until you navigate to a different area in SmarterMail and then go back into Security | Antivirus Administration | ClamAV tab (it doesn't update the status real-time)
 
NOTE:  If you don't stop the SmarterMail service and end the clamd.exe *32 process you won't be able to delete all the files (but again make sure to KEEP the existing clamd.conf file).
 
Also note that if you upgrade, update, or re-install SmarterMail you will have to do all of the above over again because it will overwrite the newer 64-bit version with the older 32-bit version of ClamAV.
 
I've not encountered any problems by using the newer 64-bit ClamAV, but if you have any problems you can simply restore your backup, or simply re-install SmarterMail.
 
I know everyone has various skill levels.  I can easily implement the above changes on any recent version of SmarterMail in under 2 minutes.  This is not a complicated process.  Just stop the SmarterMail service, end the spamd *32 process, delete all the \bin folder files EXCEPT clamd.conf and then just copy the files from the download to the \bin folder and restart the SmarterMail service.  It's really that easy.
 
-Joe
 
Thanks,
-Joe
1
CCWH Replied
April 3, 2015 at 3:10 AM
Thanks for all the work Joe.  This solution has been far far better even overnight!
 
I will update to ClamAVx64 shortly.  I am wondering why SmarterTools have not used, or given the option of using, the x64 version.....very weird.
 
One thing to note, when using the Loop Mode within ClamSup.cfg it shows the following error ever hour:
 
 
I ran it overnight with output to a .txt file and saw the above.
 
There are no errors shown within the ClamSup.error file.  But it looks like it hasn't run as the text output file only shows the last manual run...so the first run.  It looks like there is an old bit of code within the config file.  I will take a look at the line 25 later.  Might be worth removing just to clean it up a bit.
0
CCWH Replied
April 3, 2015 at 3:36 AM
I have now made the ClamAV change, however there is an issue.  ClamAV shows as 'updating' constantly within SmarterMail and no clamd.exe is running within Task Manager:
 
 
This is on a 2008 R2 x64 machine running SM13.3 Enterprise.
1
CCWH Replied
April 3, 2015 at 3:48 AM
Unfortunately the change did not work.  When trying to revert back to the x86 folder the webmail failed to load with the whoops admin page.  The clamd.exe *32 did show as running after the procedure (stop service, remove/rename old bin folder and move/rename original folder).
 
I have had to complete a reboot of the server for the service to start back correctly within IIS.  Unsure of the issue.
 
After reverting back to the 32bit \bin folder and the reboot then clamd *32 process is running normally and the Virus definitions are now updating.
 
I think I will take another look at this later.
1
Andrea Rogers Replied
April 3, 2015 at 8:06 AM
Employee Post
Thanks for the resource, Joe!
Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scarab Replied
April 3, 2015 at 2:01 PM
Joe,
 
Thank you for a resolution for an issue that has been bothering me for a couple of months. Your solution caught over 300 viruses in the past 24 hours where the built-in version of ClamAV was down to catching only an average of 5 per day. I manually checked for false-positives and had none!
 
EXCEPT...and this is certainly odd...we have SmarterMail Event to email the administrator when a Virus is detected and a message is moved to the Virus Quarantine. Those Virus Notifications are being caught in the Virus Quarantine instead of being delivered. Apparently it is something in the body causing this. We have the following:
 
"The message from #fromaddress# to #toaddress#, titled '#subject#', contained the #virusname# virus. It has been deleted."
 
I assume that either the #fromaddress#, #subject# or #virusname# fields is triggering the new ClamAV signatures.
 
I'm certainly willing to live without those Virus Quarantine Events for a 6000% increase in the effectiveness of ClamAV, but I thought it was worth noting in case anyone else relies on those notifications.
0
CCWH Replied
April 3, 2015 at 2:44 PM
Just as an update with this one, unfortunately even with the new procedure (copying clamd.conf and freshclam.conf to \bin) SM still does not run the clamd.exe x64 process.
 
I did do a test AV update using the comand line outlined above using 'freshclam.exe' and that was successful so I don't think this has anything directly to do with the x64 files.  SM simply isn't running the new executable and this might well be to do with the original location of the clamd.conf / freshclam.conf files.
 
On this test both the clamd.conf and freshclam.conf files are in the \etc folder (alone).  They were both copied to the new x64 \bin folder.  The clamd.conf already was edited re the line 25 deprecated issue.  Also, I stopped the SM IIS instance along with the service just in case on the second test, both ended with no clamd.exe process.
 
I have tried this so far on a 2008 R2 and not 2012 but I will try tomorrow.
 
It is pretty easy to revert.  No reboot needed now as long as the service AND site within IIS are stopped before reverting the folder structure back.
 
Also, the mail DOES stop flowing when the x64 clamd.exe process is not running.....so test carefully!
 
So, the solution whilst still using the built-in 32-bit ClamAV is FAR superior to out of the box....so...for the time being I think I will stick with that.  I will still test on the test server the x64 update though!  It is really weird that the .conf files are in different locations as I would suspect most stating 2008 R2 have either Web or Standard.  Might well be the difference.  Just to add....our 2008 R2 servers are R2 Web OS and our 2012 R2 are just Standard.
2
Matt Petty Replied
April 3, 2015 at 3:39 PM
Employee Post
We are actually working on support for ClamSup and 64bit support with ClamAV in SmarterMail after reading all the recent success. Thanks Joe!
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Webio Replied
April 3, 2015 at 10:35 PM
I'm wondering does all messages are being scanned by SmarterMail ClamAV? Or maybe there is a message size limit (I thought that I saw it somewhere but I could not find it) where if message is bigger it is not being scanned?
 
I'm asking because when I was testing Avast it was finding messages which size was about 1-3MB and for about 18 hours of ClamAV working (I know this is not a too big period of time) biggest message placed in Virus Quarantine is 14KB.
0
Steve Reid Replied
April 6, 2015 at 6:23 AM
After copying the config files to bin and installing C++ Redistributable Package 2010 x64, my server seems to be functioning well.
 
Updates work, clamd loads, no errors.
 
Thanks again Joe!!
1
ellisfr Replied
April 7, 2015 at 1:52 PM
Many thanks for your time and this great solution.
 
Had no problem installing it (just changed the clamd.conf path from bin to etc), I'll see tomorrow how it worked during the night.
 
I resent a mail with a zip virus I received last week, it was detected this time.
 
0
Sean Middlemore Replied
April 8, 2015 at 2:02 AM
I've managed to set it up correctly to run but I get an error when it downloads anything via rsync: A error occured while downloading *** [empty file]. Please check your C:\ClamSup\ClamSup.ini settings. I've opened up port 873 for rsync but it hasn't helped.

Sean
1
Gilbert Li Replied
April 8, 2015 at 9:19 AM
Will SmarterMail consider to implement this to the next update ?
I think instead of we do this manually, the next update from SmarterMail can add and install this properly for us that is call great support and service.
 
Or SmarterMail should consider to create a program to automate this installation.
 
Thanks again Joe Wolf for spending so much time and effort and share it with the community
1
Bruce Barnes Replied
April 8, 2015 at 9:42 AM
Steve Reid, you beat me to the punch, again!
 
Steve Reid Replied
April 6 at 8:23 AM
After copying the config files to bin and installing C++ Redistributable Package 2010 x64, my server seems to be functioning well.
 
Updates work, clamd loads, no errors.
 
Thanks again Joe!!
 
It looks like the installing Microsoft's C++ Redistributable Package 2010 x64 is required for Server 2012
 
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
ellisfr Replied
April 9, 2015 at 2:05 PM
Joe said : "Solution #1:  In SmarterMail | Settings | General Settings | Spool | Delivery Delay have at least 3 seconds for the Delivery Delay. "
 
I was thinking this setting may be more for people using command line scanner or RealTime Scanner, so the messages stay in the spool long enough for the scanner to process it.
 
But as ClamAV is integrated with SmarterMail, I would think SM wait for ClamAV to process the file before delivering it.
 
The setting to tweak could be :
SmarterMail | Security| Antivirus Administration | ClamAV | Timeout
 
"Timeout : The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds."
 
0
Webio Replied
April 16, 2015 at 1:17 AM
IMHO there is something wrong going on with clamd process management by SmarterMail.
 
Take a look at ClamAV stats from SmarterTools
 
Date - Connections - Failed Connections
 
Gateway1:
 
2015-04-10 - 45241 1550
2015-04-11 - 28470 635
2015-04-12 - 23822 5
2015-04-13 - 49920 4975
2015-04-14 - 47023 7743
2015-04-15 - 30172
1224
 
Gateway2:
 
2015-04-10 - 20485 21952
2015-04-11 - 24162 390
2015-04-12 - 22085 10
2015-04-13 - 11489 38756
2015-04-14 - 14147 34666
2015-04-15 - 13529 39870
 
Gateway3:
 
2015-04-10 - 19145 5
2015-04-11 - 14975 8
2015-04-12 - 12319 -
2015-04-13 - 23562 430
2015-04-14 - 22792 59
2015-04-15 - 22437 1626
 
About 2015-04-12 I've checked ClamAV, updated it to latest version available, stopped ClamAV from SmarterMail configuration panel, restarted SmarterMail processes and it looked like it is working fine as you see but day after without aby modification to SM or ClamAV failed connections started to show up. Does someone is experiencing similar issue?
 
I wanted to wait for official SmarterMail - ClamAV update to check if this will be somehow fixed but for now I wanted to ask if someone of you is experiencing similar issue.
 
EDIT: I'm also experiencing situations where 4 and more clamd.exe process are being spawned and all of them use a lot of CPU and they just being shut down and after some time they start again.
 
EDIT2: there is also another thing. Take a look at my clamd log file:
 
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:40 2015 -> +++ Started at Thu Apr 16 10:08:40 2015
Thu Apr 16 10:08:40 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:40 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:40 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:40 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:40 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:09:10 2015 -> +++ Started at Thu Apr 16 10:09:10 2015
Thu Apr 16 10:09:10 2015 -> +++ Started at Thu Apr 16 10:09:10 2015
Thu Apr 16 10:09:10 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:10 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:10 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:10 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:10 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:10 2015 -> Not loading PUA signatures.
Thu Apr 16 10:09:10 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:10 2015 -> Not loading PUA signatures.
o "TrustSigned".
Thu Apr 16 10:09:10 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:09:41 2015 -> +++ Started at Thu Apr 16 10:09:41 2015
Thu Apr 16 10:09:41 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:41 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:41 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:41 2015 -> Not loading PUA signatures.
Thu Apr 16 10:09:41 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:13 2015 -> +++ Started at Thu Apr 16 10:10:13 2015
Thu Apr 16 10:10:13 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:13 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:13 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:13 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:13 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:13 2015 -> +++ Started at Thu Apr 16 10:10:13 2015
Thu Apr 16 10:10:13 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:13 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:13 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:13 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:13 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:44 2015 -> +++ Started at Thu Apr 16 10:10:44 2015
Thu Apr 16 10:10:44 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:44 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:44 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:44 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:44 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:15 2015 -> +++ Started at Thu Apr 16 10:11:15 2015
Thu Apr 16 10:11:15 2015 -> +++ Started at Thu Apr 16 10:11:15 2015
Thu Apr 16 10:11:15 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:15 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:15 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:15 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:15 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:15 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:15 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:47 2015 -> +++ Started at Thu Apr 16 10:11:47 2015
Thu Apr 16 10:11:47 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:47 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:47 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:47 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:47 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:20 2015 -> +++ Started at Thu Apr 16 10:12:20 2015
Thu Apr 16 10:12:20 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:20 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:20 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:20 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:20 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:51 2015 -> +++ Started at Thu Apr 16 10:12:51 2015
Thu Apr 16 10:12:51 2015 -> +++ Started at Thu Apr 16 10:12:51 2015
Thu Apr 16 10:12:51 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:51 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:51 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:51 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:51 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:51 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:51 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:51 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:51 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:51 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:13:21 2015 -> +++ Started at Thu Apr 16 10:13:21 2015
Thu Apr 16 10:13:21 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:13:21 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:13:21 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:13:21 2015 -> Not loading PUA signatures.
Thu Apr 16 10:13:21 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:13:52 2015 -> +++ Started at Thu Apr 16 10:13:52 2015
Thu Apr 16 10:13:52 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:13:52 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:13:52 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:13:52 2015 -> Not loading PUA signatures.
Thu Apr 16 10:13:52 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:23 2015 -> +++ Started at Thu Apr 16 10:14:23 2015
Thu Apr 16 10:14:23 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:23 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:23 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:23 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:23 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:56 2015 -> +++ Started at Thu Apr 16 10:14:56 2015
Thu Apr 16 10:14:56 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:56 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:56 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:56 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:56 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:56 2015 -> +++ Started at Thu Apr 16 10:14:56 2015
Thu Apr 16 10:14:56 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:56 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:56 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:56 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:56 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:57 2015 -> +++ Started at Thu Apr 16 10:14:57 2015
Thu Apr 16 10:14:57 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:57 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:57 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:57 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:57 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:57 2015 -> +++ Started at Thu Apr 16 10:14:57 2015
Thu Apr 16 10:14:57 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:57 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:57 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:57 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:57 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:58 2015 -> +++ Started at Thu Apr 16 10:15:58 2015
Thu Apr 16 10:15:58 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:58 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:58 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:58 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:58 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:16:31 2015 -> +++ Started at Thu Apr 16 10:16:31 2015
Thu Apr 16 10:16:31 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:16:31 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:16:31 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:16:31 2015 -> Not loading PUA signatures.
Thu Apr 16 10:16:31 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:17:04 2015 -> +++ Started at Thu Apr 16 10:17:04 2015
Thu Apr 16 10:17:04 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:17:04 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:17:04 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:17:04 2015 -> Not loading PUA signatures.
Thu Apr 16 10:17:04 2015 -> Bytecode: Security mode set to "TrustSigned".
this is current log. Is this normal that clamd service is starting so frequently?
0
SmarterUser Replied
May 2, 2015 at 12:58 PM
Have it installed on on 2012 R2.  All the rsync updates happen fine, but of the 7 retrieved by http, 5 give an error every time -- the "empty file" error that an earlier poster experienced.  Any ideas why this might happen with 5 out of the 7?
 
Also, when this works correctly, do the time and date of ClamAV virus definitions update in Antivirus Administration?
0
Manuel Replied
June 11, 2015 at 6:47 AM
Hello,
with SmarterMail 14.x this ClamSup is ok or I need to implement this guide ?
 
 
0
Joe Wolf Replied
June 13, 2015 at 5:36 AM
Notice:  The process has somewhat changed (as of June 12, 2015).  Please see  http://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx#90480 for the latest configuration updates.  The paths may be different but the file names will remain the same.
Thanks,
-Joe
0
Bruce Barnes Replied
December 26, 2015 at 10:26 PM
Joe;
 
Do you have a summary document on how to better enable the scanning of .ZIP files in the 64 bit version of CLAMAV?
 
Thanks!
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Gilbert Li Replied
December 27, 2015 at 5:00 PM
Hi Experts,
I update the 14.x on the 24th Dec.
I copy both Freshclam.log and Clamd.log here.
Does it mean ClamAV works Ok ? It said the version is outdate
What is the best way to update the version from 0.97.6 to 0.99 ?
I download the 14.4.5801.and upgrade from 13.X.

Freshclam.log
--------------------------------------
ClamAV update process started at Sun Dec 27 05:05:42 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21197.cdiff [100%]
daily.cld updated (version: 21197, sigs: 1765004, f-level: 63, builder: neo)
Can't query daily.21197.67.1.1.172.110.204.67.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4189275 signatures) from database.clamav.net (IP: 172.110.204.67)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Sun Dec 27 11:05:43 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21198.cdiff [100%]
daily.cld updated (version: 21198, sigs: 1765180, f-level: 63, builder: neo)
Can't query daily.21198.67.1.1.69.12.162.28.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4189451 signatures) from database.clamav.net (IP: 69.12.162.28)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Sun Dec 27 17:05:45 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21199.cdiff [100%]
Downloading daily-21200.cdiff [100%]
daily.cld updated (version: 21200, sigs: 1765836, f-level: 63, builder: neo)
Can't query daily.21200.67.1.1.150.214.142.197.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4190107 signatures) from database.clamav.net (IP: 150.214.142.197)
Clamd successfully notified about the update.


Clamd.log
************************************************************
Sun Dec 27 00:25:00 2015 -> SelfCheck: Database status OK.
Sun Dec 27 00:57:49 2015 -> SelfCheck: Database status OK.
Sun Dec 27 01:28:43 2015 -> SelfCheck: Database status OK.
Sun Dec 27 02:00:06 2015 -> SelfCheck: Database status OK.
Sun Dec 27 02:49:03 2015 -> SelfCheck: Database status OK.
Sun Dec 27 03:39:52 2015 -> SelfCheck: Database status OK.
Sun Dec 27 04:18:04 2015 -> SelfCheck: Database status OK.
Sun Dec 27 04:48:16 2015 -> SelfCheck: Database status OK.
Sun Dec 27 05:07:12 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 05:07:30 2015 -> Database correctly reloaded (4296234 signatures)
Sun Dec 27 05:07:30 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 05:07:48 2015 -> Database correctly reloaded (4296234 signatures)
Sun Dec 27 05:43:02 2015 -> SelfCheck: Database status OK.
Sun Dec 27 06:13:02 2015 -> SelfCheck: Database status OK.
Sun Dec 27 06:47:22 2015 -> SelfCheck: Database status OK.
Sun Dec 27 07:21:03 2015 -> SelfCheck: Database status OK.
Sun Dec 27 07:51:08 2015 -> SelfCheck: Database status OK.
Sun Dec 27 08:26:49 2015 -> SelfCheck: Database status OK.
Sun Dec 27 08:56:50 2015 -> SelfCheck: Database status OK.
Sun Dec 27 09:29:00 2015 -> SelfCheck: Database status OK.
Sun Dec 27 10:00:08 2015 -> SelfCheck: Database status OK.
Sun Dec 27 10:35:57 2015 -> SelfCheck: Database status OK.
Sun Dec 27 11:06:39 2015 -> SelfCheck: Database modification detected. Forcing reload.
Sun Dec 27 11:06:40 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:06:57 2015 -> Database correctly reloaded (4296410 signatures)
Sun Dec 27 11:06:58 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:07:15 2015 -> Database correctly reloaded (4296416 signatures)
Sun Dec 27 11:07:16 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:07:33 2015 -> Database correctly reloaded (4296416 signatures)
Sun Dec 27 11:38:57 2015 -> SelfCheck: Database status OK.
Sun Dec 27 12:10:39 2015 -> SelfCheck: Database status OK.
Sun Dec 27 12:41:51 2015 -> SelfCheck: Database status OK.
Sun Dec 27 13:20:12 2015 -> SelfCheck: Database status OK.
Sun Dec 27 13:50:55 2015 -> SelfCheck: Database status OK.
Sun Dec 27 14:20:59 2015 -> SelfCheck: Database status OK.
Sun Dec 27 14:52:36 2015 -> SelfCheck: Database status OK.
Sun Dec 27 15:23:39 2015 -> SelfCheck: Database status OK.
Sun Dec 27 15:55:55 2015 -> SelfCheck: Database status OK.
Sun Dec 27 16:26:05 2015 -> SelfCheck: Database status OK.
Sun Dec 27 16:57:06 2015 -> SelfCheck: Database status OK.
Sun Dec 27 17:06:39 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 17:06:56 2015 -> Database correctly reloaded (4297080 signatures)
Sun Dec 27 17:06:57 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 17:07:14 2015 -> Database correctly reloaded (4297080 signatures)
Sun Dec 27 17:44:33 2015 -> SelfCheck: Database status OK.
Sun Dec 27 18:16:39 2015 -> SelfCheck: Database status OK.

Thanks very much

 

0
Jeffrey Pereira Replied
April 26, 2016 at 6:21 AM
Hi -
 
I am doing an new install of SmarterMail 15.
 
Are the steps listed here still relevant to 15 ?
 
Thank you.
 
Jeff
0
Nathan Harrington Replied
July 19, 2016 at 10:27 AM
Folks...I don't want to hijack Joe's thread, so I've started a new one somewhat related to this topic.  I'd appreciate it if a few of you with knowledge on this topic would take a moment to take a look at my questions and offer your comments.
 
 
0
John Reid Replied
July 22, 2016 at 10:23 AM
Joe, the link to the pre-configured package appears to be broken.
0
keith dovale Replied
August 25, 2016 at 11:22 AM
Hi,
 
We are running clam on our windows 2008 and 2012 servers, but our configuration is different maybe, we have a bin64 and a bin folder in our clam folder, the conf files is in the etc folder, and if the clamav64 cant load the clam32 loads, so basically smartermail tries to load the 64 bit version first then if it fails will load the 32bit version. We also use clamsup as well as a few other dbs from other providers and it works well.
 
Joe your link to the files doesnt work, so I cannot confirm what is different between our and your setups. maybe you can share it so we can see, I can zip our version up for anyone who would like to try it.
0
Jani Willberg Replied
August 31, 2016 at 7:39 AM
Also good clamav signatures detect linux php malware - malware.expert/signatures
0
Hemen Shah Replied
September 8, 2016 at 6:35 AM
Hi,
 
SM 15.x,
Can anyone share clamsup signatures giving better results apart from ones which are enabled by default.
 
Thanks in advance.
 
1
Michael Kowalski Replied
December 1, 2016 at 10:50 PM
If it's helpful to anyone, I got this setup myself without the download on an older version of SM. We started getting a ton of viruses for whatever reason, I guess our e-mail got onto some spam list.
 
Went from catching ~1 virus a week, to catching 50-60+ a day. It's really easy to do, but requires a little reading, copying over some files, and updating some paths.
 
Good luck, and thanks for the info it's helped us immensely. 

Reply to Thread