9
SM 14 ClamSup problems and how to fix them (temporarily at least)
Problem reported by Joe Wolf - 6/12/2015 at 9:56 PM
Resolved
I've noticed reduced performance of ClamSup in SM 14 and took a look at the configuration.  One of the major signature providers has changed their update methods and ClamSup is throwing all kinds of errors.  Here's how to fix the problem, but this will only last until you reinstall or update SmarterMail.  I'll work on a more permanent solution later.
 
Locate your SmarterMail/Service/Clam folder and make a backup copy.
 
Navigate to the SmarterMail/Service/Clam/ClamSup folder and edit the ClamSup.ini file.
Locate the following lines in the ClamSup.ini file:
 
# SecuriteInfo honeynet.hdb
http://clamav.securiteinfo.com;honeynet.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfobat.hdb
http://clamav.securiteinfo.com;securiteinfobat.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfodos.hdb
http://clamav.securiteinfo.com;securiteinfodos.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfo.hdb
http://clamav.securiteinfo.com;securiteinfo.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfohtml.hdb
http://clamav.securiteinfo.com;securiteinfohtml.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfooffice.hdb
http://clamav.securiteinfo.com;securiteinfooffice.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfopdf.hdb
http://clamav.securiteinfo.com;securiteinfopdf.hdb;N;Y;Y;N;N
 
Either copy the below lines or edit the existing lines to look like the following (note we're just putting a "-" in front of each download request):
 
# SecuriteInfo honeynet.hdb
-http://clamav.securiteinfo.com;honeynet.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfobat.hdb
-http://clamav.securiteinfo.com;securiteinfobat.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfodos.hdb
-http://clamav.securiteinfo.com;securiteinfodos.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfo.hdb
-http://clamav.securiteinfo.com;securiteinfo.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfohtml.hdb
-http://clamav.securiteinfo.com;securiteinfohtml.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfooffice.hdb
-http://clamav.securiteinfo.com;securiteinfooffice.hdb;N;Y;Y;N;N
# SecuriteInfo securiteinfopdf.hdb
-http://clamav.securiteinfo.com;securiteinfopdf.hdb;N;Y;Y;N;N
 
Save the edited ClamSup.ini file.
 
Locate the ClamSup.error file in the same folder and delete that file.  It just contains all the errors from the existing setup.
 
Navigate to the SmarterMail/Service/Clam/Share/clamav folder and DELETE all files that start with "securite" and also delete the SIG_TMP folder.
 
In a web browser go to the following site: https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml and hit the Get Started button. Enter a valid email address and follow the steps to get an account (it requires you to receive two email messages).  Once registered (you don't have to give any information other than your email address) you'll be on a page that has tabs like My Account | Setup | Contact Us, etc.  Go to the Setup tab and you'll see a section that says, "Cut and Paste the following lines in your freshclam configuration file (usually /etc/clamav/freshclam.conf)".  Copy all six lines.
 
Navigate to your SmarterMail/Service/Clam/etc folder and edit the freshclam.conf file.  You'll see a line that says "MaxAttempts 3" and insert the six lines we copied in the above paragraph below that line.  Now we need to get rid of one of those lines since we don't want ClamAV doing spam checking so delete the line that ends with "spam_marketing.ndb" (it should be the 4th line you just insterted into the freshclam.conf).  So we now have five new lines inserted in the freshclam.conf and no blank lines... save the freshclam.conf file.
 
Now navigate back to the SmarterMail/Service/Clam/ClamSup folder and double click on the ClamSup.bat file (run it).  It should complete in a few seconds and NO ClamSup.error file should have been created.  If you see a ClamSup.error file then you made a mistake and start over.
 
Now navigate to the SmarterMail/Service/Clam/Share/clamav folder and make sure no files that start with "securite" are present.  If so you made a mistake and start over.  
 
Go into your SmarterMail web admin site and go to Security | Anitivirus Administration | ClamAV tab | then hit the Update ClamAV button.  You can then watch the SmarterMail/Service/Clam/Share/clamav folder and watch the files that start with "securite" be created.  Be patient because this may take a few minutes.  If they appear then all is well.
 
This will correct the ClamSup problems (at least until you reinstall or update SmarterMail).
 
 
 
Thanks,
-Joe

24 Replies

Reply to Thread
0
CCWH Replied
Thanks for the info Joe, great work. That might have just made my decision to delay our v14 upgrades this evening! If this is fixable within the next SM release it might be worth waiting for us!
0
Joe Wolf Replied
This should apply to those users using my original ClamSup users. I wish I at least got some kind of credit for it. Frustrated. I offered to help and was put on HOLD. It's a shame when someone wants to help but is ex-communicated. Tim, I DO NOT UNDERSTAND WHY. CALL ME AND LET'S TALK. There is SO much more that I've already developed that could be used in SmarterMail. My suggestions just get dropped. is that what you want?????
Thanks, -Joe
1
Joe Wolf Replied
As a side note... the above would apply to anyone running ClamSup on any version of SmarterMail.  The paths may vary, but the files remain the same.
Thanks, -Joe
0
CCWH Replied
I, probably like many others, am surprised to hear you were left out of the ClamSup addition to v14! Especially as it was your initial work...and lots of it that brought ClamSup to all SmarterMail users!
0
SmarterUser Replied
Joe, you just need to release your spam solution.  I'm fairly certain you'll have a lot of customers willing to pay for it.
0
CCWH Replied
Just to add to this - Anyone going through this process - Sign up to Securite BEFORE completing the upgrade/changes or whitelist their email address:  www-data [at] securiteinfo [dot] com
 
I say this as we have our greylisting on all SM servers set to 60 seconds retry....I have now been waiting 30 minutes and their mail server has not retried sending the email.
0
Joe Wolf Replied
I'm not looking for any recognition... just trying to provide solutions to help make SmarterMail a better product. To be honest I did suggest to SmarterTools that they should maintain a repository of the signature files that is updated hourly. That would allow all of us to update more often. They apparently didn't like the idea.
Thanks, -Joe
0
Joe Wolf Replied
I'm not going to charge anyone for such things. This latest issue needs to resolved by SmarterTools. There are three files that should NOT be removed or overwritten when uninstalling or upgrading SmarterMail. They are specifically clamd.conf, freshclam.conf, and local.cf. These files are where we are supposed to be able to make permanent configuration changes for ClamAV and SpamAssassin. As long as SmarterMail continues to erase those files each time you uninstall or upgrade then it makes the types of things I want to do very difficult. If SmarterTools refuses to cooperate then the solution would be to not use SmarterMail for ClamAV and SpamAssassin and replace it with SpamAssassin In A Box (which is very inexpensive) and you can run ClamAV from inside it instead.
Thanks, -Joe
0
SmarterUser Replied
So how would this solution differ when using SpamAssassin in a Box?
0
Joe Wolf Replied
SmarterMail would not have the ability to overwrite the configuration files.
Thanks, -Joe
0
Webio Replied
Thank you Joe. Regarding other ClamAV issues I had to configure ClamAV as remote service and run it manually and also move configuration files to bin folders because when ClamAV was set as a local service it would not start at all or I saw multiple services being spawned and using 100% CPU. It looks like best solution involving ClamAV is to run it manually as a service separately from SM.
0
Joe Wolf Replied
I can't claim to have every SM configuration. The information is hidden from me and I have no access to anyone at ST. That's why I'm working on an external solution. If a person is not willing to spend $30 - $40 per year (or less) then they're not serious (and I won't make a penny off of it). I don't have the time or patients to educate everyone on every detail... just tell everyone what WILL work no matter what. We will end the debate on "what is spam", etc. and move forward with a common goal. Our job is to deliver valid email, our secondary job is to block as much spam as possible and do our best effort to block viruses and malware. It is NOT our job to educate the rest of the world on blocking a mal-configured server or block ANY message (other than viruses and malware) without letting either the sender or recipient know of the disposition of EVERY message. It is irresponsible for us to DELETE any message (unless it's a virus, malware, etc.) based on our arbitrary definition of spam. Sorry to unload on you, but there's so much BS floating around it makes me sick. -Joe
Thanks, -Joe
0
Webio Replied
Actually I'm not expecting from you to have all the answers. I just wanted to thank you for your solution because as far as I can see securiteinfo is quite good addition to ClamAV and it's great that you've pointed direction how to use it.
0
Joe Burkhead Replied
Joe, thank You! It is due to the efforts of people like you that I have hopes of finally whipping the spam issue. Your willingness to share your knowledge and efforts for the good of others is commendable! I am ready, willing, and anxious to implement your new solution as soon as you are ready to release it.
0
Hemen Shah Replied
Hi Joe,
 
yesterday when i upgraded to SM14 and waited for a while for all signatures to be updated but then there was no clam error file was generated, today i am seeing the way you have described 
 
Date: Mon 06/15/2015 
Time:  4:52:28.44 
 ERROR: A error occured while updating securiteinfopdf.hdb [empty file]. Please check your C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\ClamSup\ClamSup.ini settings!
 
so need to follow the way you have suggested is there anything else to be done apart from adding "-" to hdb's
 
Thanks once again for all proactive efforts and educations.
 
Cheers.
0
Steve Reid Replied
I tried a few email addresses and it says they are all blacklisted. I can't seem to signup.
0
Webio Replied
On my end I was getting blacklisted error but after pressing F5 it worked. The same situation I had with using contact form (F5 sent message from contact form)
0
Steve Reid Replied
I just tried that from firefox and it still didn't work. I tried again from IE and got the same blacklisted message, however this time F5 worked! Thanks!!
0
Steve Reid Replied
Gee Wiz that site is buggy, even to login I had to use the F5 trick
0
Steve Reid Replied
Joe I was comparing the ClamSup.ini file to the one from your distro and they seem the same.
 
What other tests do you recommend that are not running by default in SM?
0
Joe Wolf Replied
Right now I can't say. I'm re-evaluating the overall situation and trying to verify the best signatures possible.
Thanks, -Joe
0
Matt Petty Replied
Employee Post
This will be fixed in the next minor (very soon).
Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Webio Replied
Hello Joe,
 
I just wanted to thank you for pointing this solution. IMHO it works great (I'm using paid version). Here you have stats from one of my gateways:
 
Day Avg.
Active
Connections
Connections Failed
Connections
8/16/2015 - 67002 110
8/17/2015 - 88767 87
8/18/2015 - 93291 123
8/19/2015 - 97045 68
8/20/2015 - 87032 136
8/21/2015 - 80421 46
8/22/2015 - 21628 129
 
Day Viruses
8/16/2015 51934
8/17/2015 47531
8/18/2015 49616
8/19/2015 48224
8/20/2015 42536
8/21/2015 40299
8/22/2015 15961
 
I have similar stats from other two of my gateways.Too bad we can't select how Virus in SmarterMail should be handled because I'm interested how disabled marketing DB (spam_marketing.ndb) would perform.
 
Thanks
 
EDIT: I'm using standalone ClamAV instance installed on the same Windows system as SmarterMail gateways. I've decided to do that to have better control over ClamAV process and it's updating (I'm using system Scheduled Tasks).
0
J Lee Replied
Hi Joe
 
I have this set up correctly I believe, I see virus listing in the reports but nothing the C:Quarantine folder?  If the folder is empty does that mean something is not working.
 
Thank You for your time.
 
J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

Reply to Thread