Warning: The below configuration works great for me, but use any of the following information at your own risk.
Problem: The standard SmarterMail install of ClamAV is very poor at catching viruses, trojans, and other malware. Currently any .zip file attachment can contain a .exe payload and ClamAV will not catch it.
I originally started at looking for ways to use the SpamAssassin MIMEHeader plugin to check for .exe files inside .zip files, but couldn't make it work. I've tried to use various command line antivirus scanners and none seemed to work well for me. I then started to try and write a ClamAV signature rule that would catch these messages, but I happened to find the below solution. I installed the below solution and then sent myself 18 different examples of .zip attachments with .exe virus / trojan payloads (all verified via VirusTotal). Before the below solution was installed all 18 were delivered to my Inbox, after the solution all 18 were caught and put into my Virus Quarantine. Zero false positives to date.
The below solution has the ability to stop a lot of spam, but I have disabled most of those tests because I don't believe spam filtering should be done by ClamAV. I just want to stop the viruses, trojans, phishing, and other malware. I have left the tests that accomplish this enabled.
I found that many of the original ClamAV developers and others have developed third party signatures that greatly increase the effectiveness of ClamAV. I do not take credit for any of the below. You can investigate all of the below at Sanesecutity http://sanesecurity.com
and you can do all of what I've done below yourself if you desire I've just made installation easier and configured it for use with the standard ClamAV installed by SmarterMail. Essentially all you're doing is adding thousands of additional signatures to ClamAV and automating hourly updates to catch the newest threats.
The below should work with any recent version of SmarterMail and ClamAV.
#2 Extract the contents of ClamSup.zip to the location of your choice. I used C:\ClamSup but you can use any location you choose, but my instructions will reference C:\ClamSup so if you choose a different location adjust accordingly.
#3 If your SmarterMail program files are installed on C:\Program Files (x86).... you don't need to do any editing, etc. If you've installed SmarterMail on a different drive or path you will need to edit the C:\ClamSup\ClamSup.cfg file to represent the proper paths. The file is simple to understand and you will need to change the path in four places in the ClamSup.cfg file. (On Edit: Some SmarterMail installations have the Clamd.conf file in the \etc folder instead of \bin - please verify that the proper path to Clamd.conf in the ClamSup.cfg matches the actual location of your Clamd.conf). An easy way to find the proper path for the ClamSup.cfg file just find your EXISTING clamd.conf and open it in notepad (or any text editor of you choice). You will see a line in the clamd.conf that says "Database Directory" and you can use that path for the "LOCALFOLDER" value in the ClamSup.cfg. The others should be simple to figure out.
#4 Run the ClamSup.bat file. This will download all the signatures to your ClamAV installation. There is a built in delay in the batch file so ClamAV can validate each new signature. It may take 10 minutes or so for the batch file to complete (most of this is delay time and adds very little load to your server). ClamAV will use slightly more RAM after the installation of the additional signatures.
#4 I suggest you add a scheduled task in Windows Task Scheduler to run C:\ClamSup\ClamSup.bat every hour to download any updated signatures (some are updated hourly). If you stay logged in to your SmarterMail server all the time you can run the ClamSup.bat in loop mode by changing the last line in your ClamSup.cfg from "LOOP_MODE=N" to "LOOP_MODE=Y". When the batch file is run in loop mode it will automatically download the signatures hourly, but if you log off the computer it will not run and you will need to use the Task Scheduler method.
#5 If you want to verify that your ClamSup installation is working properly take a look at your C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder (or whatever your path may be). You should see a total of 20 files and one folder called "SIG_TMP" (this temp folder holds the new verified signatures to be integrated into ClamAV and can be ignored).
That's all there is to it and you've turned ClamAV into one of the best antivirus solutions possible. I suggest you enable the Virus Quarantine and monitor the results. The signatures I enabled will catch a lot more than the stock ClamAV.
I have only enabled the signatures I feel are appropriate. You can add or remove them as desired. This is done by editing the C:\ClamSup\ClamSup.ini file. The description of the various signatures are at: http://sanesecurity.com/usage/signatures/
All of the signatures preceded by a "-" in the ClamSup.ini are disabled. All of the signatures enabled in my installation have a LOW false positive rate. If you decide to disable a signature add the "-" in from of that line in the ClamSup.ini and delete the associated file from the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder and the "SIG_TMP" folder.
I believe you'll see how good ClamAV can be. The above does increase memory usage slightly, but I see no additional load on my server. The ClamSup.bat file will only download new signatures when they are newer than those currently installed so it's very efficient. If you choose to use more aggressive signatures monitor your Virus Quarantine regularly.
I know everyone has different levels of abilities to make such changes. This is not a difficult process and I can implement it on a SmarterMail server in less than 4 minutes and never have to stop the SmarterMail service (it's transparent and just works great). The Path values are the most important part. Verify your path values! Also install it as an Administrator.