Back to Community Threads
21
How to greatly improve ClamAV - even zero hour style protection for FREE!
Idea shared by Joe Wolf - 4/1/2015 at 7:24 PM
Completed
Warning:  The below configuration works great for me, but use any of the following information at your own risk.
 
Notice:  The process has somewhat changed (as of June 12, 2015).  Please see  http://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx#90480 for the latest configuration updates.  The paths may be different but the file names will remain the same.
 
Problem:  The standard SmarterMail install of ClamAV is very poor at catching viruses, trojans, and other malware.  Currently any .zip file attachment can contain a .exe payload and ClamAV will not catch it.  
 
I originally started at looking for ways to use the SpamAssassin MIMEHeader plugin to check for .exe files inside .zip files, but couldn't make it work.  I've tried to use various command line antivirus scanners and none seemed to work well for me.  I then started to try and write a ClamAV signature rule that would catch these messages, but I happened to find the below solution.  I installed the below solution and then sent myself 18 different examples of .zip attachments with .exe virus / trojan payloads (all verified via VirusTotal).  Before the below solution was installed all 18 were delivered to my Inbox, after the solution all 18 were caught and put into my Virus Quarantine.  Zero false positives to date.
 
The below solution has the ability to stop a lot of spam, but I have disabled most of those tests because I don't believe spam filtering should be done by ClamAV.  I just want to stop the viruses, trojans, phishing, and other malware.  I have left the tests that accomplish this enabled.
 
Solution:  I found that many of the original ClamAV developers and others have developed third party signatures that greatly increase the effectiveness of ClamAV.  I do not take credit for any of the below.  You can investigate all of the below at Sanesecutity http://sanesecurity.com and you can do all of what I've done below yourself if you desire  I've just made installation easier and configured it for use with the standard ClamAV installed by SmarterMail.  Essentially all you're doing is adding thousands of additional signatures to ClamAV and automating hourly updates to catch the newest threats.
 
The below should work with any recent version of SmarterMail and ClamAV.
 
#1  You can download my pre-configured package from this link: https://www.dropbox.com/l/kQfIHSio6bUWk5VcX8o2hr  You will be downloading a file named ClamSup.zip.  It is virus free and you are free to scan it with any scanner you choose.  
 
#2  Extract the contents of ClamSup.zip to the location of your choice.  I used C:\ClamSup but you can use any location you choose, but my instructions will reference C:\ClamSup so if you choose a different location adjust accordingly.
 
#3  If your SmarterMail program files are installed on C:\Program Files (x86).... you don't need to do any editing, etc.  If you've installed SmarterMail on a different drive or path you will need to edit the C:\ClamSup\ClamSup.cfg file to represent the proper paths.  The file is simple to understand and you will need to change the path in four places in the ClamSup.cfg file. (On Edit:  Some SmarterMail installations have the Clamd.conf file in the \etc folder instead of \bin - please verify that the proper path to Clamd.conf in the ClamSup.cfg matches the actual location of your Clamd.conf).  An easy way to find the proper path for the ClamSup.cfg file just find your EXISTING clamd.conf and open it in notepad (or any text editor of you choice).  You will see a line in the clamd.conf that says "Database Directory" and you can use that path for the "LOCALFOLDER" value in the ClamSup.cfg.  The others should be simple to figure out.
 
#4  Run the ClamSup.bat file.  This will download all the signatures to your ClamAV installation.  There is a built in delay in the batch file so ClamAV can validate each new signature.  It may take 10 minutes or so for the batch file to complete (most of this is delay time and adds very little load to your server).  ClamAV will use slightly more RAM after the installation of the additional signatures.  
 
#4  I suggest you add a scheduled task in Windows Task Scheduler to run C:\ClamSup\ClamSup.bat every hour to download any updated signatures (some are updated hourly).  If you stay logged in to your SmarterMail server all the time you can run the ClamSup.bat in loop mode by changing the last line in your ClamSup.cfg from "LOOP_MODE=N" to "LOOP_MODE=Y".  When the batch file is run in loop mode it will automatically download the signatures hourly, but if you log off the computer it will not run and you will need to use the Task Scheduler method.
 
#5  If you want to verify that your ClamSup installation is working properly take a look at your C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder (or whatever your path may be).  You should see a total of 20 files and one folder called "SIG_TMP" (this temp folder holds the new verified signatures to be integrated into ClamAV and can be ignored).
 
That's all there is to it and you've turned ClamAV into one of the best antivirus solutions possible.  I suggest you enable the Virus Quarantine and monitor the results.  The signatures I enabled will catch a lot more than the stock ClamAV.  
 
NOTES:  I have only enabled the signatures I feel are appropriate.  You can add or remove them as desired.  This is done by editing the C:\ClamSup\ClamSup.ini file.  The description of the various signatures are at: http://sanesecurity.com/usage/signatures/   All of the signatures preceded by a "-" in the ClamSup.ini are disabled.  All of the signatures enabled in my installation have a LOW false positive rate.  If you decide to disable a signature add the "-" in from of that line in the ClamSup.ini and delete the associated file from the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder and the "SIG_TMP" folder.
 
I believe you'll see how good ClamAV can be.  The above does increase memory usage slightly, but I see no additional load on my server.  The ClamSup.bat file will only download new signatures when they are newer than those currently installed so it's very efficient.  If you choose to use more aggressive signatures monitor your Virus Quarantine regularly.
 
I know everyone has different levels of abilities to make such changes.  This is not a difficult process and I can implement it on a SmarterMail server in less than 4 minutes and never have to stop the SmarterMail service (it's transparent and just works great).  The Path values are the most important part.  Verify your path values!  Also install it as an Administrator.
 
-Joe
Thanks,
-Joe

102 Replies

Reply to Thread
0
Fantastic Joe! Thank you! It just so happens I have a little free time later today so I will complete the changes as above and confirm the outcome. We've been getting so many viruses going through the email servers lately and have tried external AV scanners with little to no success as you have. Again, really appreciate you sharing this solution!
0
Great job, Joe.  Thanks for putting in all of the time and sharing this resource!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks a lot for this!!
 
I got an error:
 
ERROR: The configured ClamD.conf file (C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\bin\clamd.conf) was not found.
 
 
But after I changed the last folder in the path to etc instead of bin, everything worked fine.
0
That's interesting, the batch worked fine for me in the testing.
0
Not sure why my clamd.conf is in a different folder, I have never touched it. But it was an easy fix and is working fine now.
0
Actually, that's even weirder...I have just checked and the clamd.conf is indeed within/etc and not /bin. I will rerun the batch just in case!
0
Perhaps different versions of SmarterMail install clamd.conf in different locations. Please verify your paths! Thanks for letting me know and I've noted this issue in the original post.
Thanks, -Joe
0
I'm very impressed with the results. My system has caught 37 .zip with an .exe payload just since I posted the above message. I'm confident that ClamAV alone would have caught none of them.
Thanks, -Joe
1
I would like to test the effectiveness of this update... How were you testing it?
0
Since any messages it finds go into the Virus Quarantine I had nothing to lose by going live with it after I sorted thru the various signatures I wanted to use. So even if it went bad I'd still have the messages in the Quarantine. The results so far have been ZERO false positives and not a single .zip with a .exe payload has made it thru to a user. I tested by sending 18 known infected files thru ClamAV before activating the new signatures and all were delivered, then sending the same 18 known infected files thru ClamAV after the new signatures were online and all 18 were sent to the Virus Quarantine. It also catches a lot more phishing attempts. No false positives to date. Since there are no real system changes if you don't like it you simply delete the ClamSup folder and delete the associated signatures in your ClamAV folder.
Thanks, -Joe
1
Just carrying out some testing.
 
Using Email Security Check (http://www.emailsecuritycheck.net/) pre Clam AV Signature update all 7 tests get through.  After the update 6 out of the 7 still get through.  I will keep testing.
0
I know the work you put into figuring this all out. So there is no chance I will not like it, lol.
0
All of those are variants of the EICAR test and I doubt that any of the new signatures have any interest in EICAR.
Thanks, -Joe
0
Thanks for that. I can confirm that whilst testing on a live server (yeah...shhhh!) it has caught 6 live and real viruses! That is just in an hour or so! I checked the quarantine and no false positives. All other tests have been successful and no real change in resources too. So...thank you again Joe....you have already made a difference with the work you have shared.
0
Getting the following error:
 
Date: Thu 04/02/2015 
Time: 18:40:21.41 
 
ERROR: The configured local folder does not exist! 
 
ClamSup directory is on the "D" drive, along with SmarterMail
 
Been a very long day.  Am I missing something?
 
Here's the batch file, modified to show the ETC folder and "D" drive for SmarterMail:
 
#
# - [ ClamSup Updater options ] - #
#

# - [ The local path where updates should be downloaded/extracted to ] - #

LOCALFOLDER=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\share\clamav

# - [ Filename/Location of Clamscan.exe ] - #
# - [ Needed if the testing of downloaded signatures is enabled ] - #

CLAMSCAN=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\bin\clamscan.exe

# - [ Filename/Location of ClamDscan.exe ] - #
# - [ Needed if ClamD should be signaled to reload it's signatures ] - #
# - [ Leave empty to disable ] - #

CLAMDSCAN=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\bin\clamdscan.exe

# - [ Filename/Location of ClamDscan's config file (clamd.conf) ] - #
# - [ Only needed if ClamD should reload it's signatures (See above) ] - #

CLAMD_CONFIGFILE=D:\PROGRA~2\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf

# - [ What errors should be logged to the error log file ] - #
# - [ 1: Only critical errors ] - #
# - [ 2: All errors (recommended) ] - #

LOG_LEVEL=2

# - [ Lets the scrip run infinitely ] - #

LOOP_MODE=N
Thanks!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
thanks for this. it works but not on windows 2012. Seems to be patch problem. Even put "" on path does not work. Have error 'Files was unexpected at this time.'
0
Bruce, do you have SmarterMail in Program Files (x86) or Program Files? If it's just Program Files (not (x86) change the path to: D:\PROGRA~1\SmarterTools\ ... in other words PROGRA~1 instead of PROGRA~2). If you open your existing clamd.conf you will see a line giving you the proper path to the "LOCAL FOLDER" path in the ClamSup.cfg. Here's my example: "DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav"
Thanks, -Joe
0
I have noticed that the number of failed connections to ClamAV increased since installing ClamSup and I was monitoring what was going on.  I found two things.  First that the version of ClamAV installed by SmarterMail is outdated and only a  32-bit process.  The additional signatures were taking longer than SmarterMail allowed and the file was moved from the spool before ClamAV finished scanning.  I found two ways to help this problem.
 
Solution #1:  In SmarterMail | Settings | General Settings | Spool | Delivery Delay have at least 3 seconds for the Delivery Delay. This is probably a good idea even if you decide to implement Solution #2 below.
 
NOTICE:  Several people running Windows Server 2012 have reported problems running the 64-bit version of ClamAV.  I'm not having any problems but Server 2012 adds additional risk. (4/10/15 UPDATE: Apparently Windows Server 2012 need to have C++ Redistributable Package 2010 x64 package installed for proper operation).
 
Solution #2  I decided to update my ClamAV install to ClamAV 0.98.60 64-bit instead of the default SmarterMail installed version of 0.97.1.0 32-bit.  Keep in mind that you can't do this unless you're on a 64-bit OS.  The 64-bit version runs much faster than the 32-bit version of ClamAV.
 
If you want to do this it's rather simple to do.  I've packaged the proper files here (it's a clean .zip file) https://www.dropbox.com/s/ns4k2jml0zpc8d5/ClamAV-x64.zip?dl=0  
 
Download the file and unzip it in any temporary folder you desire.
Locate your existing ClamAV "bin" folder (for example on my system is at: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\clam\bin ).  Make a backup of this folder.
 
To install the new 64-bit ClamAV you will need to Stop the SmarterMail service, then end the "clamd.exe *32" process in the Task  Manager.  Then delete all the files in your ClamAV "bin" folder EXCEPT the clamd.conf and freshclam.conf files if they are present. Once you've done that then simply copy the files from the download above into the ClamAV bin folder (but keeping the existing clamd.conf and freshclam.conf if they were already present in that folder if not we'll take care of that in the next step).  Open the clamd.conf file and remove the line near the bottom that says: "MailFollowURLs no" (even if it says MailFollowURLs yes).  The MailFollowURLs value is no longer valid in ClamAV.
 
If you do NOT have a clamd.conf and freshclam.conf in the \bin folder you will need to find them in the \etc and COPY them to the \bin folder (remove the MailFollowURLs line from the clamd.conf first or just remove it from both copies).  It's fine for you to have the .conf files in both locations as long as they're identical.  Make sure to remove the "MailFollowURLs no" or "MailFollowURLs yes" from all your clamd.conf files.
 
Verify that your ClamAV can update the signature files.  To do this open a command prompt in your ClamAV /bin folder (while viewing that folder in Windows Explorer just hold down the Shift key and right click on any whitespace (not on a file or with a file selected) and select "Open command window here".  Verify the command window is open in the \bin folder (in my example I would be located at: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin> ).  At the command prompt enter "freshclam.exe" (without the quotes) and hit enter.  You should see ClamAV either verifying or downloading the latest signature files.  Once finished you can close the command window.  You can navigate to the \clam\log folder and open the freshclam.log in notepad or text editor of your choice and you can verify that freshclam.exe ran properly.
 
Once the new files are copied all you need to do is Start the SmarterMail service.  SmarterMail will automatically use the newer ClamAV version in 64-bit mode.  You can verify this in your Task Manager by noting that is now listed as "clamd.exe" instead of "clamd.exe *32".  You can also verify that SmarterMail will update the ClamAV signatures by going to Security | Antivirus Administration | ClamAV tab | select Update ClamAV.  All SmarterMail does is open an instance of freshclam.exe.  If you think you have a problem you can take a look at the clam\log\freshclam.log and look for any errors.  Please note that SmarterMail will show "updating" and will not show the update was successful until you navigate to a different area in SmarterMail and then go back into Security | Antivirus Administration | ClamAV tab (it doesn't update the status real-time)
 
NOTE:  If you don't stop the SmarterMail service and end the clamd.exe *32 process you won't be able to delete all the files (but again make sure to KEEP the existing clamd.conf file).
 
Also note that if you upgrade, update, or re-install SmarterMail you will have to do all of the above over again because it will overwrite the newer 64-bit version with the older 32-bit version of ClamAV.
 
I've not encountered any problems by using the newer 64-bit ClamAV, but if you have any problems you can simply restore your backup, or simply re-install SmarterMail.
 
I know everyone has various skill levels.  I can easily implement the above changes on any recent version of SmarterMail in under 2 minutes.  This is not a complicated process.  Just stop the SmarterMail service, end the spamd *32 process, delete all the \bin folder files EXCEPT clamd.conf and then just copy the files from the download to the \bin folder and restart the SmarterMail service.  It's really that easy.
 
-Joe
 
Thanks, -Joe
0
It works fine in Windows Server 2012.... you just have a path issue. I've updated the original post to help you find the proper path.
Thanks, -Joe
0
The http://www.emailsecuritycheck.net/ sends a bunch of .bat attachments which are of little interest unless you want to block .bat extensions. If you want to do that it's pretty simple, but the problem is in .zip extensions with .exe payloads and ClamSup takes care of that. Ignore the http://www.emailsecuritycheck.net/ results. Only one of the 7 sent should be caught. The rest are .bat files which are of little interest.
Thanks, -Joe
0
I've updated the original post to help everyone get the proper path corrected.
Thanks, -Joe
0
I will keep the download link updated with the latest version of ClamAV 64-bit as new versions are released. Just make sure you're using a 64 bit OS (Windows Server 8r2 and 2012, etc.). There is no way for me to test this on ALL versions of SmarterMail, but since all of the above can easily be reversed you have little to lose by giving it a try. I've updated several servers and not one had any issues of any kind. The newer 64-bit ClamAV seems to work better with .zip attachements with .exe payloads than the older 32-bit version. Please keep in mind that NONE of the above is official from SmarterTools or endorsed by them in any way. I'm just using all my abilities to protect my customers. The added benefit is that most compromised accounts will no longer be able to send out messages with dangerous payloads because ClamSup will quarantine them. It really is a very good solution to date. Most people seem to be having path problems in the ClamSup.cfg. I wasn't aware that SmarterMail installed the ClamAV in so many different ways. Just take your time and you'll get it running. Check the original post for updates on how to find the proper paths for ClamSup.cfg.
Thanks, -Joe
0
The SERVER name is "SmarterMail Server" The "D" drive, on which SmarterMail is installed, is named, "SmarterMail" The path for the ClamSup drive is "D:\ClamSup\" The path for the SmarterMail installation is, "D:\Program Files (x86)\SmarterTools\SmarterMail\MRS\
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Here's the output if I list the entire path in the INI file: ClamSup/1.3.1.1 - tBB 2o1o - tbb@hideout.ath.cx Using [ D:\ClamSup\ClamSup.ini ] as url configuration file. 'FILES' is not recognized as an internal or external command, operable program or batch file. 'FILES' is not recognized as an internal or external command, operable program or batch file. 'FILES' is not recognized as an internal or external command, operable program or batch file. Removing D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\share\clamav\INetMsg-SpamDomains-2w.ndb The system cannot find the path specified. Removing D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\share\clamav\SIG_TMP\INetMsg-SpamDomains-2w.ndb The system cannot find the path specified. Removing D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\share\clamav\winnow_phish_complete_url.ndb The system cannot find the path specified. Removing D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\share\clamav\SIG_TMP\winnow_phish_complete_url.ndb The system cannot find the path specified. -------------------------------------------------------- Updating winnow_malware.hdb -------------------------------------------------------- \SmarterTools\SmarterMail\Service\Clam\share\clamav\ was unexpected at this time. D:\ClamSup>
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
You should not be changing the path in the ClamSup.ini, but rather in the ClamSup.cfg. Just look at the file existing clamd.conf for the proper path for ClamSup.cfg. I'm sorry that I didn't better explain the path situation. I was not aware of so many different SmarterMail paths to ClamAV. If you use the path in your existing Clamd.conf you'll be on the right path. I promise!
Thanks, -Joe
0
I am changing the CFG file: # # - [ ClamSup Updater options ] - # # # - [ The local path where updates should be downloaded/extracted to ] - # LOCALFOLDER=D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\share\clamav # - [ Filename/Location of Clamscan.exe ] - # # - [ Needed if the testing of downloaded signatures is enabled ] - # CLAMSCAN=D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\bin\clamscan.exe # - [ Filename/Location of ClamDscan.exe ] - # # - [ Needed if ClamD should be signaled to reload it's signatures ] - # # - [ Leave empty to disable ] - # CLAMDSCAN=D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\bin\clamdscan.exe # - [ Filename/Location of ClamDscan's config file (clamd.conf) ] - # # - [ Only needed if ClamD should reload it's signatures (See above) ] - # CLAMD_CONFIGFILE=D:\PROGRAM FILES (x64)\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf # - [ What errors should be logged to the error log file ] - # # - [ 1: Only critical errors ] - # # - [ 2: All errors (recommended) ] - # LOG_LEVEL=2 # - [ Lets the scrip run infinitely ] - # LOOP_MODE=N If I leave the shortened path, it doesn't run at all. If I put the full path in, then it runs, and ends in the error I previously showed.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
I really DISLIKE the COMMENT editor and display!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Open your existing clamd.conf you will see a line giving you the proper path to the "DatabasDirectory="and that should match the path to to the "LOCALFOLDER=" path in the ClamSup.cfg. Then it shouldn't be hard to figure out the other three paths. Once you have the paths correct it WILL work.
Thanks, -Joe
0
And yes I really dislike the Post Comment option. Makes it a jumbled mess. I wish SmarterTools would ELIMINATE Post Comment and only allow Reply to Tread (like the rest of the world does).
Thanks, -Joe
1
Thanks for all the work Joe.  This solution has been far far better even overnight!
 
I will update to ClamAVx64 shortly.  I am wondering why SmarterTools have not used, or given the option of using, the x64 version.....very weird.
 
One thing to note, when using the Loop Mode within ClamSup.cfg it shows the following error ever hour:
 
 
I ran it overnight with output to a .txt file and saw the above.
 
There are no errors shown within the ClamSup.error file.  But it looks like it hasn't run as the text output file only shows the last manual run...so the first run.  It looks like there is an old bit of code within the config file.  I will take a look at the line 25 later.  Might be worth removing just to clean it up a bit.
0
I have now made the ClamAV change, however there is an issue.  ClamAV shows as 'updating' constantly within SmarterMail and no clamd.exe is running within Task Manager:
 
 
This is on a 2008 R2 x64 machine running SM13.3 Enterprise.
1
Unfortunately the change did not work.  When trying to revert back to the x86 folder the webmail failed to load with the whoops admin page.  The clamd.exe *32 did show as running after the procedure (stop service, remove/rename old bin folder and move/rename original folder).
 
I have had to complete a reboot of the server for the service to start back correctly within IIS.  Unsure of the issue.
 
After reverting back to the 32bit \bin folder and the reboot then clamd *32 process is running normally and the Virus definitions are now updating.
 
I think I will take another look at this later.
0
Check your SmarterMail clamd.conf line 25. Mine is set as "MailFollowURLs no" and I'm not seeing that error. As far as I know MailFollowURLs is not supported in the Windows port of ClamAV so if it's set to "yes" that might be causing the error.
Thanks, -Joe
0
That means the main signature files in ClamAV are missing. Some versions of SmarterMail wouldn't update them properly if they're missing. Not sure how that may have happened, but I'll put up a copy of the latest ClamAV pattern files soon.
Thanks, -Joe
0
Quick note (I'm curently configuring this package): I had to install Microsoft Visual C++ 2010 Redistributable Package (x64) (http://www.microsoft.com/en-us/download/details.aspx?id=14632) to make x64 ClamAV on my Windows Server.
0
Thanks Joe. Just checked and it is set to 'no'.
1
Employee Replied
4/3/2015 at 8:06 AM
Employee Post
Thanks for the resource, Joe!
0
Interesting that you agree this is a resource and I am sure you agree helpful to others....we had many like this in the old forum......
0
CCWH: ours was updating all night, too - and we received no e-mail during that period. I had to uninstall and reinstall SmarterMail to get it to work again. I have no doubt that Joe has a great solution here, but, given the fact that there are so many different versions of Windows Server; that Server 2012 does things a whole lot differently (and we're running it); and, as Joe found out, SmarterMail is installed differently on some machines - for whatever reason, I'll wait till this is a bit more proven.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
I use a localized version (IT) of Win Server 2012 R2 foundation and I get command syntax error when running ClamSup.bat - Tried with cmd /c same error... checked paths 12 times.
0
rechecked paths... the 13 time finally worked. Im using the short path with LOCALFOLDER=C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
0
I just found others reporting the same problem. Apparently "MailFollowURLs" is a depreciated value in ClamAV so you can either delete that line from clamd.conf or comment it out.
Thanks, -Joe
0
If you want to try and populate the ClamAV stock signature (which is all the SmarterMail update does you can download them here: https://www.dropbox.com/s/77slyczypzj3aih/clamavsignatures.zip?dl=0 I've seen several cases where SmarterMail won't update properly if the files are not populated.
Thanks, -Joe
0
Thanks Andrea. Obviously I don't have every version of SmarterMail to test on, and I didn't realize the various changes in default ClamAV install locations. I'm very happy with the results I'm getting. Not a single infected file has made it past ClamAV with ClamSup installed.
Thanks, -Joe
0
Thanks for the info. I suppose I already had it installed on my system. I was just picking out the minimal files needed to get it running x64. You solution may be why some are having problems with the x64 issue. I did have one person contact me that was trying to install it on a 32-bit OS which obviously didn't work.
Thanks, -Joe
0
Just to note, this isn't the issue with my tests. The server has already got the C++ 2010 redist. I will be retrying the x64 AV parts a little later now the servers are getting quieter!
0
I have just done a file comparison of the four files contained within the download you have linked and the ones already within C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav - All are already the same. So guessing it cannot be that issue for the updates after changing to the x64 version.
0
Please note that I've updated the post on updating to ClamAV 64-bit above. You need to make sure you have a copy of both clam.conf and freshclam.conf in your clam\bin folder. You also need to remove one line from your clam.conf (described above).
Thanks, -Joe
0
Please note that I've updated the post on updating to ClamAV 64-bit above. You need to make sure you have a copy of both clam.conf and freshclam.conf in your clam\bin folder. You also need to remove one line from your clam.conf (described above).
Thanks, -Joe
0
Please note that I've updated the post on updating to ClamAV 64-bit above. You need to make sure you have a copy of both clam.conf and freshclam.conf in your clam\bin folder. You also need to remove one line from your clam.conf (described above).
Thanks, -Joe
0
Please note that I've updated the post on updating to ClamAV 64-bit above. You need to make sure you have a copy of both clam.conf and freshclam.conf in your clam\bin folder. You also need to remove one line from your clam.conf (described above).
Thanks, -Joe
0
Joe,
 
Thank you for a resolution for an issue that has been bothering me for a couple of months. Your solution caught over 300 viruses in the past 24 hours where the built-in version of ClamAV was down to catching only an average of 5 per day. I manually checked for false-positives and had none!
 
EXCEPT...and this is certainly odd...we have SmarterMail Event to email the administrator when a Virus is detected and a message is moved to the Virus Quarantine. Those Virus Notifications are being caught in the Virus Quarantine instead of being delivered. Apparently it is something in the body causing this. We have the following:
 
"The message from #fromaddress# to #toaddress#, titled '#subject#', contained the #virusname# virus. It has been deleted."
 
I assume that either the #fromaddress#, #subject# or #virusname# fields is triggering the new ClamAV signatures.
 
I'm certainly willing to live without those Virus Quarantine Events for a 6000% increase in the effectiveness of ClamAV, but I thought it was worth noting in case anyone else relies on those notifications.
0
Just as an update with this one, unfortunately even with the new procedure (copying clamd.conf and freshclam.conf to \bin) SM still does not run the clamd.exe x64 process.
 
I did do a test AV update using the comand line outlined above using 'freshclam.exe' and that was successful so I don't think this has anything directly to do with the x64 files.  SM simply isn't running the new executable and this might well be to do with the original location of the clamd.conf / freshclam.conf files.
 
On this test both the clamd.conf and freshclam.conf files are in the \etc folder (alone).  They were both copied to the new x64 \bin folder.  The clamd.conf already was edited re the line 25 deprecated issue.  Also, I stopped the SM IIS instance along with the service just in case on the second test, both ended with no clamd.exe process.
 
I have tried this so far on a 2008 R2 and not 2012 but I will try tomorrow.
 
It is pretty easy to revert.  No reboot needed now as long as the service AND site within IIS are stopped before reverting the folder structure back.
 
Also, the mail DOES stop flowing when the x64 clamd.exe process is not running.....so test carefully!
 
So, the solution whilst still using the built-in 32-bit ClamAV is FAR superior to out of the box....so...for the time being I think I will stick with that.  I will still test on the test server the x64 update though!  It is really weird that the .conf files are in different locations as I would suspect most stating 2008 R2 have either Web or Standard.  Might well be the difference.  Just to add....our 2008 R2 servers are R2 Web OS and our 2012 R2 are just Standard.
0
Thanks for the update. You can still use ClamSup with the built-in ClamAV used by SmarterMail. I could upload the latest 32-bit ClamAV files if you wanted to try those. I find it strange that I have this running on both 2008r2 and 2012 servers with no problems, but I did try a fresh install of SmarterMail on Windows 8.1 (mostly to see the default installation locations) and I couldn't get the 64-bit ClamAV to run properly on 8.1 (but I didn't work with it very long). Thanks for the update!
Thanks, -Joe
2
Matt Petty Replied
4/3/2015 at 3:39 PM
Employee Post
We are actually working on support for ClamSup and 64bit support with ClamAV in SmarterMail after reading all the recent success. Thanks Joe!
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Sounds good Matt. ClamSup seems to work fine on any recent version of SmarterMail on any OS, but the 64-bit ClamAV seems to be a problem for some using Windows Server 2012. Before installing ClamSup I averaged about 15 ClamAV failed connections per day (these are usually when ClamAV is updating signature files... I manually update every hour). When I implemented ClamSup I jumped up to 174 failed connections, but most of these were because I had my spool delay set at zero and the file was removed from the spool before ClamAV finished. I then increased my spool delay to 3 seconds and installed the 64-bit ClamAV and my failed connections today were only 3. I can't say for sure if the rapid drop in ClamAV failed connections was due to the increased spool delay or the 64-bit ClamAV (probably a combination of the two). In any case ClamSup greatly increased the effectiveness of ClamAV. My spam trap address was getting about 8 - 10 infected files per day that ClamAV didn't detected (I verified all as infected via VirusTotal), but since implementing ClamSup I have had zero infected files made it to my spam trap Inbox. I'm very happy with those results. One thing I'd like to see is if there's any way to parse the infection name out of ClamAV and display that on the Virus Quarantine control panel. That would allow us to tune ClamSup much easier. We're using nearly 100,000 signatures and we could probably cut that in half and still maintain the effectiveness. I'm sure many of the signatures are duplicates.
Thanks, -Joe
0
That's great news! To add, the x64 can be found on both 2008 R2 Web & 2012 R2 Standard.
0
I'm wondering does all messages are being scanned by SmarterMail ClamAV? Or maybe there is a message size limit (I thought that I saw it somewhere but I could not find it) where if message is bigger it is not being scanned?
 
I'm asking because when I was testing Avast it was finding messages which size was about 1-3MB and for about 18 hours of ClamAV working (I know this is not a too big period of time) biggest message placed in Virus Quarantine is 14KB.
0
The only file size option I have seen is for Antispam (Antispam > Options > 'Max message size to content scan' - However I wouldn't have thought that would have any bearing on the AV. Hopefully someone else can confirm.
0
It would be nice to have this clarified by someone from SmarterTools devs. Also IMHO setting: StreamMaxLength should be higher than 5M From docs: StreamMaxLength SIZE Clamd uses FTP-like protocol to receive data from remote clients. If you are using clamav-milter to balance load between remote clamd daemons on firewall servers you may need to tune the Stream* options. This option allows you to specify the upper limit for data size that will be transfered to remote daemon when scanning a single file. It should match your MTA's limit for a maximum attachment size. Default: 10M
0
Yes all messages both in and out are run thru ClamAV (unless you disable it). You can define the maximum messages sizes in clamd.conf with entries such as the following: MaxScanSize = "157286400" MaxFileSize = "104857600"
Thanks, -Joe
0
Great. Thanks
0
After copying the config files to bin and installing C++ Redistributable Package 2010 x64, my server seems to be functioning well.
 
Updates work, clamd loads, no errors.
 
Thanks again Joe!!
1
Many thanks for your time and this great solution.
 
Had no problem installing it (just changed the clamd.conf path from bin to etc), I'll see tomorrow how it worked during the night.
 
I resent a mail with a zip virus I received last week, it was detected this time.
 
0
Joe, thank you very much for this great tip!
0
I just want to let you know that so far biggest spam/virus message had 3.7MB so it catches also bigger messages too. One more thing and maybe this is obvious but I didn't found clarification for that: after X days in virus quarantine messages which was not resend are being just removed right?
0
Viruses / Malware are placed in the Virus Quarantine. You set it for either 15 or 30 days. You can resend them as long as you're on the latest versions of SM. Some versions didn't resend properly so update to the latest version. That's unrelated to the changes I suggest, but rather a bug in SM.
Thanks, -Joe
0
Yep I know I can select 15/30 days but what happens to them later if no action was made from administrator? They are being deleted after 15/30 days or if not removed then sent to delivery address?
0
Yes, after 5/ 30 days they are deleted.
Thanks, -Joe
0
Ok. Thanks. I could not find any clarification for that in docs and in ST KB.
0
Well I guess I should have said are "supposed" to be deleted. Occasionally a message will remain in the Quarantine for a very long time. It's a minor bug and if you just watch the Quarantine you can easily catch those old messages and manually delete them.
Thanks, -Joe
0
I've managed to set it up correctly to run but I get an error when it downloads anything via rsync: A error occured while downloading *** [empty file]. Please check your C:\ClamSup\ClamSup.ini settings. I've opened up port 873 for rsync but it hasn't helped.

Sean
1
Will SmarterMail consider to implement this to the next update ?
I think instead of we do this manually, the next update from SmarterMail can add and install this properly for us that is call great support and service.
 
Or SmarterMail should consider to create a program to automate this installation.
 
Thanks again Joe Wolf for spending so much time and effort and share it with the community
1
Steve Reid, you beat me to the punch, again!
 
Steve Reid Replied
April 6 at 8:23 AM
After copying the config files to bin and installing C++ Redistributable Package 2010 x64, my server seems to be functioning well.
 
Updates work, clamd loads, no errors.
 
Thanks again Joe!!
 
It looks like the installing Microsoft's C++ Redistributable Package 2010 x64 is required for Server 2012
 
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Matt Petty Replied
4/8/2015 at 9:47 AM
Employee Post
Yes this will be in SmarterMail 14.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Matt Petty Replied
4/8/2015 at 9:48 AM
Employee Post
Ok, this will be something that SmarterMail 14 Installer will need to take into account. Thanks for the heads up.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Joe said : "Solution #1:  In SmarterMail | Settings | General Settings | Spool | Delivery Delay have at least 3 seconds for the Delivery Delay. "
 
I was thinking this setting may be more for people using command line scanner or RealTime Scanner, so the messages stay in the spool long enough for the scanner to process it.
 
But as ClamAV is integrated with SmarterMail, I would think SM wait for ClamAV to process the file before delivering it.
 
The setting to tweak could be :
SmarterMail | Security| Antivirus Administration | ClamAV | Timeout
 
"Timeout : The maximum number of seconds SmarterMail should wait for ClamAV to respond before moving on to the next message. By default, the timeout is 10 seconds."
 
0
I have no idea on the inner workings of SmarterMail. All I know is that I was seeing a high rate of ClamAV failed connections and when I increased the spool timeout to 3 seconds it resolved the problem.
Thanks, -Joe
0
If you do intend to use it for production use can I suggest small donation to the project as it is a valuable resource... http://sanesecurity.com/donate/ I am not associated with sanesecurity but as we use it we make periodic donations.
0
IMHO there is something wrong going on with clamd process management by SmarterMail.
 
Take a look at ClamAV stats from SmarterTools
 
Date - Connections - Failed Connections
 
Gateway1:
 
2015-04-10 - 45241 1550
2015-04-11 - 28470 635
2015-04-12 - 23822 5
2015-04-13 - 49920 4975
2015-04-14 - 47023 7743
2015-04-15 - 30172
1224
 
Gateway2:
 
2015-04-10 - 20485 21952
2015-04-11 - 24162 390
2015-04-12 - 22085 10
2015-04-13 - 11489 38756
2015-04-14 - 14147 34666
2015-04-15 - 13529 39870
 
Gateway3:
 
2015-04-10 - 19145 5
2015-04-11 - 14975 8
2015-04-12 - 12319 -
2015-04-13 - 23562 430
2015-04-14 - 22792 59
2015-04-15 - 22437 1626
 
About 2015-04-12 I've checked ClamAV, updated it to latest version available, stopped ClamAV from SmarterMail configuration panel, restarted SmarterMail processes and it looked like it is working fine as you see but day after without aby modification to SM or ClamAV failed connections started to show up. Does someone is experiencing similar issue?
 
I wanted to wait for official SmarterMail - ClamAV update to check if this will be somehow fixed but for now I wanted to ask if someone of you is experiencing similar issue.
 
EDIT: I'm also experiencing situations where 4 and more clamd.exe process are being spawned and all of them use a lot of CPU and they just being shut down and after some time they start again.
 
EDIT2: there is also another thing. Take a look at my clamd log file:
 
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:39 2015 -> +++ Started at Thu Apr 16 10:08:39 2015
Thu Apr 16 10:08:39 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:39 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:39 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:39 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:39 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:08:40 2015 -> +++ Started at Thu Apr 16 10:08:40 2015
Thu Apr 16 10:08:40 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:08:40 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:08:40 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:08:40 2015 -> Not loading PUA signatures.
Thu Apr 16 10:08:40 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:09:10 2015 -> +++ Started at Thu Apr 16 10:09:10 2015
Thu Apr 16 10:09:10 2015 -> +++ Started at Thu Apr 16 10:09:10 2015
Thu Apr 16 10:09:10 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:10 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:10 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:10 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:10 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:10 2015 -> Not loading PUA signatures.
Thu Apr 16 10:09:10 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:10 2015 -> Not loading PUA signatures.
o "TrustSigned".
Thu Apr 16 10:09:10 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:09:41 2015 -> +++ Started at Thu Apr 16 10:09:41 2015
Thu Apr 16 10:09:41 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:09:41 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:09:41 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:09:41 2015 -> Not loading PUA signatures.
Thu Apr 16 10:09:41 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:13 2015 -> +++ Started at Thu Apr 16 10:10:13 2015
Thu Apr 16 10:10:13 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:13 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:13 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:13 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:13 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:13 2015 -> +++ Started at Thu Apr 16 10:10:13 2015
Thu Apr 16 10:10:13 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:13 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:13 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:13 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:13 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:10:44 2015 -> +++ Started at Thu Apr 16 10:10:44 2015
Thu Apr 16 10:10:44 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:10:44 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:10:44 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:10:44 2015 -> Not loading PUA signatures.
Thu Apr 16 10:10:44 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:15 2015 -> +++ Started at Thu Apr 16 10:11:15 2015
Thu Apr 16 10:11:15 2015 -> +++ Started at Thu Apr 16 10:11:15 2015
Thu Apr 16 10:11:15 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:15 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:15 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:15 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:15 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:15 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:15 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:16 2015 -> +++ Started at Thu Apr 16 10:11:16 2015
Thu Apr 16 10:11:16 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:16 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:16 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:16 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:16 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:11:47 2015 -> +++ Started at Thu Apr 16 10:11:47 2015
Thu Apr 16 10:11:47 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:11:47 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:11:47 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:11:47 2015 -> Not loading PUA signatures.
Thu Apr 16 10:11:47 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:20 2015 -> +++ Started at Thu Apr 16 10:12:20 2015
Thu Apr 16 10:12:20 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:20 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:20 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:20 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:20 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:51 2015 -> +++ Started at Thu Apr 16 10:12:51 2015
Thu Apr 16 10:12:51 2015 -> +++ Started at Thu Apr 16 10:12:51 2015
Thu Apr 16 10:12:51 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:51 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:51 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:51 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:51 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:12:51 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:12:51 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:12:51 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:12:51 2015 -> Not loading PUA signatures.
Thu Apr 16 10:12:51 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:13:21 2015 -> +++ Started at Thu Apr 16 10:13:21 2015
Thu Apr 16 10:13:21 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:13:21 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:13:21 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:13:21 2015 -> Not loading PUA signatures.
Thu Apr 16 10:13:21 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:13:52 2015 -> +++ Started at Thu Apr 16 10:13:52 2015
Thu Apr 16 10:13:52 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:13:52 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:13:52 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:13:52 2015 -> Not loading PUA signatures.
Thu Apr 16 10:13:52 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:23 2015 -> +++ Started at Thu Apr 16 10:14:23 2015
Thu Apr 16 10:14:23 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:23 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:23 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:23 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:23 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:55 2015 -> +++ Started at Thu Apr 16 10:14:55 2015
Thu Apr 16 10:14:55 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:55 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:55 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:55 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:55 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:56 2015 -> +++ Started at Thu Apr 16 10:14:56 2015
Thu Apr 16 10:14:56 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:56 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:56 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:56 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:56 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:56 2015 -> +++ Started at Thu Apr 16 10:14:56 2015
Thu Apr 16 10:14:56 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:56 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:56 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:56 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:56 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:57 2015 -> +++ Started at Thu Apr 16 10:14:57 2015
Thu Apr 16 10:14:57 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:57 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:57 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:57 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:57 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:14:57 2015 -> +++ Started at Thu Apr 16 10:14:57 2015
Thu Apr 16 10:14:57 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:14:57 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:14:57 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:14:57 2015 -> Not loading PUA signatures.
Thu Apr 16 10:14:57 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:26 2015 -> +++ Started at Thu Apr 16 10:15:26 2015
Thu Apr 16 10:15:26 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:26 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:26 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:26 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:26 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:15:58 2015 -> +++ Started at Thu Apr 16 10:15:58 2015
Thu Apr 16 10:15:58 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:15:58 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:15:58 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:15:58 2015 -> Not loading PUA signatures.
Thu Apr 16 10:15:58 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:16:31 2015 -> +++ Started at Thu Apr 16 10:16:31 2015
Thu Apr 16 10:16:31 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:16:31 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:16:31 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:16:31 2015 -> Not loading PUA signatures.
Thu Apr 16 10:16:31 2015 -> Bytecode: Security mode set to "TrustSigned".
Thu Apr 16 10:17:04 2015 -> +++ Started at Thu Apr 16 10:17:04 2015
Thu Apr 16 10:17:04 2015 -> clamd daemon 0.98.6 (OS: win32, ARCH: x86_64, CPU: x86_64)
Thu Apr 16 10:17:04 2015 -> Log file size limited to 1048576 bytes.
Thu Apr 16 10:17:04 2015 -> Reading databases from C:\.....SmarterMail\Service\Clam\share\clamav
Thu Apr 16 10:17:04 2015 -> Not loading PUA signatures.
Thu Apr 16 10:17:04 2015 -> Bytecode: Security mode set to "TrustSigned".
this is current log. Is this normal that clamd service is starting so frequently?
0
Have it installed on on 2012 R2.  All the rsync updates happen fine, but of the 7 retrieved by http, 5 give an error every time -- the "empty file" error that an earlier poster experienced.  Any ideas why this might happen with 5 out of the 7?
 
Also, when this works correctly, do the time and date of ClamAV virus definitions update in Antivirus Administration?
0
Hello,
with SmarterMail 14.x this ClamSup is ok or I need to implement this guide ?
 
 
GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it
0
Smartermail 14 now has this integrated, no need for this.
0
Notice:  The process has somewhat changed (as of June 12, 2015).  Please see  http://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx#90480 for the latest configuration updates.  The paths may be different but the file names will remain the same.
Thanks, -Joe
0
Thank you for this but i have a slight issue. when i run the update and then look at the error log i get this.

Date: Sat 06/20/2015
Time: 11:27:08.84

ERROR: A error occured while updating honeynet.hdb [empty file]. Please check your E:\ClamSup\ClamSup.ini settings!


Date: Sat 06/20/2015
Time: 11:27:54.08

ERROR: A error occured while updating securiteinfobat.hdb [empty file]. Please check your E:\ClamSup\ClamSup.ini settings!


Date: Sat 06/20/2015
Time: 11:27:58.39

ERROR: A error occured while updating securiteinfodos.hdb [empty file]. Please check your E:\ClamSup\ClamSup.ini settings!


Date: Sat 06/20/2015
Time: 11:29:11.63

ERROR: A error occured while updating securiteinfooffice.hdb [empty file]. Please check your E:\ClamSup\ClamSup.ini settings!


Date: Sat 06/20/2015
Time: 11:30:05.17

ERROR: A error occured while updating securiteinfopdf.hdb [empty file]. Please check your E:\ClamSup\ClamSup.ini settings!

Can you confirm if these are supposed to be there? I could comment them out but do not want to possibley mis some virus detection.

thank you.
Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com
0
Barbara, if you're not running the latest version of SM 14 take a look at the fist post in this thread:

http://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx#90480

If you're running the latest SM 14 take a look at this thread:
http://portal.smartertools.com/community/a86478/sm-14_0_5647-check-your-clamav-process.aspx
Thanks, -Joe
0
thank you i am still on 13 but plan on updating later today or tomorrow this will save me so many headaches.
Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com
0
thank you so much. i applied the updates and will do the same when i upgrade to the 14 version.
Barbara Renowden President / Co-Founder Centric Web, Inc. https://www.centricweb.com
0
Joe;
 
Do you have a summary document on how to better enable the scanning of .ZIP files in the 64 bit version of CLAMAV?
 
Thanks!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Hi Experts,
I update the 14.x on the 24th Dec.
I copy both Freshclam.log and Clamd.log here.
Does it mean ClamAV works Ok ? It said the version is outdate
What is the best way to update the version from 0.97.6 to 0.99 ?
I download the 14.4.5801.and upgrade from 13.X.

Freshclam.log
--------------------------------------
ClamAV update process started at Sun Dec 27 05:05:42 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21197.cdiff [100%]
daily.cld updated (version: 21197, sigs: 1765004, f-level: 63, builder: neo)
Can't query daily.21197.67.1.1.172.110.204.67.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4189275 signatures) from database.clamav.net (IP: 172.110.204.67)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Sun Dec 27 11:05:43 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21198.cdiff [100%]
daily.cld updated (version: 21198, sigs: 1765180, f-level: 63, builder: neo)
Can't query daily.21198.67.1.1.69.12.162.28.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4189451 signatures) from database.clamav.net (IP: 69.12.162.28)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Sun Dec 27 17:05:45 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21199.cdiff [100%]
Downloading daily-21200.cdiff [100%]
daily.cld updated (version: 21200, sigs: 1765836, f-level: 63, builder: neo)
Can't query daily.21200.67.1.1.150.214.142.197.ping.clamav.net
bytecode.cvd is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
Database updated (4190107 signatures) from database.clamav.net (IP: 150.214.142.197)
Clamd successfully notified about the update.


Clamd.log
************************************************************
Sun Dec 27 00:25:00 2015 -> SelfCheck: Database status OK.
Sun Dec 27 00:57:49 2015 -> SelfCheck: Database status OK.
Sun Dec 27 01:28:43 2015 -> SelfCheck: Database status OK.
Sun Dec 27 02:00:06 2015 -> SelfCheck: Database status OK.
Sun Dec 27 02:49:03 2015 -> SelfCheck: Database status OK.
Sun Dec 27 03:39:52 2015 -> SelfCheck: Database status OK.
Sun Dec 27 04:18:04 2015 -> SelfCheck: Database status OK.
Sun Dec 27 04:48:16 2015 -> SelfCheck: Database status OK.
Sun Dec 27 05:07:12 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 05:07:30 2015 -> Database correctly reloaded (4296234 signatures)
Sun Dec 27 05:07:30 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 05:07:48 2015 -> Database correctly reloaded (4296234 signatures)
Sun Dec 27 05:43:02 2015 -> SelfCheck: Database status OK.
Sun Dec 27 06:13:02 2015 -> SelfCheck: Database status OK.
Sun Dec 27 06:47:22 2015 -> SelfCheck: Database status OK.
Sun Dec 27 07:21:03 2015 -> SelfCheck: Database status OK.
Sun Dec 27 07:51:08 2015 -> SelfCheck: Database status OK.
Sun Dec 27 08:26:49 2015 -> SelfCheck: Database status OK.
Sun Dec 27 08:56:50 2015 -> SelfCheck: Database status OK.
Sun Dec 27 09:29:00 2015 -> SelfCheck: Database status OK.
Sun Dec 27 10:00:08 2015 -> SelfCheck: Database status OK.
Sun Dec 27 10:35:57 2015 -> SelfCheck: Database status OK.
Sun Dec 27 11:06:39 2015 -> SelfCheck: Database modification detected. Forcing reload.
Sun Dec 27 11:06:40 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:06:57 2015 -> Database correctly reloaded (4296410 signatures)
Sun Dec 27 11:06:58 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:07:15 2015 -> Database correctly reloaded (4296416 signatures)
Sun Dec 27 11:07:16 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 11:07:33 2015 -> Database correctly reloaded (4296416 signatures)
Sun Dec 27 11:38:57 2015 -> SelfCheck: Database status OK.
Sun Dec 27 12:10:39 2015 -> SelfCheck: Database status OK.
Sun Dec 27 12:41:51 2015 -> SelfCheck: Database status OK.
Sun Dec 27 13:20:12 2015 -> SelfCheck: Database status OK.
Sun Dec 27 13:50:55 2015 -> SelfCheck: Database status OK.
Sun Dec 27 14:20:59 2015 -> SelfCheck: Database status OK.
Sun Dec 27 14:52:36 2015 -> SelfCheck: Database status OK.
Sun Dec 27 15:23:39 2015 -> SelfCheck: Database status OK.
Sun Dec 27 15:55:55 2015 -> SelfCheck: Database status OK.
Sun Dec 27 16:26:05 2015 -> SelfCheck: Database status OK.
Sun Dec 27 16:57:06 2015 -> SelfCheck: Database status OK.
Sun Dec 27 17:06:39 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 17:06:56 2015 -> Database correctly reloaded (4297080 signatures)
Sun Dec 27 17:06:57 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sun Dec 27 17:07:14 2015 -> Database correctly reloaded (4297080 signatures)
Sun Dec 27 17:44:33 2015 -> SelfCheck: Database status OK.
Sun Dec 27 18:16:39 2015 -> SelfCheck: Database status OK.

Thanks very much

 
0
Matt Petty Replied
12/28/2015 at 8:21 AM
Employee Post
We have upgraded the ClamAV version, it should be in the next minor. If you wanted to upgrade now. Download Win64 zip from http://www.clamav.net/downloads#otherversions . Replace those EXE's in the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin64 folder.
Do the same for Win32 and bin folder and you should be good.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Hi -
 
I am doing an new install of SmarterMail 15.
 
Are the steps listed here still relevant to 15 ?
 
Thank you.
 
Jeff
0
Matt Petty Replied
4/26/2016 at 8:22 AM
Employee Post
ClamSup comes already pre-installed now. You can make configuration changes to ClamSup with the files found in this folder.
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\ClamSup
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Remember if you make changes to back up the files because when SM is upgraded I believe this files will get overwritten by the standard ones again
0
Folks...I don't want to hijack Joe's thread, so I've started a new one somewhat related to this topic.  I'd appreciate it if a few of you with knowledge on this topic would take a moment to take a look at my questions and offer your comments.
 
http://portal.smartertools.com/community/a88084/questions-related-to-clamav-and-cyren-zero-hour-antivirus.aspx
 
0
Joe, the link to the pre-configured package appears to be broken.
John C. Reid / Technology Director John@prime42.net / (530) 691-0042 1300 West Street, Suite 206, Redding, CA 96001
0
Hi,
 
We are running clam on our windows 2008 and 2012 servers, but our configuration is different maybe, we have a bin64 and a bin folder in our clam folder, the conf files is in the etc folder, and if the clamav64 cant load the clam32 loads, so basically smartermail tries to load the 64 bit version first then if it fails will load the 32bit version. We also use clamsup as well as a few other dbs from other providers and it works well.
 
Joe your link to the files doesnt work, so I cannot confirm what is different between our and your setups. maybe you can share it so we can see, I can zip our version up for anyone who would like to try it.
0
Keith,

I would love to see your setup as I have been battling with this for some time and have been unable to get it working at all. It sound like you have a near perfect solution, and as you noted, Joe's link is dead.
John C. Reid / Technology Director John@prime42.net / (530) 691-0042 1300 West Street, Suite 206, Redding, CA 96001
0
Also good clamav signatures detect linux php malware - malware.expert/signatures
0
Hi Joe, i have recently upgraded to 15.x and as clamsup is already added what are other changes required as recommended by you over default settings.

Thanks
0
Hi,
 
SM 15.x,
Can anyone share clamsup signatures giving better results apart from ones which are enabled by default.
 
Thanks in advance.
 
1
If it's helpful to anyone, I got this setup myself without the download on an older version of SM. We started getting a ton of viruses for whatever reason, I guess our e-mail got onto some spam list.
 
Went from catching ~1 virus a week, to catching 50-60+ a day. It's really easy to do, but requires a little reading, copying over some files, and updating some paths.
 
Good luck, and thanks for the info it's helped us immensely. 
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Reducing ClamAV False PositivesSmarterMail > Troubleshooting
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Emergency 24x7 SupportGeneral Topics
SmarterTools Licensing InformationGeneral Topics
Microsoft Defender Antivirus and Virus Scanner ExceptionsSmarterMail > Troubleshooting