ClamAV and SmarterMail 14

Question asked by Manuel - 6/11/2015 at 7:26 AM

Unanswered

Hello,
I'm try to test SmarterMail 14 before upgrade my SmarterMail 13.x Enterprise with 2700 mailboxes.

In SmarterMail 14, after installation, ClamAV not working:

[2015.06.11] 13:36:49 [51001] Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 127.0.0.1:3310
[2015.06.11] at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
[2015.06.11] at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
[2015.06.11] at MailStore.Spam.ClamDClient.CheckScan()

I have Windows Server 2012 R2.
I install Microsoft Visual C++ 2010 x64 Redistributable, and now this error no longer appears in the delivery log.

I try to send e-mail with rar attachment and virus inside, but ClamAV not stop it.

Can you help me ?

Manuel

GRAFFITI — It's Communication
Riva del Garda (TN), I-38066 – Località Pasina 46
Milano, I-20129 - via Lamberto De Bernardi 1
Verona, I-37134 - via Legnago 126
San Francisco, US-94111 California – 275 Battery St, Suite 2600
website: www.graffiti.it

20 Replies

Reply to Thread

Bruce Barnes Replied

6/11/2015 at 7:27 AM

Did you UNINSTALL the prior version (13.x) of SmarterMail and REBOOT the server to unlock any locked files prior to the installation of SmarterMail 14?

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Steve Reid Replied

6/11/2015 at 7:28 AM

You should try uninstalling it and manually deleting the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam

Then reboot and reinstall.

If it's a 64 bit server then you should see the clamAV process running from the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin64 directory.

Manuel Replied

6/11/2015 at 7:31 AM

I test SmarterMail in a new server

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Manuel Replied

6/11/2015 at 7:32 AM

I check process details, and my clamd.exe is running on bin64 directory

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Steve Reid Replied

6/11/2015 at 7:33 AM

Hmm that's strange, I just did the same with a Windows Server 2012 R2 VM. it installed the prerequisites and ClamAV is working fine.

Manuel Replied

6/11/2015 at 7:35 AM

I'm trying to send e-mail with rar file attached, with virus inside, but this file is not blocked or deleted.
In antivirus administration I have enabled only "Enable ClamAV" and virus quarantine to 30 days.

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Steve Reid Replied

6/11/2015 at 7:37 AM

Is the clamAV process running?

Have you tried to restart the smartermail service?

Steve Reid Replied

6/11/2015 at 7:40 AM

how much ram is the ClamAV process using?

Manuel Replied

6/11/2015 at 7:40 AM

Yes, ClamAV process is running, I try to restart entire server.
Where find log where clamav execute the scanning ... ?

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Steve Reid Replied

6/11/2015 at 7:41 AM

ClamAV logs are located: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\log\

Bruce Barnes Replied

6/11/2015 at 7:44 AM

Uninstall SmarterMail
Reboot the server
DELETE the DIRECTORY located at c:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin64
REINSTALL SmarterMail 14.0.5637, using a FRESH DOWNLOAD from this location:

http://www.smartertools.com/Download.aspx?Product=SmarterMail&File=Installer&Version=14&Location=Primary

Manuel Replied

6/11/2015 at 9:18 AM

done, but does not work anyway.

actually I try SmarterMail 14 free as Incoming Gateway, domain forward mode.
My antivirus settings is:
virus quarantine 30 days
enable clamav yes
enable clamav realtime yes
quarantine directory c:\temp
virus action: delete

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Steve Reid Replied

6/11/2015 at 9:20 AM

If the ClamSup additions are working ClamAV will be just over 400 megs ram use. I know many viruses got through without the ClamSup stuff added.

Manuel Replied

6/11/2015 at 9:31 AM

I need to run particular service o bat files for run ClamSum updates/additions ? How I check if ClamSup works correctly ?

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Matt Petty Replied

6/11/2015 at 9:36 AM

Employee Post

SmarterMail should run the ClamSup.bat by default after running the ClamAV update. Could see the RAM usage like Steve said as ClamAV will use a lot more RAM than usual because of all the new signatures.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

Steve Reid Replied

6/11/2015 at 9:38 AM

Yeah that's how I easily tell if ClamSup is working

Manuel Replied

6/11/2015 at 12:44 PM

ClamSup works ... ClamAV use 300/400 Megs ...

Now ... SmarterMail configured as Incoming Gateway with domain forward, clamAv block incoming virus ?

I think only when SmarterMail work with local mailboxes.

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Manuel Replied

6/11/2015 at 12:55 PM

Can you recommend some site that I send attachments to test clamav?

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Brian Ellwood Replied

6/11/2015 at 1:08 PM

EICAR is what you want:

http://www.aleph-tec.com/eicar/

Manuel Replied

6/15/2015 at 12:37 PM

Hello,

I try ClamAV with ClamSup and SmarterMail for some days, but no viruses attached to an email, compressed in a zip or rar file is detected and blocked. you also have this problem?

GRAFFITI — It's Communication Riva del Garda (TN), I-38066 – Località Pasina 46 Milano, I-20129 - via Lamberto De Bernardi 1 Verona, I-37134 - via Legnago 126 San Francisco, US-94111 California – 275 Battery St, Suite 2600 website: www.graffiti.it

Back to Community Threads

Please leave this box unchecked

20 Replies

Reply to Thread

Tags

Related Knowledge Base Articles