3
It only took 5 years but I finally got ClamAV to work
Question asked by Steve Vibert - 11/12/2015 at 10:05 AM
Unanswered
I've been running SmarterMail on a Windows Server 2008 R2 box since version 6 and have never been able to get ClamAV to work.  In the years between versions 7 and 14 I've probably spent a couple man weeks trying to get it running and the end result has always been the same; no joy and the frustratingly unhelpful "Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it..." error.  It’s important to note that despite the error in the log, SM has always been perfectly content with my clam settings and successfully retrieves virus definition database updates daily.
 
Yesterday, I upgraded to SM Enterprise 14.4 hopeful that Clam would miraculously start working--nope same old problem. I spent a half a day trying many of the same things all over again.  This time, though, I actually got it working! Here's the run down:
 
SmarterMail installs Clam in the following location: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam.  Under this folder there are two bin folder: "\bin" and "\bin64" that contain the binaries that SM uses for clam processes.  You should be able to run clamd.exe from either of these folders.  Simply open a command window and drag and drop the clamd.exe onto the window and hit enter key.  When I tried I got the following error:
 
The program can't start because MSVCR100.dll is missing from your computer. Try reinstalling the program to fix this problem.
 
If you get this error you’re missing the C++ 2010 redistributables.  Why the SM installer doesn’t catch this and/or make it available an in optional installation component is beyond me and I’m certain I installed the redistributables the last time I tried getting clam working so it’s a bit of a mystery as to why they were missing.
 
The C++ 2010 redistributable installers are available here:
 
EDIT: I would have posted links but when I try to submit this post I get a "Your account does not have permission to use hyperlinks in posts".  I've had a forum account for approx. 5 years so I guess I'm not trustworthy enough?
 
Google the C++ 2010 redistributables--they should be easy enough to find.
 
After reinstalling the redistributables, try running clamd.exe again.  In my case, I got the following error:
 
C:\Users\Administrator>"C:\Program Files (x86)\SmarterTools\SmarterMail\Service\
Clam\bin\clamd.exe"
ERROR: Can't open/parse the config file C:\Program Files (x86)\SmarterTools\Smar
terMail\Service\Clam\bin64\clamd.conf
 
Clearly clam is looking for the conf file in the same folder that it’s located in and yes, the config files are missing.  Running a search on clamd.conf, or freshclam.conf reveals that configuration files are located in the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc folder.  Oddly, when clam settings are changed in the SM Web GUI, the values don't appear to be persisted to the conf files.   Odder still; restarting the SM services seems to write something to the files but as far as I can tell, it just rewrites the default values.  I still don’t know where SM persists the clam settings.  I’ve run a search on the entire C drive and the only folder that contains the clamd.conf and freshclam.conf is the C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc folder
 
Next I copied the clamd.conf and freshclam.conf files to the \bin64 folder and tried running clamd.exe again.  This time I received the following error:
 
C:\Users\Administrator>"C:\Program Files (x86)\SmarterTools\SmarterMail\Service\
Clam\bin\clamd.exe"
ERROR: Parse error at line 55: Unknown option LogRotate
ERROR: Can't open/parse the config file C:\Program Files (x86)\SmarterTools\Smar
terMail\Service\Clam\bin\clamd.conf
 
If you see similar error messages, open the clamd.conf file in a text editor and comment out the offending setting. After commenting out “LogRotate” I received similar errors for the following entries:
 
MaxEmbeddedPE
MaxHTMLNormalize
MaxHTMLNoTags
MaxScriptNormalize
MaxZipTypeRcg
 
Comment out any offending entries and try again.   After doing this I got following result:
 
C:\Users\Administrator>"C:\Program Files (x86)\SmarterTools\SmarterMail\Service\
Clam\bin\clamd.exe"
Limits: Global size limit set to 157286400 bytes.
Limits: File size limit set to 31457280 bytes.
Limits: Recursion level limit set to 10.
Limits: Files limit set to 15000.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Self checking every 600 seconds.
 
EUREKA!?  Well, mostly.  SM isn’t writing to the conf files so changes need to be manually edited.  Also, while I was able to get the x64 version of clamd.exe running, I was still get the “Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005):…” error in the delivery log. The reason?  Despite running SM on a 64 bit OS, SM runs as a 32 bit process and presumably runs the 32 bit version of clamd.exe not the 64 bit version. 
 
Copy the clamd.conf and freshclam.conf files to the \Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin folder and try running the clamd.exe as above.  Note that you’ll need to kill the existing running 64 bit instance of clamd.exe using Task Manager.  With the 32 bit version of clamd.exe running, open another command prompt window and run the following command:
 
netstat -an | find "3310"
 
You should see the following result which confirms that clam has opened (and is listening on) port 3310:
 
  TCP    127.0.0.1:3310         0.0.0.0:0              LISTENING
 
Just to confirm everything was setup properly, I rebooted my server.  I’m guessing I could have simply restarted the SmarterMail service and recycled the IIS SmarterMail Application Pool but I decided to reboot.  Clam has been running for nearly a full day without connection errors.
 
A couple of parting notes: if you look at the freshclam.log file in the \Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\log folder you’ll likely see the following entries:
 
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.98.7
 
Looking at the source files on clamav.net, version 0.97.6 appears to have been released in 9/2012.  Interestingly, the bin64 version of clamd.exe has version number 0.98.6. That appears to have been released in 12/2014.  The latest version (0.98.7) doesn’t appear to have a Windows build yet.  This still doesn’t explain why SM installs the older 0.97.6 in the \bin folder and the newer 0.98.6 in the \bin64 folder.  NOTE: I’ve confirmed that this issue isn’t specific to an upgrade installation.  I’m seeing the same this on a fresh, first time SM install on a different box.  Nor for that matter do I understand the why SM is using the 32 bit versions of clamd.exe and freshclam.exe on a 64 bit OS.
 
Lastly, I was convinced that there might be something odd about my Windows Server 2008 R2 installation that might be causing the issues and workarounds detailed in this post.  As a sanity check, I did a fresh SM install on my home Win 2008 R2 box and ran into exactly the same issues.  The only difference is that the clamd.conf contained a much smaller file without any comments and without the LogRotate (and other) values that caused the parse errors.  Other than that, all of the steps listed above netted the same results—clamd.exe now runs.
 
Hopefully, this is helpful to others who have struggled with similar problems getting clam to work and to the SmarterMail devs as this could and should be fixed at the installer level.
 
Happy clamming -- Steve

9 Replies

Reply to Thread
0
Matt Petty Replied
Employee Post
When you run it yourself you need to specify  --config-file= for the config file path. Moving the files around causes a lot of issues.
SmarterMail does write to the config files, but only if they don't exist. This is done so people can customize ClamAV without having to worry about files being overwritten. 
The bin folder is rarely ever used since it is only used when running 32bit.
 
I will run some tests to verify it is not broken. The fact the installer did not install 2010 C++ Redis. is definitely an issue.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
Matt Petty Replied
Employee Post
Steps to running ClamAV (through command-line) are follows below. I had to make no changes to any config file nor were any files needed to be moved. In my example I run from the "bin" folder, but I suggest using the "bin64" all the steps are the same.
 
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
Matt Petty Replied
Employee Post
I ran a SmarterMail test and it ran the 64-Bit process. If it fails to run bin64 for any reason it will default to 32-bit. This could be caused by moving files in the folder tree around causing the bin64 to be missing files it was looking for.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
Steve Vibert Replied
Matt,

Thanks for the reply. FYI the image is missing in your last post.

Anyway, note that I'm not looking to run clam from a command line. The steps I listed were purely for troubleshooting purposes. Also, now that clam is running with SM, The Windows Task Manager shows that SM is running the 32 bit version of clam. I assume that it's launching it from the \bin directory. And as I noted in my original post, that means it's running the older 0.97.6 (2012) release.

Also, if it's supposed to run "out of the box", it doesn't on the 2 Win 2008 R2 boxes I've tried it on.

Steve
0
Steve Vibert Replied
Regarding "moving files around"; no files were moved. I copied the clam.conf and freshclam.conf and pasted them in the \bin and \bin64 folders. ClamAV has never worked for me. And given the number of posts about the "Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it..." error, I'm not alone. I get that it's *supposed* to work, but I think there's something wrong with the install process or the way the config files are saved. Case in point; If I make a change to the Clam settings using the web GUI I should see these changes persisted somewhere. I don't--the config files in the \etc folder don't get updated.

I'm sure there's some common failure mode that simply hasn't been identified. To me, that appears to be that when clam is started by SM, clam is expecting the find the conf files in it's directory. Is it possible that is SM is specifying a conf file location as part of a cli argument, that the argument string is being truncated? Or that it's specifying \Program Files\ instead of \Program Files (x86)\ on a 64 bit system?

Food for thought -- Steve
0
Matt Petty Replied
Employee Post
I would make a ticket if your having issue, there could be factors as to why it's not running the 64 bit process but there is no easy way to tell why.

The config files should not be moved. SmarterMail defines them when it is running ClamAV.
Also, I updated the picture above you should see it now.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
Matt Petty Replied
Employee Post
I would suggest also removing SmarterMail, making sure the Clam folder is removed.

Re-install -> Enable ClamAV -> Wait up to 20 minutes. Don't modify any files. Then verify it is working. ClamAV and ClamSup need to download about 300mb of signature files.
I strongly believe now that you have the 2010 Redistributable installed it would have no issues with it. If you do I'd make a ticket.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com
0
Steve Vibert Replied
By "removing SmarterMail" I assume you mean a simple uninstall and not uninstall and delete the SM folders? I'll likely wait until another version is released since scheduling down time isn't a trivial task.

Thanks -- Steve
0
Matt Petty Replied
Employee Post
An uninstall should remove the Clam folder, but in case it doesn't delete it, then do an install.
Matt Petty Software Developer SmarterTools Inc. www.smartertools.com

Reply to Thread