Anyone using Clamwin for anti-virus scanning?

Anyone using Clamwin for anti-virus scanning?

Postby waterman34 » Tue Apr 28, 2009 10:00 am

Anyone successfully using this with a heavy email server?

We've got AVG running on the server but it's no good for the email scanning, read that a few people are using clamwin so wanted to find out a bit more about it, like for example, will it run happily alongside AVG on the server or would we install it, disable it totally and simply configure AMS?
waterman34
 
Posts: 57
Joined: Thu Sep 27, 2007 11:33 am

Re: Anyone using Clamwin for anti-virus scanning?

Postby waterman34 » Tue Apr 28, 2009 4:15 pm

Was eager to test it out and so far I'm not impressed, with 1 simultaneous scans clamwin seems to be using upto 50% of the CPU at any one time, can that be right!?
waterman34
 
Posts: 57
Joined: Thu Sep 27, 2007 11:33 am

Re: Anyone using Clamwin for anti-virus scanning?

Postby MikeG » Tue Apr 28, 2009 4:30 pm

Clamwin by itself isn't a good option as every time AMS checks an email Clamwin has to load its entire program and virus definitions into memory which slows everything down.
The way to get around it is to run the Clamwin Daemon (CLAMD.EXE) so that it runs as a service and stays in memory. AMS can then run the "ClamScan.exe" so performs the scan without needing to load anything, making it MUCH faster. I found getting it to run in this way quite tricky as a lot of Clam's documentation assumes that you're running on a Linux box instead of Windows, but I got there in the end.
Having said all that, we were forced to ditch ClamWin and replace it with ESet Nod32, which is no where near as fast but is a "known brand"...
MikeG
 
Posts: 16
Joined: Wed Sep 19, 2007 10:21 am
Location: Buckingham, UK.

Re: Anyone using Clamwin for anti-virus scanning?

Postby waterman34 » Wed Apr 29, 2009 9:47 am

MikeG wrote:Clamwin by itself isn't a good option as every time AMS checks an email Clamwin has to load its entire program and virus definitions into memory which slows everything down.
The way to get around it is to run the Clamwin Daemon (CLAMD.EXE) so that it runs as a service and stays in memory. AMS can then run the "ClamScan.exe" so performs the scan without needing to load anything, making it MUCH faster. I found getting it to run in this way quite tricky as a lot of Clam's documentation assumes that you're running on a Linux box instead of Windows, but I got there in the end.
Having said all that, we were forced to ditch ClamWin and replace it with ESet Nod32, which is no where near as fast but is a "known brand"...


Sounds like this would be worth a try, any pointers on how we set it up to run this way?
waterman34
 
Posts: 57
Joined: Thu Sep 27, 2007 11:33 am

Re: Anyone using Clamwin for anti-virus scanning?

Postby MikeG » Wed Apr 29, 2009 12:50 pm

It was a while ago and I dont have exact details any longer. Try taking a look at http://support.kerio.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=426 which should point you in the right direction.
Basically once you've installed ClamAV-Win32 there is a "start-clamd.bat" in the "C:\Clamav-devel" folder which starts ClamD running as a backgroup process. Then, change AMS to run "C:\clamav-devel\bin\clamDscan.exe" rather than the normal clamscan.exe.
MikeG
 
Posts: 16
Joined: Wed Sep 19, 2007 10:21 am
Location: Buckingham, UK.

Re: Anyone using Clamwin for anti-virus scanning?

Postby HVGS » Wed Apr 29, 2009 10:50 pm

As long as you use an "in memory"clamwin distribution the scanning speed is extremely fast. We currently use the following build http://hideout.ath.cx/clamav/

I then have freshclam.exe scheduled to update it every 30minutes in Task Scheduler

Also use ApptoService (by Basta Computing) to run clamd as a system service.....could use any similar app to service utility.
("C:\WINNT\AppToService.exe" /sys "c:\clamav\clamd.exe" /Directory:"c:\clamav")

To actually call it from Ability I use a custom purebasic program....could just use a batch file too. Mine checks that the clam daemon is responding and emails if there is a problem.....also keeps a copy of the virus emails.

You might want to tune the clamd.conf file to suit your requirements as well.

This is the source code for the program that we use to call clam from Ability.

Code: Select all
Enumeration
#body
#blat
EndEnumeration

file$=ProgramParameter()

                       

program=RunProgram("c:\clamav\clamdscan.exe",file$,"C:\clamav",#PB_Program_Open|#PB_Program_Hide)
WaitProgram(program)
clam=ProgramExitCode(program)


  If clam=1
                slash=CountString(file$,"\")
                out$=StringField(file$,slash+1,"\")
                CopyFile(file$,"c:\virusstore\"+out$)
                End 1
  EndIf


          If clam>1


                StartTime = ElapsedMilliseconds()
                While clam>1
                program=RunProgram("c:\clamav\clamdscan.exe","c:\clamav\clamdscan.exe","C:\clamav",#PB_Program_Open|#PB_Program_Hide)
                WaitProgram(program)
                clam=ProgramExitCode(program)
               
                  If ElapsedMilliseconds()-StartTime > 120000 And emailclam=0
                    Result= OpenLibrary(#Blat, "blat.dll")
                    OpenFile(#body,GetTemporaryDirectory()+"\clam.txt")
                    WriteString(#body," ")
                    CloseFile(#body)
                    blat$=Chr(34)+GetTemporaryDirectory()+"\clam.txt"+Chr(34)+" -To user@domain.com -subject "+Chr(34)+"CLAM Scanner ERROR"+Chr(34)+ " -server yourmailserver -port 25 -f user@domain.com -try 2"
                    CallFunction(#Blat, "Send" ,blat$)
                    DeleteFile(GetTemporaryDirectory()+"\clam.txt")
                    CloseLibrary(#Blat)
                    emailclam=1
                  EndIf
                Wend


          EndIf


End 0


; IDE Options = PureBasic v4.02 (Windows - x86)
; ExecutableFormat = Console
; CursorPosition = 3
; Folding = -
; Executable = localclam.exe

HVGS
 
Posts: 33
Joined: Wed Jan 30, 2008 6:02 am


Return to General

Who is online

Users browsing this forum: Google [Bot] and 16 guests

cron