Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KMS don't work with ClamAV-SOSDG 0.95.1a
  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
configuration:
- Windows Server 2003 SP2
- KMS 6.7.2
- ClamAV-SOSDG 0.95.1 or ClamAV-SOSDG 0.95.1а

Release notes to KMS Version 6.7.2
Version 6.7.2
==================
Please read the Release Notes document before installing this version.

Kerio MailServer:
------------------
+ Added support for Mac OS X 10.6 Snow Leopard.
+ Added support for Microsoft Windows 7.
+ Support for iPhone 3.1 and iPod Touch 3.1.1.
+ Added new anti-virus plug-in for Clam AntiVirus 0.95.


Results:
- ClamAV install correctly and working as service
- test -- telnet localhost 3310 working correctly

About errors:

In debug log:

[01/Oct/2009 14:39:06][3012] {avir} ERR: Unable to read ping response from Clam AntiVirus session, error: Connection to Clam server has failed.
[01/Oct/2009 14:39:06][3012] {avir} ERR: Only ClamD server 0.95 or higher is supported.
[01/Oct/2009 14:39:06][3012] {avir} ClamAV_plugin: Server does not support PING/PONG commands.
[01/Oct/2009 14:39:06][3724] {avir} Unable to initialize plugin, error: Only ClamD server 0.95 or higher is supported


what it means?
"ClamAV_plugin: Server does not support PING/PONG commands."

In error log:
[01/Oct/2009 15:54:15] AvModule.cpp: Server: external plugin failed to start Unable to initialize plugin, error: Only ClamD server 0.95 or higher is supported.


what it means?
Only ClamD server 0.95

About avir_clam in debug log:
"[01/Oct/2009 14:12:14][3724] {avir} Found antivirus plugin avir_clam (Clam AntiVirus)
[01/Oct/2009 14:12:14][3724] {avir} Found antivirus plugin avir_clammt (Clam AntiVirus 0.95)"

In freshclamav:
ClamAV update process started at Thu Oct  1 15:07:13 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95 Recommended version: 0.95.2


Local version: 0.95
Why KMS 6.7.2 don't work with ClamAV-SOSDG 0.95.1a
"+ Added new anti-virus plug-in for Clam AntiVirus 0.95."

I hope for your help Smile

[Updated on: Fri, 02 October 2009 08:37]

  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
Downgrade to ClamAV 0.94.2 and everything works fine.

[05/Oct/2009 11:31:45][3720] {avir} Plugin c:\program files\kerio\mailserver/plugins/avirs/avir_clam.dll uses legacy interface
[05/Oct/2009 11:31:45][3584] {avir} ClamAV_plugin: Initializing Clam AntiVirus plug-in...
[05/Oct/2009 11:31:45][3584] {avir} ClamAV_plugin: Startup timeout is set to 90 
[05/Oct/2009 11:31:45][3584] {avir} ClamAV_plugin: Creating connection to 127.0.0.1:3310 ...
[05/Oct/2009 11:31:45][3584] {avir} ClamAV_plugin: Read timeout for socket is set to 1 seconds.
[05/Oct/2009 11:31:46][3584] {avir} ClamAV_plugin: Sending SESSION command...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Session started.
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Read timeout for socket is set to 10 seconds.
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Sending PING command...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Got response: PONG
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Sending VERSION command...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Version: ClamAV 0.94.2/9857/Thu Oct  1 09:57:58 2009
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Sending END command...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Session finished.
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Socket closed.
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Scanning file F:\KerioMailBoxes\store/tmp/eicar.tmp ...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Creating connection to 127.0.0.1:3310 ...
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Read timeout for socket is set to 90 seconds.
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Got response F:\KerioMailBoxes\store/tmp/eicar.tmp: Eicar-Test-Signature FOUND
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: Result: F:\KerioMailBoxes\store/tmp/eicar.tmp: Eicar-Test-Signature FOUND
[05/Oct/2009 11:31:48][3584] {avir} ClamAV_plugin: FOUND, Eicar-Test-Signatur.


ClamAV-SOSDG 0.95.1a and KMS 6.7.2, It works or not?
Anyone can help me.
  •  
ikheetleon

Messages: 67
Karma: -1
Send a private message to this user
I'm running Kerio 6.7.2 on Centos 5.3 and Clam.

# rpm -qa | grep clam
clamav-db-0.95.2-4.el5.rf
clamd-0.95.2-4.el5.rf
clamav-0.95.2-4.el5.rf

Works like a charm here...

Regards,

Leon

PS I've enabled debug and stop/started the clamav protection, see log below:

[05/Oct/2009 14:39:17][16845] {avir} Listing antivirus plugins...
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_avg (AVG Email Server Edition)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_clam (Clam AntiVirus)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_clammt (Clam AntiVirus 0.95)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_eset (ESET NOD32 Antivirus 3 / 4)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_mcafee (McAfee Scanning Engine (5761/5.3.00))
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_nod (NOD32 for Linux)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_savi (Sophos Anti-Virus)
[05/Oct/2009 14:39:17][16845] {avir} Found antivirus plugin avir_symantec (Symantec Scan Engine)
[05/Oct/2009 14:39:17][16845] {avir} List of antivirus plugins finished
[05/Oct/2009 14:39:19][16845] {avir} Client: request to setup the antivirus engines: primary=avir_mcafee, secondary=none
[05/Oct/2009 14:39:19][2402] {avir} sendThread() is stopped
[05/Oct/2009 14:39:19][2395] {avir} unable to recieve msg header, pipe closed
[05/Oct/2009 14:39:19][2395] {avir} recvThread() is stopped
[05/Oct/2009 14:39:19][16845] {avir} killServer() server is killed
[05/Oct/2009 14:39:19][16845] {avir} ClientDispatcher::stop() server killed
[05/Oct/2009 14:39:19][16845] {avir} ClientDispatcher::stop() all reqs are terminated
[05/Oct/2009 14:39:19][16845] {avir} ClientDispatcher::stop() all proxies are unregistered
[05/Oct/2009 14:39:19][16845] {avir} Configuration value of ShortTimeout for Antivir: 60 s
[05/Oct/2009 14:39:19][16845] {avir} Configuration value of LongTimeout for Antivir: 120 s
[05/Oct/2009 14:39:19][16845] {avir} Listing antivirus plugins...
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_avg (AVG Email Server Edition)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_clam (Clam AntiVirus)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_clammt (Clam AntiVirus 0.95)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_eset (ESET NOD32 Antivirus 3 / 4)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_mcafee (McAfee Scanning Engine (5761/5.3.00))
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_nod (NOD32 for Linux)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_savi (Sophos Anti-Virus)
[05/Oct/2009 14:39:20][16845] {avir} Found antivirus plugin avir_symantec (Symantec Scan Engine)
[05/Oct/2009 14:39:20][16845] {avir} List of antivirus plugins finished
[05/Oct/2009 14:39:22][16845] {avir} Client: request to setup the antivirus engines: primary=avir_mcafee, secondary=avir_clammt
[05/Oct/2009 14:39:22][16845] {avir} forkServer() going to create server process
[05/Oct/2009 14:39:22][16845] {avir} forkServer() server is running, creating send and recv. thread
[05/Oct/2009 14:39:22][16845] {avir} forkServer() server process created, waiting for connection with server
[05/Oct/2009 14:39:22][16905] {avir} recvThread() is started
[05/Oct/2009 14:39:22][16845] {avir} Maximum of scanning threads is set to 8
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Initializing Clam AntiVirus plug-in...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Startup timeout is set to 90
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Sending SESSION command...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Session initialized.
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Sending PING command...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Sending VERSION command...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Version: ClamAV 0.95.2/9867/Mon Oct 5 13:11:46 2009
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Sending END command...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Session finished.
[05/Oct/2009 14:39:22][16905] {avir} Clam_plugin: The engine is initialized
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Initializing context
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Sending SESSION command...
[05/Oct/2009 14:39:22][16905] {avir} ClamAV_plugin: Context initialized
[05/Oct/2009 14:39:22][16905] {avir} Clam_plugin: Scanning file /stage/kerio/store/tmp/eicar.tmp...
[05/Oct/2009 14:39:22][16905] {avir} Clam_plugin: Eicar-Test-Signature FOUND
[05/Oct/2009 14:39:22][16905] {avir} Clam_plugin: File scanning result: Eicar-Test-Signature
[05/Oct/2009 14:39:22][16845] {avir} sendThread() is already stopped
[05/Oct/2009 14:39:22][16845] {avir} Server: plugin avir_clammt started.
[05/Oct/2009 14:39:22][16845] {avir} Configuration value of ShortTimeout for Antivir: 60 s
[05/Oct/2009 14:39:22][16845] {avir} Configuration value of LongTimeout for Antivir: 120 s
[05/Oct/2009 14:39:22][16912] {avir} sendThread() is started
[05/Oct/2009 14:39:22][16845] {avir} Listing antivirus plugins...
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_avg (AVG Email Server Edition)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_clam (Clam AntiVirus)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_clammt (Clam AntiVirus 0.95)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_eset (ESET NOD32 Antivirus 3 / 4)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_mcafee (McAfee Scanning Engine (5761/5.3.00))
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_nod (NOD32 for Linux)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_savi (Sophos Anti-Virus)
[05/Oct/2009 14:39:22][16845] {avir} Found antivirus plugin avir_symantec (Symantec Scan Engine)
[05/Oct/2009 14:39:22][16845] {avir} List of antivirus plugins finished

[Updated on: Mon, 05 October 2009 14:41]

  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
ClamAV-SOSDG is a windows port of UNIX ClamAV. As I said, I using Windows Server 2003.
Any new ideas Smile.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Zeppelin wrote on Mon, 05 October 2009 16:01
ClamAV-SOSDG is a windows port of UNIX ClamAV. As I said, I using Windows Server 2003.
Any new ideas Smile.


Sure. Use the correct AV plug-in in KMS. As stated in the Release Notes, ClamAV 0.95 has a new plugin.
  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
Yes, there are two files in plugins directory
avir_clam.dll

CompanyName : Kerio Technologies Inc.
FileDescription : ClamAV 0.94 Dynamic Link Library
FileVersion : 7.2.=
InternalName : avir_clam.dll
LegalCopyright : © Kerio Technologies Inc. All rights reserved.
OriginalFilename : avir_clam.dll
ProductName : Clam AntiVirus 0.94 plug-in for Kerio products
ProductVersion : 7.2.=

avir_clammt.dll

CompanyName : Kerio Technologies Inc.
FileDescription : ClamAV 0.95 Dynamic Link Library
FileVersion : 7.2.=
InternalName : avir_clammt.dll
LegalCopyright : © Kerio Technologies Inc. All rights reserved.
OriginalFilename : avir_clammt.dll
ProductName : Clam AntiVirus 0.95 plug-in for Kerio products
ProductVersion : 7.2.=

I use the option "ClamAV 0.95" in my KMS, not old option "ClamAV"

[Updated on: Mon, 05 October 2009 16:46]

  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
End of Life ClamAV 0.94.x

http://www.clamav.net/2009/10/05/eol-clamav-094/

Quote:
All ClamAV releases older than 0.95 are affected by a bug in freshclam which prevents incremental updates from working with signatures longer than 980 bytes.
You can find more details on this issue on our bugzilla (see bug #1395)

This bug affects our ability to distribute complex signatures (e.g. logical signatures) with incremental updates.

So far we haven't released any signatures which exceed this limit.
Before we do we want as many users as possible to upgrade to the latest version of ClamAV.

Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 that is to say older than 1 year.

This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors.

We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.

We recommend that you always run the latest version of ClamAV to get optimal protection, reliability and performance.

Thanks for your cooperation!


KMS don't work with ClamAV-SOSDG 0.95.1a not only in Windows! http://forums.ker io.com/index.php?t=msg&th=16184&start=0&S=c79098 764c0feb4489906a9ae864f7f7

I would like to hear from the developers about this issue.

[Updated on: Fri, 09 October 2009 08:49] by Moderator

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It DOES work with KMS 6.7.2 and ClamAV SOSDG 0.95.1:

Quote:
[09/Oct/2009 08:48:11][3916] {avir} Maximum of scanning threads is set to 8
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Initializing Clam AntiVirus plug-in...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Startup timeout is set to 90
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Sending SESSION command...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Session initialized.
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Sending PING command...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Sending VERSION command...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Version: ClamAV 0.95/9876/Fri Oct 9 00:07:17 2009
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Sending END command...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Session finished.
[09/Oct/2009 08:48:11][4028] {avir} Clam_plugin: The engine is initialized
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Initializing context
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Sending SESSION command...
[09/Oct/2009 08:48:11][4028] {avir} ClamAV_plugin: Context initialized
[09/Oct/2009 08:48:11][4028] {avir} Clam_plugin: Scanning file C:\Program Files\Kerio\MailServer\store/tmp/eicar.tmp...
[09/Oct/2009 08:48:11][4028] {avir} Clam_plugin: Eicar-Test-Signature FOUND
[09/Oct/2009 08:48:11][4028] {avir} Clam_plugin: File scanning result: Eicar-Test-Signature


Check again the configuration of ClamAV.

[Updated on: Fri, 09 October 2009 08:55]

  •  
Zeppelin

Messages: 7
Karma: 0
Send a private message to this user
I'm tired of wasting time searching for solutions to this problem. I found another, more dynamic and fully functional distribution. All installed and configured without problems. More fresh and more stable.
http://hideout.ath.cx/ClamAV/ClamAV-095-2.exe

Thank you for your help.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
I have discovered one problem with the hideout.ath.cx ClamAV - it doesn't find ANY viruses, including the EICAR test virus in emails. In your debug log, enable the message for antivirus and see if it ever finds any. For me, the answer is none.
  •  
M Moogle

Messages: 26
Karma: 0
Send a private message to this user
I've been using various builds of ClamAV from http://hideout.ath.cx/clamav/ for over a year now, including the newest 0.95.2 without any problems. I even have it using various SaneSecurity definitions without issue. I think you have something configured incorrectly.
  •  
apmarkey

Messages: 2
Karma: 0
Send a private message to this user
sorry to revive an old post, but has someone got the ClamAV-095-2.exe installer downloaded that they wouldn't mind hosting somewhere? http://hideout.ath.cx is down for now and i am desperately trying to find this. thank you!
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
I have win clamav copies of 94.2 95.1a 95.2 & 96.1.
  •  
apmarkey

Messages: 2
Karma: 0
Send a private message to this user
thank you for the quick response, but no sooner after i had posted did hideout come back online. i had been trying since last night. thanks again!
Previous Topic: RAID 5 or RAID 50 for Kerio
Next Topic: Performance problems after update to Kerio Connect 7.0
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 15:37:40 CET 2017

Total time taken to generate the page: 0.00502 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.