Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » How to: Latest version of CLAMAV with KControl 7
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi all,

I'm using ClamAV (SOSDG) Windows versions for a long time and SOSDG is not updating CLAMAV version to the latest for a while and it's still 0.95.1a beta but Clamav is not. For now the latest version of Clamav is 0.96.5. In this tutorial I will try to explain how to use the latest version of Clamav with KControl 7.

PS: I tested that setup on Windows Server 2008 R2 (64 bit), Windows 7 Professional 32bit and Windows Server 2003 R2 32bit and it works perfect.


1. Download the latest version of Clamav Windows from https://www.sugarsync.com/pf/D7457507_4424402_645588

2. If you have previous installation of SOSDG Clamav on your system please uninstall it. Then install the downloaded file (ClamAV-096.5.exe) on your system.

3. During the installation do not change the installation path from c:\clamav to another. If you change the path then don't forget to update clamd.conf and freshclam.conf files before the Clamav services started.

4. Install the Clamav (both freshclam and clamd) services on the final step of installation.

5. Open the c:\clamav\freshclam.conf file and make these changes and save;
- On the line 13 (# UpdateLogFile c:\clamav\log\freshclam.log) remove # to enable clamav update logs.

- On the line 21 (#LogFileMaxSize 2M) remove # to fix the log file size to maximum 2MB.

6. Open the c:\clamav\clamd.conf file and make these changes and save;
- On the line 10 (# LogFile c:\clamav\log\clamd.log) remove # to enable clamd service logs.

- On the line 18 (#LogFileUnlock yes) remove # to able to open the log file while clamd service is running.

- On the line 26 (#LogFileMaxSize 2M) remove # to fix the log file size to maximum 2MB.

- On the line 61 (#TemporaryDirectory c:\clamav\tmp) remove # to set temp folder.

- On the line 191 (#DetectPUA yes) remove # to enable scan for Possibly Unwanted Applications.

- After the line 198 add ExcludePUA Packed to not scan compressed script files. Please refer to http://www.clamav.net/lang/en/support/faq/pua/ for detailed information.

7. Run c:\clamav\freshclam.exe to download the main and latest virus definitions.

8. Run the services.msc (or open Services from Administration Tools) and start the ClamAV Free Antivirus Database Updater and ClamAV Free Antivirus Scanner Service services. Don't forget to change the Startup Type to Automatic.

Database Updater service will update Clamav virus database every 1 hour.

9. Open the KControl Web Admin or Administration Console and select Clam Antivirus or Clam Antivirus 0.95 and Apply changes.

10. Exclude c:\clamav folder and subfolders/files from any other antivirus programs real-time or any scheduled scans to not scan. Also exclude Kerio folder too.

That's it. Now the latest version of Clamav is working with KControl 7.

I made that setup on 3 different clients and server environments and Clamav is working without any problem;

- Windows Server 2008 R2 64bit with Kerio Control 7.1.0.1573
- Windows 7 Professional 32bit with Kerio Control 7.0.1.1098
- Windows Server 2003 R2 32bit with Kerio Control 7.0.1.1098

I hope this "how to" will be useful for everyone who wants to integrate free AV support with the latest version.

Regards,


Kürşad Ölmez


[Updated on: Thu, 07 June 2012 22:38]

  •  
Wilmott-IT

Messages: 6
Karma: 0
Send a private message to this user
Thanks these settings worked perfectly

Appreciate the effort you have gone to!

Wilmott-IT Services, Business IT Systems Management, Central Coast NSW Australia. Visit Wilmott-IT Services
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
You are welcome Wilmott. I'm glad that you find it useful.

  •  
Sharpey

Messages: 4
Karma: 0
Send a private message to this user
This works great, thanks! But with regards to #10, how do you exclude the folders from the scan? Could you please provide some information on this?

Cheers.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi Sharpey,

If you have an antivirus program installed on your server except Clamav, that means the other AV probably has a real-time protection. Therefore, you should tell that AV to not scan "Clamav" and "Kerio" folder.

You don't need to worry about the #10, if you don't have an AV installed other than Clamav.

  •  
Sharpey

Messages: 4
Karma: 0
Send a private message to this user
God! I just re-read the guide properly, ie: not at 1.30am Smile and it says "any other" anti-virus.....makes perfect sense now.

*goes and hides under a BIG rock*
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Looks like both SOSDG http://code.google.com/p/clamav-sosdg/ (stopped at 0.95.1a) and http://hideout.ath.cx/clamav/ (stopped at 0.96.5) are both not updating to the latest ClamAV.

Netfarm at http://oss.netfarm.it/clamav/#sidebyside does have a windows port of 0.97.1 under the Download Binaries section of the page. The config files included with this port are very basic, considerably fewer settings than the ath.cx port.

So if you are upgrading, you will want to make sure not to overwrite your existing conf files.

If you are installing new, you may want to install the ath.cx port first, and then update the all other files except the conf files.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Thanks for the updated version of CLAMAV MarkK.

I will test the new Windows version of CLAMAV and post it here.

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Before using the new version of Clamav don't forget to stop clamav and clamav update services.

Also, you have to download and extract side by side files to clamav folder.

Side by Side files can be downloaded from the links below:
For 32 bit Windows: http://oss.netfarm.it/clamav/files/Microsoft.VC80.8.0.50727. 6195.CRT.x86.7z
For 64 bit Windows: http://oss.netfarm.it/clamav/files/Microsoft.VC80.8.0.50727. 6195.CRT.amd64.7z

And you have to edit clamav.reg file with notepad and change "DataDir"="C:\\Clamav\\db" to "DataDir"="C:\\Clamav\\data" and save. After save the file, double click to apply registry changes.

After all you can start the clamav and clamav update services. That's it.
  •  
Sharpey

Messages: 4
Karma: 0
Send a private message to this user
The sidebyside error I saw in the windows logs, but how you worked out this bit is cool - well spotted.

Works 100% - thanks! Cool
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
The install works great, but I have the issue of the ClamAV signatures themselves are not being updated good enough to detect the malware that is coming through my mail server. I don't mean not updating quick enough by freshclam, I mean who ever creates the sig file updates is not including signatures that detect what I am seeing. I have verified this through submitting malware received to virustotal.com to see who detects it and who doesn't. Clam has been moving to the end of the list for catching the items I get. Just my personal experience, your mileage may vary.
  •  
Sharpey

Messages: 4
Karma: 0
Send a private message to this user
MarkK wrote on Thu, 22 December 2011 05:24
The install works great, but I have the issue of the ClamAV signatures themselves are not being updated good enough to detect the malware that is coming through my mail server. I don't mean not updating quick enough by freshclam, I mean who ever creates the sig file updates is not including signatures that detect what I am seeing. I have verified this through submitting malware received to virustotal.com to see who detects it and who doesn't. Clam has been moving to the end of the list for catching the items I get. Just my personal experience, your mileage may vary.


When it's free though, how can you complain? Smartermail uses Clam too, which is the main email system we run. That's found a handful, but I guess it's never going to be as cutting edge as a paid for service like Symantec.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
I know it is free, and I don't expect Sophos, Kaspersky, Symantec type detection, but to me personally, it seems that over the past few years they are not catching as much add they used to. Just wondering if the malware is getting to advanced for it to detect. Just my personal wondering...
Previous Topic: VPN with NAT not working
Next Topic: Example ESXi network configs?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 00:37:21 CET 2017

Total time taken to generate the page: 0.00572 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.