I've been running ClamAV as an additional scanner for a couple weeks, been great. BTW, run clamd.exe and clamdscan.exe and notice a difference in speed (from what I can tell you'd have to compile it yourself to run clamd on another server, but it can be done).
Scott, it would be nice to be able to tell declude the reporting order or something like that for scanners that use different report formats. I use the following in my config. SCANFILE c:\clamav-devel\bin\clamdscan.exe --quiet --disable-summary -l report.txt VIRUSCODE 1 #REPORT FOUND Thanks, Chuck Frolick ArgoLink.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts Sent: Sunday, February 29, 2004 3:25 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] clamav Update on ClamAV Got the "freshclam" updater working. Pretty simple actually. Just browse one of the mirrors for the db updates - see http://www.clamav.net/mirrors.html for a list - Pick one of them - say - http://clamav.sonic.net/database/ - download the .md5 files to your virus db folder (eg c:\clamav-devel\share\clamav\ ) I got all of them while I was there just in case. Then go to c:\clamav-devel\bin and run freshclam from cmd line and it should update. See freshclam --help for more. You can run it as a daemon if you stay logged on otherwise you'll have to do something different. There is a .conf file. Results are pretty decent for me once I got the virus db updated. Basically ClamAv is catching everything so far that f-prot is catching. Log snippet at end - although this is pretty light day. Where NAI is not indicating a virus and the other 2 are I think the attachments may be corrupted but haven't verified that. You can create our own virus signatures, too. If you don't want to wait on someone else. There is also a web page to report viruses: http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi Pretty nice really for "free" and an additional scanner. Only real disadvantage I see is the virus name and that's not too significant. Terry Fritts Log Snippet: =================================================================== 13:10:24 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 13:10:25 Scanner 2: Virus= the W32/[EMAIL PROTECTED] virus 13:10:26 Scanner #3 detected a virus 13:55:08 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 13:55:09 Scanner 2: Virus= the W32/[EMAIL PROTECTED] 13:55:10 Scanner #3 detected a virus 13:55:59 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 13:56:00 Scanner 2: Virus= the W32/[EMAIL PROTECTED] 13:56:01 Scanner #3 detected a virus 13:57:13 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 13:57:15 Scanner #3 detected a virus 14:20:08 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:20:08 Scanner 2: Virus= the W32/[EMAIL PROTECTED] 14:20:10 Scanner #3 detected a virus 14:34:57 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:34:58 Scanner 2: Virus= the W32/[EMAIL PROTECTED] 14:34:59 Scanner #3 detected a virus 14:51:10 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:51:12 Scanner #3 detected a virus 14:51:55 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:51:58 Scanner #3 detected a virus 14:52:50 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:52:52 Scanner #3 detected a virus 14:52:58 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:53:00 Scanner #3 detected a virus 14:53:36 Scanner 1: Virus=: W32/[EMAIL PROTECTED] 14:53:38 Scanner #3 detected a virus =================================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.