Hi Bonno, Don't know if there was a howto, now there is one :-)
there are two compilations of Clam on Windows, ClamWin and SOSDG ClamAV. (http://www.sosdg.org/clamav-win32) I think both are running stable at the moment, but I'm not sure (ClamAV was not really stable about a year or two ago) We use ClamAV, I think ClamWin is almost the same. * Install ClamAV * Configure ClamAV to run as a Service/Daemon (you can run it without the service, but it will save you CPU cycles) * Create a job that starts Freshclam (Signature Update) * If you want, create a job that gets the Sanesecurity Signatures (Anti-Phising, really great!, http://www.sanesecurity.co.uk/) * Configure Declude the use runclamscan Daemon: C:\clamav-devel\thirdparty\runclamd (Install the thirdparty Tools) Modify the ini file, start runclamd --install, "net start runclamd" Check the logfile, I've got the problem with Windows 64, that it won't start on the first try. Windows 32 works well. Don't know, if it's the server or anything else. Freshclam: C:\clamav-devel\bin\freshclam.exe --log c:\logs\Freshclam-update.log (here you can find errors, default is C:\clamav-devel\log\...) Sanesecurity: Simple Batch --- cd\temp wget http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz wget http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz unzip phish.ndb.gz unzip scam.ndb.gz copy phish.ndb C:\clamav-devel\share\clamav\phish.ndb copy scam.ndb C:\clamav-devel\share\clamav\scam.ndb del c:\temp\phish.ndb del c:\temp\scam.ndb --- Declude: C:\clamav-devel\thirdparty\runclamscan The readme says: SCANFILE3 C:\imail\declude\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt VIRUSCODE3 1 REPORT3 FOUND But the --mbox option isn't recognized any more. I have: SCANFILE C:\imail\declude\runclamscan.exe log=1 C:\clamav-devel\bin\clamdscan.exe --quiet -l report.txt VIRUSCODE 1 REPORT FOUND in my virus.cfg You can test both, ClamDscan and ClamScan (C:\clamav-devel\bin), ClamDScan uses the Daemon if it's available. Btw: I tried it right now, "ClamDscan C:\temp" and "ClamScan C:\temp" ClamDscan takes 0.375 seconds, ClamScan 10.359. Alex Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bonno Bloksma Gesendet: Donnerstag, 5. Juni 2008 22:18 An: Declude.Virus@declude.com Betreff: [Declude.Virus] ClamAV Hi, Been using the old F-prot v3 as a second scanner but I disabled it today. As the new F-prot 6 scanner is not allowed with Declude, well sort of but I don't want to pay that mucht ;-) I wanted to use ClamAV asn an extra scanner. In the past it was a bit dificult I seem to remember but.... Is it realy as easy as 1-2-3 today? Go to http://w32.clamav.net/ and download - The Windows msi file - The initial virus sigantures - Pthreads (I seem to need it). Install the msi Copy the initial signature files to C:\Program Files\clamAV\data or something like it. But then.... Make sure the sig files are updated... but how? Let Declude (according to http://www.declude.com/searchresults.asp?Cat=124) call ClamAV using: SCANFILE [Drive:]\[Path]\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt Which would probably translate to SCANFILE C:\Program Files\bin\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt or would SCANFILE C:\IMail\Declude\Scanners\clamscan.exe --quiet --log-verbose --no-summary --max-ratio 0 -l report.txt be a better solution. There is also a clamscam.txt file in the C:\IMail\declude\scanners\ClamAV directory that seems to suggest something else. So where is a HOWTO to get it up and running with Declude? I'm sure I'm not the first to look at the combination, so how dit YOU do it. :-) Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> / www.tio.nl<http://www.tio.nl> --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. ________________________________ Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
