Hi, 1. http://www.clamwin.com is essentially a GUI/desktop build. It's kept current - but doesn't have ClamD. So no good!
2. http://hideout.ath.cx/clamav/ needs CHP (http://www.commandline.co.uk/chp/) to run in the "background", but was unable to run this ClamD as a "service". 3. http://w32.clamav.net/ (the "official" build) does have ClamD and can use the current signature files - BUT the build is 10 month old (whatever the consequence of that might be). It can be made to work with Declude, using a little Jscript that I'm attaching. a) Declude Configuration: #ClamAV SCANFILE1 c:\Windows\system32\cscript.exe //nologo D:\CMDfiles\runClamAV.JS VIRUSCODE1 1 REPORT1 FOUND b) Schedule this hourly to get fetch signature updates: freshclam --daemon-notify The Jscript file trims off the trailing "\" that Declude uses (otherwise ClamDScan exits with code "2", file/path not found) and generates a Report.txt file that matches Declude's expected format. It would be helpful if someone were to either take over the "official builds" and bring the version up to date (and teaches ClamDScan to accept paths with trailing backslashes). Best Regards, Andy -----Original Message----- From: Andy Schmidt [mailto:andy_schm...@hm-software.com] Sent: Sunday, January 04, 2009 6:39 PM Hi, The official Win32 build seems to work just fine, ClamD service and all? a) I downloaded and installed the MSI file b) I downloaded the pthread DLL that it required c) I confirmed that clamscan (the command line scanner) was working - it was. d) I confirmed that I could run clamd from the command line. The I used clamdscan from a second command window to scan for eicar.com, but this time using the clamd instance - and it detected it instantly. e) I installed clamd as a Window service: "C:\Program Files\Windows Resource Kits\Tools\Instsrv.exe" "ClamAV ClamD" "C:\Program Files\Windows Resource Kits\Tools\Srvany.exe" Then added the necessary registry entry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV ClamD\Parameters] "Application"="C:\\Program Files\\clamAV\\clamd.exe" f) started the ClamAV ClamD service - and again confirmed with clamdscan that it detected eicar beautifully. Not sure if that helps anyone? Best Regards, Andy
// Application Constants var strClamAV = "C:\\Program Files\\clamAV\\ClamDScan.exe"; // Get Command Line Parameter if ( WScript.Arguments.Count() == 0 ) // nothing to scan WScript.Quit(); var strPath = WScript.Arguments(0); // Trim last backslash if ( strPath.substr( strPath.length - 1 ) == "\\" ) strPath = strPath.substr( 0, strPath.length - 1 ); // Run ClamAV var objShell = new ActiveXObject("WScript.Shell"); WScript.Echo( "Launching: " + strClamAV + " " + strPath ); var objExec = objShell.Exec( strClamAV + " " + strPath ); var strLine; var nSeperator, nFound; var bHaveFound = false; while ( !objExec.StdOut.AtEndOfStream ) { // Process ClamAV Output strLine = objExec.StdOut.ReadLine(); if ( bHaveFound ) continue; nFound = strLine.indexOf( " FOUND" ); if ( nFound > 0 ) { nSeperator = strLine.indexOf( ": " ); if ( nSeperator < 1 ) continue; // Appears to be a possible virus report bHaveFound = true; WScript.Echo( "Reporting: " + strLine.substring( 0, nSeperator ) + " FOUND " + strLine.substring( nSeperator + 2, nFound ) ); var objFS = new ActiveXObject("Scripting.FileSystemObject"); objTS = objFS.CreateTextFile( "Report.txt" ); // Create Declude Report File objTS.WriteLine( strLine.substring( 0, nSeperator ) + " FOUND " + strLine.substring( nSeperator + 2, nFound ) ); objTS.Close(); } } // Wait for completion to be able to obtain exit code while ( objExec.Status != 1 ) WScript.Sleep(100); WScript.Echo( strClamAV + " returned: " + objExec.ExitCode ); WScript.Quit( objExec.ExitCode );
############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>