Hi Andrew: I found the http://oss.netfarm.it/clamav build very useful. I don't recall any installation difficulty. It did have a successful installer and is able to install itself as a service. There is a .REG file that sets up a registry entry where the path is stored.
ClamAID could update the program's registry, the service's registry if needed and adjust the two conf files as needed in case someone wants to change the default locations for the CONF, DB and LOG subdirectories. In their registry, I use the following: [HKEY_LOCAL_MACHINE\SOFTWARE\ClamAV] "ConfigDir"="C:\\Progra~1\\ClamAV\\conf" "DataDir"="C:\\Progra~1\\ClamAV\\db" For FreshClam.conf, I changed these parameters: DatabaseDirectory "C:\Program Files\clamAV\db" UpdateLogFile "C:\Program Files\clamAV\log\freshclam.log" LogTime yes For ClamD.conf, I changed these: LogFile "C:\Program Files\clamAV\log\clamd.log" LogTime yes TemporaryDirectory C:\Temp DatabaseDirectory "C:\Program Files\clamAV\db" For the service, I removed the spaces from the path (not sure if this was needed): "C:\Progra~1\ClamAV\clamd.exe" --daemon In Declude, you'd use: #ClamAV SCANFILE1 C:\Progra~1\ClamAV\ClamDScan.exe VIRUSCODE1 1 Of course, that still leaves the problem of the virus report file. I have contacted Declude and they said they would check if they can natively parse the report file. For now I still use my "middleware" to reformat the Report file to suit Declude. Best Regards, Andy -----Original Message----- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Andrew Wallo Sent: Monday, February 02, 2009 1:44 PM To: Message Sniffer Community Subject: [sniffer] Re: Crosspost: ClamAV for Window (Summary of what I had posted last month on a different list) Team, Sniffer Folks, Andy: The ClamAID installer does handle the pthreads requirement for you. It does wrap ClamD as a service, (from the w32.clamav.net port ) , as well as wrapping freshclam.exe as a reoccurring service, and it finishes with a test of the eicar file. Older Port? Yes, again, you are correct. The port from ClamAV is old, and so the warning (From executing the ClamAV scanner at the command line), gives you a 36 out of 48 possible in your "upgrade score". ( Meaning, your database is up to date, but you have an older clamd.exe. ) This will be updated as soon as ClamAV releases a rebuild. We felt that while we could use one of the other two ports that were out there, people would be more comfortable using the .MSI that was issued from ClamAV. Sadly, this MSI does have limitations, that we've hopefully corrected. ( One of these is it fails to adjust the paths in data and config resources, if you install in an alternative folder. ) Every document we found said "Don't Change the Install Path!" Yet the ClamAV installer offers you the choice to put it anywhere. The problem seems to be that the Clamd.exe ignores its local config file if its installed somewhere other than C:\ClamAV\ The workaround is to always include the command line switch --config-file="" in all calls to clamdscan.exe or freshclam.exe. ClamAID handles correcting thoses issues. It uses command line config references for all calls from Declude or Icewarp, in order to enable you to install it in a location other than C:\ClamAV\ We thought that was a good upgrade just in itself. Let us know how it responds under fire. Thanks, Andrew Wallo ----- Original Message ----- From: "Andy Schmidt" <andy_schm...@hm-software.com> To: "Message Sniffer Community" <sniffer@sortmonster.com> Sent: Monday, February 02, 2009 1:20 PM Subject: [sniffer] Crosspost: ClamAV for Window (Summary of what I had posted last month on a different list) > Hi, > > 1. http://www.clamwin.com is essentially a GUI/desktop build. It's kept > current - but doesn't have ClamD. So no good! > > 2. http://hideout.ath.cx/clamav/ needs CHP > (http://www.commandline.co.uk/chp/) to run in the "background", but was > unable to run this ClamD as a "service". > > 3. http://w32.clamav.net/ (the "official" build) does have ClamD and can > use > the current signature files - BUT the build is 10 month old (whatever the > consequence of that might be). It can be made to work with Declude, using > a > little Jscript that I'm attaching. > > a) Declude Configuration: > #ClamAV > SCANFILE1 c:\Windows\system32\cscript.exe //nologo > D:\CMDfiles\runClamAV.JS > VIRUSCODE1 1 > REPORT1 FOUND > > b) Schedule this hourly to get fetch signature updates: > freshclam --daemon-notify > > The Jscript file trims off the trailing "\" that Declude uses (otherwise > ClamDScan exits with code "2", file/path not found) and generates a > Report.txt file that matches Declude's expected format. > > > It would be helpful if someone were to either take over the "official > builds" and bring the version up to date (and teaches ClamDScan to accept > paths with trailing backslashes). > > Best Regards, > Andy > > -----Original Message----- > From: Andy Schmidt [mailto:andy_schm...@hm-software.com] > Sent: Sunday, January 04, 2009 6:39 PM > > Hi, > > The official Win32 build seems to work just fine, ClamD service and all? > > a) I downloaded and installed the MSI file > > b) I downloaded the pthread DLL that it required > > c) I confirmed that clamscan (the command line scanner) was working - it > was. > > d) I confirmed that I could run clamd from the command line. The I used > clamdscan from a second command window to scan for eicar.com, but this > time > using the clamd instance - and it detected it instantly. > > e) I installed clamd as a Window service: > "C:\Program Files\Windows Resource Kits\Tools\Instsrv.exe" "ClamAV ClamD" > "C:\Program Files\Windows Resource Kits\Tools\Srvany.exe" > Then added the necessary registry entry: > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV > ClamD\Parameters] > "Application"="C:\\Program Files\\clamAV\\clamd.exe" > > f) started the ClamAV ClamD service - and again confirmed with clamdscan > that it detected eicar beautifully. > > Not sure if that helps anyone? > > Best Regards, > Andy > > ---------------------------------------------------------------------------- ---- > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> > To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> > To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> > Send administrative queries to <sniffer-requ...@sortmonster.com> > > ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>