05 Sep 2008 
Support Center » Knowledgebase » How do I set up Clam Antivirus for Kerio MailServer on Windows?
 How do I set up Clam Antivirus for Kerio MailServer on Windows?
Solution

Problem

You wish to install Clam Antivirus on Kerio MailServer for Windows.

Solution

This article will outline the basic setup and configuration of Clam Antivirus for Kerio MailServer on Windows.

If this document does not answer all your questions, please refer to the ClamAV-win32 page. This document applies to Kerio MailServer 6.2.0 and higher only!

Download ClamAV-win32 and Unpack

The version of Clam Antivirus for Windows is called ClamAV-win32. Download it to your server and unpack the archive. You may choose to install ClamAV-win32 on a different machine from Kerio MailServer. See the notes in the following steps.

By default, ClamAV-win32 will install into C:\clamav-devel. Do not rename this folder. The included configuration files will be less difficult to customize if you do not change the installed folder name.

Find and Remove Other cygwin Installs

ClamAV-win32 uses cygwin to emulate the necessary Unix functions under Windows. If you have previous installs of cygwin, remove them. The only cygwin library on your system should be the ones in C:\clamav-devel\bin. In particular, be sure you have only one cygwin1.dll. clamd may refuse to run if it has a wrong version of this file!

Edit the Configuration File

Open the file C:\clamav-devel\etc\clamd.conf in your prefered editor. Find and set the following attributes:

Attribute Set To This Value Notes
LogFile /cygdrive/c/clamav-devel/log/clamd.log
PidFile /cygdrive/c/clamav-devel/clamd.pid
TemporaryDirectory /cygdrive/c/clamav-devel/tmp
DatabaseDirectory /cygdrive/c/clamav-devel/share/clamav
TCPSocket 3310 Or another port - but remember it for later!
TCPAddr 127.0.0.1 Or the LAN IP if KMS is not on this machine.
StreamMaxLength 5M Should be at least as large as KMS Maximum SMTP Message Size

The other values may be left at their defaults or changed as you wish. See the documentation included in C:\clamav-devel\doc for full information.

Installing clamd as a Service

The C:\clamav-devel\bin\clamd.exe binary needs to be installed as a Windows Service. If this is not done, it will need to be run manually, and the Administrator session running it must not log off. When the server reboots, it will need to be restarted manually. A service solves all of these problems.

In order to install Clam Antivirus as a service, you must obtain the srvany.exe and instsrv.exe tools from the Windows NT or 2000 Resource Kit. Please note, these tools work on any of Windows NT, 2000, 2003 or XP. You may also use a third-party tool like FireDaemon. These instructions assume you have srvany.exe and instsrv.exe.

To install clamd.exe as a service:

  1. Create a service called ClamAV: instsrv ClamAV srvany.exe 
  2. Edit the ClamAV service and set the Log On user to the Administrator account (eg. KERIO-US\Administrator)
  3. Create a registry entry to bind the ClamAV service to clamd.exe
  4. Execute the clamd.reg file.
  5. Start the service.

You will need to create and execute a registry file as mentioned in steps 3 and 4 above. The contents of your file should be this: 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV\Parameters]
"Application"="C:\\clamav-devel\\bin\\clamd.exe"

Name this file clamd.reg.

When the following steps have been completed, go to C:\clamav-devel\log and verify that clamd.log has been created. Open it and verify that you are seeing the proper startup message, as displayed below.

Mon Jun  5 17:34:43 2006 -> +++ Started at Mon Jun  5 17:34:43 2006
Mon Jun  5 17:34:43 2006 -> clamd daemon devel-20060516 (OS: cygwin, ARCH: i386, CPU: i686)
Mon Jun  5 17:34:43 2006 -> Log file size limited to 1048576 bytes.
Mon Jun  5 17:34:43 2006 -> Reading databases from /cygdrive/c/clamav-devel/share/clamav
Mon Jun  5 17:34:46 2006 -> Protecting against 53081 viruses.
Mon Jun  5 17:34:46 2006 -> Bound to address 127.0.0.1 on tcp port 3310
Mon Jun  5 17:34:46 2006 -> Setting connection queue length to 30
Mon Jun  5 17:34:46 2006 -> Archive: Archived file size limit set to 5242880 bytes.
Mon Jun  5 17:34:46 2006 -> Archive: Recursion level limit set to 8.
Mon Jun  5 17:34:46 2006 -> Archive: Files limit set to 500.
Mon Jun  5 17:34:46 2006 -> Archive: Compression ratio limit set to 250.
Mon Jun  5 17:34:46 2006 -> Archive support enabled.
Mon Jun  5 17:34:46 2006 -> Algorithmic detection enabled.
Mon Jun  5 17:34:46 2006 -> Portable Executable support enabled.
Mon Jun  5 17:34:46 2006 -> Mail files support enabled.
Mon Jun  5 17:34:46 2006 -> OLE2 support enabled.
Mon Jun  5 17:34:46 2006 -> HTML support enabled.
Mon Jun  5 17:34:46 2006 -> Self checking every 1800 seconds.
Mon Jun  5 17:35:42 2006 -> Reading databases from /cygdrive/c/clamav-devel/share/clamav
Mon Jun  5 17:35:47 2006 -> Database correctly reloaded (58920 viruses)
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam-error.rar: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam-v2.rar: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam-v3.rar: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam.cab: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam.exe: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam.exe.bz2: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam.rar: ClamAV-Test-File FOUND
Mon Jun  5 17:36:52 2006 -> c:\/clamav-devel/test/clam.zip: ClamAV-Test-File FOUND

You should also notice clamd.exe running in the process list in Task Manager. To verify the service is working properly, log out of the server and log back in. The process should still be running in Task Manager.

Configuring Kerio MailServer

To make Kerio MailServer use Clam Antivirus:

  1. Go to Content Filter → Antivirus
  2. Check Use External Antivirus, and choose Clam AntiVirus
  3. Click on Options. If you have changed the values for Address (default 127.0.0.1) or Port (default 3310), change them now.
  4. Close the Options windows and press Apply.

Clam Antivirus should now be active. You can watch the activity of Clam Antivirus by going to the Debug log and enabling the Antivirus Checking messages.

Troubleshooting

The windows service refuses to start - Make sure the Log On user is set to a full Domain Administrator.

Kerio MailServer refuses to use Clam AV - Make sure the service is running, that clamd.exe is in the process list, and that you have set the Address and Port options to the same as in the configuration file. Disable any firewall between Kerio MailServer and Clam Antivirus.

The clamd.exe process refuses to start manually - Find and remove any extra copies of cygwin1.dll.



Article Details
Article ID: 426
Created On: 20 Jun 2006 07:48 PM
Author:
Last Edit:

 This answer was helpful  This answer was not helpful

 User Comments Add a Comment
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Register | Submit a Ticket | Knowledgebase | Troubleshooter | User Forum | Downloads
Language:

Help Desk Software By Kayako SupportSuite v3.20.02