Tools
ClamAV Install Utility (ClamAID)
Arm Research Labs is proud to announce the release of ClamAID with ClamAV v.96 !
ClamAID is an Assisted Install Device (tm) for Clam AV. ClamAID will install ClamAV standalone, on IceWarp mail server, or Declude (for Imail/Smartermail) mail filter.
Having trouble installing ClamAV with IceWarp or Declude? How about all those services? Any trouble getting the updates to run correctly? Just FINDING the release for Windows can be challenging! Our ClamAID install utility collects all the parts you need then configures and installs them for you so you can have it up and running in minutes!
With just a couple clicks you can:
- Install ClamAV,
- Be updated to the new ClamAV .96 version (Windows Native!)
- Insert ClamAV into IceWarp or Declude,
- Wrap ClamAV in a service and have it running in the background,
- Wrap FreshClam (ClamAV's updater) and run it as a background service
Using the Installer
After starting the installer, you'll be presented with our splash (Figure 1):
Figure 1
Then the ClamAID installer will offer you a platform selection screen (Figure 2). If you are installing for IceWarp, or Declude, select your platform. Otherwise, select Other.
Figure 2
Figure 3 shows the screen to confirm file placement. You need to locate both the Application install folder and the folder where you wish to install (or uninstall) ClamAV. Usually ClamAID will find the Application's install folder and will presume the default folder for ClamAV. If you wish to install in a non-standard folder click the [...] and make your selection.
NOTE: According to multiple sources in the Windows ClamAV community, diverging from the default installation folder "C:\Program Files\clamAV\" or C:\ClamAV isn't recommended due to the pthreads or CygWIn port of ClamAV for Windows. This has evidentially been corrected with the current native port for windows. You can find the Win32 sources HERE on ClamAV's source pages. These are the version.96 files included in our installer.
NOTE: All the paths are specified fully, both in the .conf files, as well as in the XYNTService.ini definition files and in the definition calls from IceWarp and Declude. ALWAYS specifiy your config file location when calling clamdscan.exe. Even if you're in the folder and performing a manual test. Otherwise, the call will look to C:\Program Files\ClamAV, and return failed. Our installer should ALWAYS install so the calling program or filter includes the --config-file="{PATH}" parameter. If you ever see an application where it does not, it is an oversight. Please report it. The new version can apparently install anywhere without performance difficulties. See Lessons Learned at the end of this article if you want more information. We welcome feedback and experiential reports.
Figure 3
After clicking Next, you will be given the list of available activities to perform with the ClamAID Installer (Figure 4).
If you have installed ClamAID in this folder previously then you will be given the option to Remove. Otherwise you will only be given the option to Install Fresh. Upon selecting "Install", the Installer will install and finish.
Figure 4
To confirm that ClamAV is installed and running open a cmd window and type: "Net Start" then look in the list for ClamAVSvc and Freshclam. If they are running, you are good to go.
Double Checking Your Install
Confirming a successful install is platform specific. Scroll down for the IceWarp method. Or jump to the Declude method.
Confirming IceWarp Install (Merak Mail Server)
Open your IceWarp Adminstration panel and click on the Anti-Virus section in the left panel. You will see Figure 5 in the operations panel to the right. You might see a line for SNFClient if you have installed Message Sniffer to run as a virus scanner. You should see a line for clamdscan.exe indicating that IceWarp has been configured to scan for viruses with Clam AV.
Figure 5 shows the SNFClient.exe installed in the position of an Anti-Virus filter for server optimization. That line may not be present but if it is, it should be ahead of clamdscan.exe.
Figure 5 
Highlight the clamdscan.exe line, and click on Edit. You will see Figure 6.
Figure 6 
Confirm the install was configured correctly by double checking the following settings:
- [Application] should reflect the location where you installed ClamAV.
- [Type] should be set to Executable.
- [Parameters] should be set up as you see above (Figure 6) presuming you
have turned on logging in ClamAV. You probably DO want ClamAV configured this
way at first so that you can tell that it is functioning properly. You can
always turn off logging later to save resources. The complete parameter line
should read:
--config-file="C:\PROGRA~1\ClamAV\conf\clamd.conf" -v --no-summary -l "C:\PROGRA~1\ClamAV\log\mylog.log"
Click OK and go back to the previous screen (Figure 5). If SNFClient.exe is present, click that and move it down in the list, so that Clamdscan.exe is first. Press Send EICAR Test Virus Message several times. Then Move SNFClient.exe back up in the list.
Then go to the location of the mylog.log file on Figure 8. Prove to yourself that you saw the EICAR test message get caught and filtered. The Log should look like Figure 7.
Figure 7 
Congratulations. Your IceWarp installation is now filtering viruses with ClamAV.
Confirming The Declude Install
Navigate to the <mail-application>\declude\ directory under Imail or Smartermail. Find the virus.cfg file. The file should now have an entry:
#CLAMAV_CLAMAID
SCANFILE D:\PROGRA~1\ClamAV\CLAMDS~1.EXE
-v --config-file="D:\PROGRA~1\ClamAV\conf\clamd.conf" --no-summary -l
D:\PROGRA~1\ClamAV\log\report.txt
VIRUSCODE 1
Highlight to the right of the SCANFILE tag (above in red) and select copy.
From the command line paste and execute:
D:\PROGRA~1\ClamAV\CLAMDS~1.EXE -v --config-file="D:\PROGRA~1\ClamAV\conf\clamd.conf" --no-summary -l D:\PROGRA~1\ClamAV\log\report.txt XYNTService.ini
This file should come back clean. If you are unable to get responses, either the clamd.exe is not running properly as a service, or you are not properly referencing the .conf files.
If the file returns clean, then you have confirmed that your services are working and the clamd.exe is receiving tasks.
Next, go and obtain the newest EICAR test file for virus testers at http://www.eicar.org/anti_virus_test_file.htm
Put the EICAR test file in the clamAV\log folder. And run clamdscan against the test file:
D:\PROGRA~1\ClamAV\CLAMDS~1.EXE -v --config-file="D:\PROGRA~1\ClamAV\conf\clamd.conf" --no-summary -l D:\PROGRA~1\ClamAV\log\report.txt D:\PROGRA~1\ClamAV\log\eicar.com.txt
This should report that ClamAV properly detected the EICAR test file.
Next we need to confirm that Declude is functioning:
From a test account, send an email with an empty file.cmd, file.bat and the
eicar.com.txt files attached.
The most recent DECLUDE log file will hold the notification of
detection. In the default case <root>\declude\logs\vir0123.log
The number will be different
but the last entry should look something like:
01/23/2009 17:45:28.140 q485d012400000013.smd File(s) are
INFECTED [ZEROHOUR Unknown]
01/23/2009 17:45:28.140 q485d012400000013.smd
Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 5 2913]
Notes about configuration alterations:
Besides proper path referencing, ClamAID only alters two features in the clamd.conf configuration file.
Mirror Alteration
We altered the default UK mirror to the US mirror. If that isn't your country code, you should manually alter the country code to reflect your server's location. When editing the configuration file, we recommend you use Wordpad. Due to the fact that ClamAV uses a configuration file with linefeeds, instead of carriageReturn-lineFeed, Notepad displays the configuration file as on long line. Also, be careful not to introduce any CRLF into the file if you manually alter the country code.MailFollowURLs
This feature is deprecated in version .96
ClamAID is a re-distribution of open source and freely distributable software. We have not altered the components from the provided originals except to configure some settings for you as a convenience. ClamAID is provided as-is and no warranty is expressed or implied.
Lessons Learned
(OLD VERSIONS. Pre .96) When you test the call to ClamAV with a file you get: "Unable to parse config file."
It's clear that a number of paths are hard-coded into the Windows port. Even when you use ClamAV's msi wizard, and you select an alternate directory for installation, it doesn't fix or correct the appropriate lines in the clamd.conf and freshclam.conf files. ClamAID fixes the appropriate paths, and uses the SHORTPATH~1 to protect against spaces in the path names. This is important because SOME of the paths in the ClamAV .conf files need to be encased in quotes, and some will crash the scanner if quoted.
The "Unable to parse config file" error is because the program ALWAYS looks in the default C:\Program Files\ClamAV\conf or \log or \data folders. It doesn't seem to load the .conf file you put in its local directory and use those parameters. The work around is to always use --config-file="MYPATHGOESHERE" as a parameter in the commandline call to clamdscan.exe. ClamAID also adds these parameters to the declude virus.cfg file.
When testing from the command line, you get an error telling you clamd.exe isn't running, even though your XYNTService.exe properly loads, and you see ClamAVSVC in the services list.
Double check your XYNTService.ini file for both the ClamAVSvc and the FreshClam services. The command line call should include the --config-file="HERE\HERE\ABC.conf" files. The error can occur if you have accidentially put a space in between [--config-file=] and the first quote " that is wrapping the path. The space chokes the engine and it will not be able to load the configuration file. Unless you have been playing with your XYNTService.ini file, this shouldn't happen.
Please email support@armresearch.com with any questions.