Forums & Blog

 Hi Everyone,

I am running SmarterMail Professional 4.3 on Windows 2003 Server.  SmarterMail is running as its own IIS Site.  I need to get ClamAV set up to scan inbound emails / attachments.

Some questions I've been trying to figure out that maybe someone with more experience with SmarterMail could help:

1.  Is ClamAV installed and integrated automatically as part of SmarterMail 4.3?  I found a KB article:

http://support.smartertools.com/Customer/KBArticle.aspx?articleid=1

However, this appears to be for older versions of SmarterMail.  

2.  If ClamAV is already part of SmarterMail 4.3, how can I tell if it is running?  

3.  I went in as Admin to Security->Anti-Virus Administration->ClamAV and have the following settings:

(CHECKED) Enabled
IP Address: IP of my mailserver
Port: 3310
(UNCHECKED) Remote Server
Timeout (in seconds): 10
Consecutive Failures Before Disable/Restart: 5

Do these settings look correct?  

4.  Do I need to open up port 3310 through my firewall?  I'd prefer not to, unless absolutely necessary (hate opening more ports than necessary).

Thanks very much in advance!

1. Yes, ClamAV is included with SmarterMail 4. You are right, that KB is for manually setting up ClamAV

2. You can ensure that its running by going to task manager and make sure that ClamD.exe is there.

3. You should change the IP address back to 127.0.0.1. By default, that is what ClamD listens on.

4. You shouldn't need to open the port if SmarterMail and Clam are running on the same server.

You can test that everything is operating correctly by sending a message with the following in it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

ClamAV should delete this message (it will inform you in the delivery log, as well as in the dashboard under viruses, that a virus was detected) 

James,

Thank you very much for your response. 

2. You can ensure that its running by going to task manager and make sure that ClamD.exe is there.

I went into my task manager and verified that clamd.exe is there.

3. You should change the IP address back to 127.0.0.1. By default, that is what ClamD listens on.

I changed this back.  Thank you.

You can test that everything is operating correctly by sending a message with the following in it:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

ClamAV should delete this message (it will inform you in the delivery log, as well as in the dashboard under viruses, that a virus was detected)

Great!  I tried this and verified the entry in the delivery log, and everything checks out.

I have two other questions:

1.  Do you know if there are any conflicts if I install ClamWin on the same server that is running SmarterMail 4.3 with the integrated Clam?  I found a thread ... http://www.smartertools.com/forums/t/12409.aspx?PageIndex=1 that led me to think there might be problems, but I wasn't sure what you and STSanford determined was the actual cause of his issues.

The reason I want to install ClamWin is so that I have a nice UI where I can scan memory and hdd when I want to do a full system scan.  My impression is that there is no UI (or easy way) for me to reuse the integrated Clam instance that comes with SmarterMail 4.3.  However, if there is a way, that would be great!

2.  I need to do more research into this myself, but I have 2 IIS sites on my server.  One is the SmarterMail IIS Site, the other is my main site, an ASP.NET site.  I have codebehind that uses System.Net.Mail.  I had read that I can use SmarterMail instead of IIS SMTP Virtual Server.

Do you have any resources (threads, knowledge base articles, sites) that could help me learn how to set this up?

Thanks again!

1. There *shouldn't* be any conflicts. There is no UI for the included version of Clam, so you're probably better off installing ClamWin.

2. Yes, you can use SmarterMail in conjunction with your IIS sites. All you really need to do differently is tell the mail component to use an external SMTP server instead of the drop directory for IIS SMTP. Here is a sample on how to do that in VB: http://www.asp101.com/articles/john/cdosmtprelay/default.asp

And here is one in C#: http://www.codeproject.com/KB/dotnet/SystemWeb_Mail_SMTP_AUTH.aspx?df=100&forumid=30027&exp=0&select=864853 

Make sure that if you do a full system scan that you exclude the domains folder 

slalomdrew,  

slalomdrew:

Make sure that if you do a full system scan that you exclude the domains folder 

Are you talking about the folder "C:\SmarterMail\Domains\"? 

How come I would not want to scan the domains folder when doing a ClamWin system scan?  Does ClamWin cause problems when scanning this folder (ie modify files) or does it result in false positives?

Thanks.

Slalomdrew is right, you do not want to scan the domains folder (or subfolders)

The reason is virus scanners might detect a virus in our .grp files (which is basically a bunch of .eml files in one file) and delete the whole thing, causing loss of email. Another reason (this applies to realtime virus scanners only) is that they tend to lock the file inappropriately, and can cause corruption of the grp file.

Hello Lance,

I have upgraded to SM Professional 4.3 today.  I tried sending an email from another domain to my SmarterMail account, placing the EICAR test in the body of the message, but it was not detected ... arriving in my inbox shortly thereafter.

Moreover, I visited http://www.nospamtoday.com/emailsecurity/    and used their free test ... and all of their test messages (spam and viral) arrived in my SmarterMail inbox.  

Please advise, as I am now greatly concerned that my users are not protected from dangerous mail.

On a side note, please elaborate on the purpose of the Real-Time AV and Command Line AV tabs.  Specifically, can I disable ClamAV and have my server's AV application F-PROT (ver 6.0.8.0) scan all inbound mail?  If so, is there a KB on accomplishing that task?  I know that prior versions of SmarterMail required a separate .BAT file to be created which acted as the middleman between SM and F-PROT.  From what I've gathered on this forum, that is no longer necessary ... as a matter of fact, F-PROT no longer provides the FPCMD.EXE file that handled such on-demand scan requests. To that end, the F-Prot Integration Instructions link on the following page (http://www.smartertools.com/Products/SmarterMail/AntiVirus.aspx) provides deprecated information ... taking the visitor to your KB article #38:  http://support.smartertools.com/Customer/KBArticle.aspx?articleid=38

F-Prot appears to have an on-demand app named FPscan.exe, as discussed here: www.smartertools.com/forums/p/7227/42301.aspx#42301 

The "Anti-Virus Administration" page under "Help for System Admins" discusses these settings ... but the Real-Time AV tab inside SM administration has this disclaimer shown "In order to allow a real-time virus scanner time to perform its job, please ensure that you have specified a sufficient delivery delay in General Settings. SmarterTools recommends a delivery delay of 20-30 seconds when using a real-time virus scanner." which is somewhat confusing and not at all discussed in the help system.

And lastly ... the ClamAV tab shows that its Virus Definitions are from 11/15/2007 1:35:04 PM.  Clicking the update link states that it's updating ... but the timestamp never changes after waiting 10+ minutes. >>> This item was resolved: see separate post: www.smartertools.com/forums/p/12409/42304.aspx#42304 

Thanks in advance!