Thanks Michael for the effort to 'splain! I appreciated it. Make sure you are using the sanesecurity sigs as well as the MSRBL's
-Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm ---------------------------------------- From: "Michael Cummins" <mich...@i-magery.com> Sent: Thursday, April 29, 2010 3:02 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ClamAV In case this is helpful for someone else that isn't so great at rolling their own Clams from the source code: First, I installed ClamAID using the default options. (SmarterMail / Declude install for me) http://www.armresearch.com/tools/arm/clamAID.jsp This installs Clam 0.92, wraps it up as a service, wraps up FreshClam as a service and gets everything pointed and configured for Declude to use. It includes pthreadVC2.dll , but I don't know if it uses it once we replace the files here in a bit, because. .when FreshClam goes to update the DB, it mangles the DB dies, because version 0.92 isn't supported anymore. Immediately after installing ClamAID I stopped the ClamAVSvc and FreshClam services and I commented out the lines it added in virus.cfg so I could get it all running properly again. I downloaded the clamav-win32-0.96.7z from http://oss.netfarm.it/clamav/ and extracted the files to a folder. I grabbed all the .exe and .dll files and replaced the old ones in \Program Files\Clam AV. I edited \conf\clamd.conf and commented out the deprecated MailFollowURLs on line 226. I deleted the files in \data\ and crated a \db\. I set the log levels in clamd.conf and freshclam.conf to high so I could see things chugging along until I was comfortable. I hard set the database to \db\ in the conf files, and set verbose logging. I cranked up the services, and watched FreshClam download new profiles to \db\. Once the db was downloaded, I tested Clam from the command prompt as described on the armresearch page, and everything looked like it was working fine. I uncommented the lines in Declude, restarted Declude, and watched it all start humming. Now I am just keeping an eye on things, and waiting for Clam to catch a virus. -- Michael Cummins --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
