Hi, http://oss.netfarm.it/clamav seems to be ideal. I just installed it.
a) runs as a Windows Service (using clamd --install) b) has registry settings to point to "db" and "conf" subfolders c) accepts trailing backslash The only remaining issue with Declude is the Declude's inability of extracting the infected file name and virus name from the "Reports.txt" file - but that's really a problem with Declude's lack of parsing ability. Gee - I wish Sniffer had a configuration option to tie into ClamD... Best Regards, Andy -----Original Message----- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Mxuptime.com Sent: Wednesday, February 04, 2009 11:44 PM To: Message Sniffer Community Subject: [sniffer] Re: ClamAID Hi Just to add to the following topic. We've been bundling win32 builds of ClamD together with our product since the beginning and have some experience working with the win32 versions. These are my observations and thoughts : 1. http://w32.clamav.net/ has not been updated quite awhile and is rather outdated. 2. There are no official Win32 builds of ClamAV at the moment but from what I understand/read the next release .95 will have a native official win build 3. There are 3 popular updated win32 builds that include ClamD. One that runs in Cygwin (http://www.sosdg.org/clamav-win32) by Brielle Burns and the other 2 native win32 builds available at http://hideout.ath.cx/clamav and http://oss.netfarm.it/clamav. If i am not mistaken both of these win32 builds were actually built from http://w32.clamav.net and then updated to the current versions The Sosdg build has been extremely solid but sometime back Brielle mentioned that the project would be discountinued. But Later decided to continue with the project. The only shortcoming is that if you have other Cygwin daemon/services running you might have issues if there are different versions of the cygwin1.dll in use. For what its worth, SmarterMail uses this build. Overall, I have not found a lot of difference in both the other 2 native win32 builds. And they appear to be updated fairly quickly and frequently. Its fairly straightfoward to have clamD running as services but the ClamD daemon (in my experience) has known to have crashed once in awhile and as such you will need to have a watchdog/recovery service monitor the daemon and restart when necessary. Cheers -Matt -----Original Message----- From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of Andrew Wallo Sent: Thursday, February 05, 2009 4:38 AM To: Message Sniffer Community Subject: [sniffer] Re: ClamAID Sniffer Folks, - ASchmidt... <snip> > ClamAV's web site states that they won't [ continue to support] and > development has been stopped? > http://w32.clamav.net/ </snip> Oddly, I would have bet hard cash that page didn't say that just a week ago. I went there just recently in order to affirm I had the same dated MSI as was on their site prior to release of ClamAID. Plus a live webinar I attended with ClamAV folks at the end of Dec, personally reassured me that they intended to move forward on the Win Updates. ( Which is why that page out-and-out shocked me. ) Nevermind the fact that a lot of the emulation ports were dieing off because of the 'official' native win32 was easier to utilize. However, all is not lost. If you read the ClamAV site... Nigel Horn has been recently promoted in their organization and it was his efforts that kept the Windows port alive. I've included a recent letter from him to the ClamAV win32 list below, ( just posted ) which claims they will resume support at some (undefined) time in the future. Based on other expectations, probably not until after their main codebase rewrite releases in March of 09. Add deadline extentions etc. and you are probably well into fall. ( Clearly to long to rely on an outdated engine. ) But Nigel seems inclined to enable interested parties to push the ports independantly. Since the other two independant win32 ports do not include the clamd.exe port, Pete and I are in discussion about whether it will be more efficient to take on an ArmResearch port to win32, and throwing out the ClamAV MSI altogether. This would solve a lot of the ClamAID's complexity in fixing the install issues that come with the existing ClamAV MSI and it would get us an updated engine a lot sooner than is likely with the waiting list of upgrades from ClamAV. We'll keep you posted. Andrew Wallo Folks, I'm sorry that I've not been able to put time and effort into continuing the support of ClamAV on the Windows system. The ClamAV team intend to restart support for Windows as soon as we can. In the meantime I am also aware that not much has been happening on the Powertools front. For those of you that don't know, the Powertools is a suite of programs that enhance the features of ClamAV under Windows. * clamdService - a service to start clamd and freshclam * clamAVShellExt - an extension to Windows Explorer to add the option to right-click any file/folder and have that file/folder scanned by ClamAV * clamOffice - an extension to Microsoft Word to use ClamAV to scan for viruses when a document is opened * clamAVaddin - an extension to Microsoft Office to use ClamAV to scan for viruses when an email is received. Given that I'm aware that people use the above tools, I've uploaded the code to https://sourceforge.net/projects/clamav-power/. The sources are available under SVN, at https://clamav-power.svn.sourceforge.net/svnroot/clamav-power/. -Nigel ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>