This article will show you how to add free Anti-virus (ClamAV) and spam filtering (SpamAssassin) for SmarterMail. Although SmarterMail comes with built-in spam filtering it is far less powerful than SpamAssassin.
Step # 1: Install Clam-AV
-
Download and install the latest version of Clam Anti-Virus from http://www.sosdg.org/clamav-win32 with the default installation path. If you change this make sure that the correct path is put in the steps that follow in this document.
Step # 2: Run Clam as Service
-
Clam needs to run as a service so that there is optimum utilization of memory. For this we need to run CLAMD.EXE as a service rather then configuring SmarterMail to use CLAM.EXE. To enable Clam to run as service, download the Windows 2003 Resource Kit. What we need from there is INSTSRV.EXE and SRVANY.EXE
-
Once the Resource Kit has been installed, go to the command prompt and type: INSTSRV ClamAV “C:\Program Files\Windows Resource Kits\Tools\srvany.exe”
-
This step will write ClamAV as a service in the registry
-
Open the Services Manager and locate ClamAV service
-
Right-click ClamAV and set it up to run under administrator account. This is important else ClamAV will fail to check the spools
-
Next, open registry editor and locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClamAV
-
Add a new key called Parameters
-
Under Parameters add a new String Value (REG_SZ) called Application and set the path to C:\\clamav-devel\\bin\\clamd.exe
-
Once this is set, get out of the registry editor and go back to the Services Manager. Set the ClamAV service to Automatic and start it.
-
To verify that ClamAV is running fine, open C:\clamav-devel\log and verify that the clamd.log file is created. Open and see if the service has started.
Note: ClamAV does not kill the process automatically. If you need to reset, first kill the clamd process from Task Manager and then restart the service.
Once the configuration is done, we will further configure ClamAV for use with SMFilter (configured later in this document). To do so:
Configure clamd to use TCP Sockets (it uses Local Socket by default). Open clamd.conf (by default in “C:\clamav-devel\etc”) in a text editor and comment out (add a ‘#’ in front of the line) the option “LocalSocket”. It should look like this:
#LocalSocket /cygdrive/c/clamav-devel/clamd.sock
Then uncomment the “TCPSocket” and “TCPAddr” options. It should look like this:
TCPSocket 3310
TCPAddr 127.0.0.1
Now just save the file, kill the current clamd.exe process and restart service.
Step # 3: Schedule Task for updating ClamAV
-
To ensure that ClamAV database is updated automatically, create a task in the Task Scheduler which calls FreshClam and runs it daily
Step # 4: Install and Configure SpamAssassin
-
Download SpamAssassin for Windows from http://spamassassin.apache.org
Note: SpamAssassin requires Perl to be installed. This article assumes that you have already configured ActiveState Perl on the server.
-
Open DOS Prompt and browse to the PPM directory under Perl. Type PPM3 to initiate Perl Package Manager. This is the easiest way to install Perl Modules.
-
To install a module all you need to do is type install <modulename>. If the module is already installed, you will be asked.
-
The following modules need to be installed for SpamAssassin to work:
-
Module Comments
-
HTML-Parser Older builds of both Perl 5.6 and 5.8 will probably not have a new enough version (Check with PPM in QUERY). At least 3.24 is required.
-
Digest-SHA1 Older builds of both Perl 5.6 and 5.8 may need to upgrade via PPM. Check using QUERY in PPM. This module is also required
-
DB_File On Perl 5.8.7, PPM will install version 1.812.
-
Net-DNS On Perl 5.8.7 PPM will install version .53, which appears to work correctly on Win32 systems.
-
Time-HiRes PPM will install v1.49 for Perl 5.87
-
IP-Country PPM will install v2.20 for 5.84
-
Mail-SPF-Query This module is used only for SPF
-
DBI On Perl 5.8.7, installs DBI 1.48
-
-
Before we can use SpamAssassin, the following configuration changes are required to be done:
find \perl\bin\spamasasssin.bat (it is probably read-only), and add at the beginning (well, nearly: right after the @ECHO OFF line.)
SET RES_NAMESERVERS=ipaddress
SET LANG=en_US
where ipaddress is the ipaddress of your DNS server. If you have more than one, add additional ones, separating with a space character. This is needed for all RBL lookups to function properly. (Net-DNS in theory can query Windows for the right nameserver, but has not demonstrated reliability in this matter.)
You should make similar changes to \perl\bin\sa-learn.bat if you plan on using the Bayesian spam functionality.
Step # 5: Install and Configure SMFilter
-
Download SMFilter from http://projects.efextra.com/SMFilter-beta2.zip and extract the files to any directory (e.g. “C:\SmarterMail”).
-
Set the path to ClamAV (if using the command line scanner) and SpamAssassin in the SMFilter.ini file if they are different from the defaults.
-
Make sure SMFilter is set to use direct connection to clamd (USE_SOCKET=1, CLAMD_PORT=3310, and CLAMD_HOST=127.0.0.1 in SMFilter.ini)
-
Configure the message added in the subject of infected mails to [VIRUS FOUND]
-
Action to be taken on infected emails (Clean, Quarantine, Delete, or Ignore) to Clean
Step # 6: Configuring SmarterMail
-
Login to SmarterMail control panel as admin and go to the “Protocol Settings or General Settings” page.
-
Set the “Command-line EXE or batch file to run on new mail” field to “C:\SmarterMail\SMFilter.exe %filepath” (without quotes) or whatever the path to SMFilter.exe is.
-
Check the “Enabled” check box next to it and save settings.
-
Restart SmarterMail Service
To ensure everything is running fine, open the following logs files:
-
SmarterMail Logs: check the delivery log to see if it tags Command Line executed successfully
-
ClamAV: check the clamd.log to see if ClamAV is running fine
-
For further testing of SPAM, visit the following site: http://www.efextra.com/filtertest.asp
7 comments
Richard,
Are you using inbuilt clam supplied with Smarter mail?
Recently clam has changed virus database file extensions which resulting clam refuse to scan emails pushed from smartermail.
You might need to update clam to the latest version by taking backup of existing clam directory.
Also, it would be good if you can paste clamd.conf file.
I tried to run this as a service on my 2003 box instead of from smartermail it just kept shutting down… I should add that even before the attempt to create the service i noticed clamd was going up and down every few seconds…
I appreciate your help – here is my config file….
LogFile D:\SMARTE~2\Service\Clam\log\clamd.log
LogFileMaxSize 1M
LogTime yes
LogFileUnlock yes
TemporaryDirectory D:\SMARTE~2\Service\Clam\tmp
DatabaseDirectory D:\SMARTE~2\Service\Clam\share\clamav
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
StreamMaxLength 5M
MaxThreads 50
ReadTimeout 60
IdleTimeout 60
MaxDirectoryRecursion 15
FollowDirectorySymlinks yes
FollowFileSymlinks yes
SelfCheck 1800
AllowSupplementaryGroups yes
ExitOnOOM yes
ScanPE yes
ScanOLE2 yes
ScanMail yes
MailFollowURLs no
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted no
also, I upgraded the clam install for my smartermail installation on 5/9/2009… i have tried to find the right windows installer to upgrade from on their site but have had no luck, do you know the link – the upgrade instructions say it is a windows.msi
.
ClamAV update process started at Thu May 6 19:32:31 2010
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
WARNING: Current functionality level = 29, recommended = 44
Please check if ClamAV tools are linked against the proper version of libclamav
DON’T PANIC! Read http://www.clamav.net/support/faq
daily.cvd is up to date (version: 10935, sigs: 63535, f-level: 51, builder: ccordes)
WARNING: Current functionality level = 29, recommended = 51
Please check if ClamAV tools are linked against the proper version of libclamav
DON’T PANIC! Read http://www.clamav.net/support/faq
one final thing – updated to clam .95 and still have the same socket error… I will wait for your response/s before going further.
is this still vilid for a smartermail installation – i am runing version 5.5 of smartermail and calmd stopped working long ago… by the way – nicely written…
Richard
Richard,
Thank you for your comments. What error are you getting with ClamAV?
Regards,
Vishal
Unable to run Clam virus checks: System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:3310
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at SmarterTools.SmarterMail.MailStore.Spam1.ClamDClient.CheckScan()
I and a few others have tried in vain to open this port… so that is not an option… its a windows 2003 box.