Direct ClamAV Anti-Virus Support

111
Votes

Direct ClamAV Anti-Virus Support

Last activity: 1 year ago
Add documentation and/or more direct binding to the free ClamAV anti-virus, including the phishing signatures.
5

Comments

This product is EOL or so the web site states. The features should be integrated into ORF to help filter the Nigerian money scams. Those are the most common messages that make it through our filters. Very annoying.
by dfollis more than 10 years ago
I found the http://oss.netfarm.it/clamav build very useful - it's what ClamWIN is based on. I don't recall any installation difficulty. It did have a successful installer and is able to install ClamD as a service for optimum speed. There is a .REG file that sets up a registry entry where the path is stored. However, rather than using ANY of the "command line" builds, it would be much better if ORF were to use the LibClamAV DLL to eliminate the need to launch ClamDScan for each email - or would use the TCP/IP API to communicate directly with ClamD.
by Andy Schmidt more than 10 years ago
@Andy: Thank you for the suggestion, we will look into this possibility.
by Peter Karsai (Vamsoft) more than 10 years ago
I agree 100%, the http://oss.netfarm.it/clamav works perfectly (I use it in clamd - daemon mode). Since ClamAV is free, if ORFilter used the LibClamAV DLL to scan in memory it would be faster, easier to install and would make ORFilter nearly perfect. It would also be a great selling feature: "Includes Free AntiVirus Scanning Engine" It's the same one Barracuda uses.
by PSaul more than 10 years ago
@PSaul: I did a quick research this afternoon and it appears that in-memory scan is no longer available with LibClamAV-but that's based on a _really_ quick research.
by Peter Karsai (Vamsoft) more than 10 years ago
Peter, I'm not much of a programmer but based on the idea that "what else would that dll file be for?" :) I did some digging and I found this page: http://forums.clamwin.com/viewtopic.php?t=1550 3rd post down even has some example code. Now, I have no idea if it still requires FreshClam and ClamD installed as services but it looks like it doesn't since it loads the database signatures itself. This is from the ClamWin port not the netfarm.it port, I'm not sure the difference (except I know the netfarm.it port is native and works really well, never tried the ClamWin port).
by PSaul more than 10 years ago
@PSaul: Yes, the DLL port is probably the way we would go. It seems fairly simple and ORF could manage downloading the signature updates, so FreshClam/ClamD would not be required. All I was saying is that LibClamAV does not support scanning a memory buffer, so the email has to be written into a file first (there may be a workaround, though) :)
by Peter Karsai (Vamsoft) more than 10 years ago
It's just that the Clam team doesn't give the "Memory Buffer" option a high enough priority to update their code to replace the hardcoded "file i/o" with the appropriate abstraction. If you wanted to, you could "contribute" to the ClamAV project by updating the source and then submitting it to the developers as a fix - so that it would become a "supported" feature. It may be better than creating a "workaround"? http://www.mail-archive.com/clamav-devel@lists.clamav.net/msg02242.html
by Andy Schmidt more than 10 years ago
There needs to be better integration with ClamWin. The old version of ClamAV was easier to support in ORF than the new version.
by ASB more than 10 years ago
I've been using ClamAV with the additional signatures found here (http://www.sanesecurity.com/databases.htm) for quite some time now and I can say they work like a charm and help cutting off quite a lot of malware and junk (including those darn image/pdf spams); sure, you'll need to be careful at which signatures you'll decide to use, but then, the same applies for (e.g.) DNS blacklists :D As for the interface, both freshclam and ClamD can be installed to run as services and ClamD will listen on port 3310/tcp so, all ORF will need to do is just opening a connection to such a port, streaming the given data over the port and get back the result (clean or "infected" by X) this method is much faster than spawning an instance of clamdscan or (worse) clamscan in particular, clamscan (no "d" there) will reload ALL the signatures every time it's started whereas clamDscan will just use the TCP scanning (but will still suffer from the overhead of spawning)
by ObiWan more than 10 years ago
In-memory scanning (without use clamdscan.exe) save resource of server. It's really good.
by DenM 6 years ago

My Comment

Please sign in or sign up to comment.
hnp1 | hnp2