?
Solved

Running ClamAV on Xwall and am getting following error "clamdscan.exe returned error level 2" Can someone help me?

Posted on 2014-12-26
6
Medium Priority
?
310 Views
Last Modified: 2014-12-28
I am running Exchange 2003 with Xwall and recently added Clam Antivirus.   Here is what the log file shows:
Connection opened with ClamAV at localhost:3310
14-12-26 07:05:31 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:31 0006: < C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:31 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Virus: Scanning attachments...
14-12-26 07:05:32 0006: Connection opened with ClamAV at localhost:3310
14-12-26 07:05:32 0006: > zIDSESSION
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3m
14-12-26 07:05:32 0006: < 1: C:\Program Files\XWall\TEMP\$TEgcp3m: OK
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:32 0006: < 2: C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:32 0006: > zEND
14-12-26 07:05:32 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3m --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3o
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3n --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3q
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
0
Comment
Question by:tmb5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1500 total points
ID: 40519364
may want to try in Xwall not to enable ClamAV On Demand Scan, but enable Native ClamAV Support. see the setup
http://www.dataenter.co.at/doc/xwall_sanesec.htm
other possibility is whether clamdscan has rights to create the logfile, maybe can remove --log option in its execution and see if error comes up again. good to test the setup based on some test file as stated in above link or send an mail containing an EICAR test virus to your XWall server and check the log. See the pdf (last pg) for more info http://www.fortune.ch/util/Installation_of_ClamAV-SOSDG_for_XWall.pdf
Can do a search from Xwall forum as well http://www.xwall.us/index.php/forum/search
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 40519392
I would never run ClamAV on a Server!
0
 

Author Closing Comment

by:tmb5
ID: 40520331
Btan
I am running Native ClamAv. and have On demand turned off.  And I have used EICAR test virus and the ClamAV is definitely catching the virus so it is working despite the log file saying otherwise.  I have loaded sanesec.  The files seemed to be appropriately uploaded and I have turned it on in the Xwall Manager, but it does not appear to be working.   I checked the wall.ini file and there is no entry for sanesec at all.  Do you have any idea how I can get information about the appropriate entries for the wall.ini file and I could update it manually.
Finally, I have removed the log options from clamAV entry because they did not seem to work correctly and kept generating a file called "program" in the c root directory which, of course, caused problems.  
Any other recommendations you might have would be most appreciated.
Cheers
Terry
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 64

Expert Comment

by:btan
ID: 40520359
you can check out the xwall.ini setting below
Connect to ClamAV

VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
http://www.dataenter.com/doc/xwall_undocumented_config.htm

Another sample from this
Just for information, this is what my XWALL.INI entries for AV look like:
ScanInboundMessages=True
VirusScanner=C:\ClamAV\clamdscan.exe
VirusScannerPara=<FILE> --no-summary --log=<TEMPFILE>
VirusScannerTyp=10
VirusScannerExitCode=XxXXXXXXXXXXXXXXXXXXXXXXX
VirusPostScanner=C:\WINDOWS\system32\cscript.exe
VirusPostScannerPara=C:\XWALL\ParseReport.vbs <TEMPFILE> <MSGFILE> CLAMAV
DebugVirusScanner=True
VirusScannerSerializeFalse
VirusScannerScanAlways=True
VirusScannerClamAVNative=True
InboundVirusNDRTyp=0
http://www.xwall.us/index.php/xwall-features/78-xwall-site/xwall-features
0
 

Author Comment

by:tmb5
ID: 40520527
Thanks again for all your help.  By adding the lines:
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
to the xwall.ini the error code disappeared in the log file.
Really appreciate your assistance.
0
 
LVL 64

Expert Comment

by:btan
ID: 40521186
thanks for sharing
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question