Solved

Running ClamAV on Xwall and am getting following error "clamdscan.exe returned error level 2" Can someone help me?

Posted on 2014-12-26
6
277 Views
Last Modified: 2014-12-28
I am running Exchange 2003 with Xwall and recently added Clam Antivirus.   Here is what the log file shows:
Connection opened with ClamAV at localhost:3310
14-12-26 07:05:31 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:31 0006: < C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:31 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Virus: Scanning attachments...
14-12-26 07:05:32 0006: Connection opened with ClamAV at localhost:3310
14-12-26 07:05:32 0006: > zIDSESSION
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3m
14-12-26 07:05:32 0006: < 1: C:\Program Files\XWall\TEMP\$TEgcp3m: OK
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:32 0006: < 2: C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:32 0006: > zEND
14-12-26 07:05:32 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3m --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3o
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3n --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3q
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
0
Comment
Question by:tmb5
  • 3
  • 2
6 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40519364
may want to try in Xwall not to enable ClamAV On Demand Scan, but enable Native ClamAV Support. see the setup
http://www.dataenter.co.at/doc/xwall_sanesec.htm
other possibility is whether clamdscan has rights to create the logfile, maybe can remove --log option in its execution and see if error comes up again. good to test the setup based on some test file as stated in above link or send an mail containing an EICAR test virus to your XWall server and check the log. See the pdf (last pg) for more info http://www.fortune.ch/util/Installation_of_ClamAV-SOSDG_for_XWall.pdf
Can do a search from Xwall forum as well http://www.xwall.us/index.php/forum/search
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 40519392
I would never run ClamAV on a Server!
0
 

Author Closing Comment

by:tmb5
ID: 40520331
Btan
I am running Native ClamAv. and have On demand turned off.  And I have used EICAR test virus and the ClamAV is definitely catching the virus so it is working despite the log file saying otherwise.  I have loaded sanesec.  The files seemed to be appropriately uploaded and I have turned it on in the Xwall Manager, but it does not appear to be working.   I checked the wall.ini file and there is no entry for sanesec at all.  Do you have any idea how I can get information about the appropriate entries for the wall.ini file and I could update it manually.
Finally, I have removed the log options from clamAV entry because they did not seem to work correctly and kept generating a file called "program" in the c root directory which, of course, caused problems.  
Any other recommendations you might have would be most appreciated.
Cheers
Terry
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 63

Expert Comment

by:btan
ID: 40520359
you can check out the xwall.ini setting below
Connect to ClamAV

VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
http://www.dataenter.com/doc/xwall_undocumented_config.htm

Another sample from this
Just for information, this is what my XWALL.INI entries for AV look like:
ScanInboundMessages=True
VirusScanner=C:\ClamAV\clamdscan.exe
VirusScannerPara=<FILE> --no-summary --log=<TEMPFILE>
VirusScannerTyp=10
VirusScannerExitCode=XxXXXXXXXXXXXXXXXXXXXXXXX
VirusPostScanner=C:\WINDOWS\system32\cscript.exe
VirusPostScannerPara=C:\XWALL\ParseReport.vbs <TEMPFILE> <MSGFILE> CLAMAV
DebugVirusScanner=True
VirusScannerSerializeFalse
VirusScannerScanAlways=True
VirusScannerClamAVNative=True
InboundVirusNDRTyp=0
http://www.xwall.us/index.php/xwall-features/78-xwall-site/xwall-features
0
 

Author Comment

by:tmb5
ID: 40520527
Thanks again for all your help.  By adding the lines:
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
to the xwall.ini the error code disappeared in the log file.
Really appreciate your assistance.
0
 
LVL 63

Expert Comment

by:btan
ID: 40521186
thanks for sharing
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question