Running ClamAV on Xwall and am getting following error "clamdscan.exe returned error level 2" Can someone help me?

I am running Exchange 2003 with Xwall and recently added Clam Antivirus.   Here is what the log file shows:
Connection opened with ClamAV at localhost:3310
14-12-26 07:05:31 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:31 0006: < C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:31 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Virus: Scanning attachments...
14-12-26 07:05:32 0006: Connection opened with ClamAV at localhost:3310
14-12-26 07:05:32 0006: > zIDSESSION
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3m
14-12-26 07:05:32 0006: < 1: C:\Program Files\XWall\TEMP\$TEgcp3m: OK
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:32 0006: < 2: C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:32 0006: > zEND
14-12-26 07:05:32 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3m --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3o
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3n --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3q
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
tmb5Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
may want to try in Xwall not to enable ClamAV On Demand Scan, but enable Native ClamAV Support. see the setup
http://www.dataenter.co.at/doc/xwall_sanesec.htm
other possibility is whether clamdscan has rights to create the logfile, maybe can remove --log option in its execution and see if error comes up again. good to test the setup based on some test file as stated in above link or send an mail containing an EICAR test virus to your XWall server and check the log. See the pdf (last pg) for more info http://www.fortune.ch/util/Installation_of_ClamAV-SOSDG_for_XWall.pdf
Can do a search from Xwall forum as well http://www.xwall.us/index.php/forum/search
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
*** Hopeleonie ***IT ManagerCommented:
I would never run ClamAV on a Server!
0
tmb5Author Commented:
Btan
I am running Native ClamAv. and have On demand turned off.  And I have used EICAR test virus and the ClamAV is definitely catching the virus so it is working despite the log file saying otherwise.  I have loaded sanesec.  The files seemed to be appropriately uploaded and I have turned it on in the Xwall Manager, but it does not appear to be working.   I checked the wall.ini file and there is no entry for sanesec at all.  Do you have any idea how I can get information about the appropriate entries for the wall.ini file and I could update it manually.
Finally, I have removed the log options from clamAV entry because they did not seem to work correctly and kept generating a file called "program" in the c root directory which, of course, caused problems.  
Any other recommendations you might have would be most appreciated.
Cheers
Terry
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

btanExec ConsultantCommented:
you can check out the xwall.ini setting below
Connect to ClamAV

VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
http://www.dataenter.com/doc/xwall_undocumented_config.htm

Another sample from this
Just for information, this is what my XWALL.INI entries for AV look like:
ScanInboundMessages=True
VirusScanner=C:\ClamAV\clamdscan.exe
VirusScannerPara=<FILE> --no-summary --log=<TEMPFILE>
VirusScannerTyp=10
VirusScannerExitCode=XxXXXXXXXXXXXXXXXXXXXXXXX
VirusPostScanner=C:\WINDOWS\system32\cscript.exe
VirusPostScannerPara=C:\XWALL\ParseReport.vbs <TEMPFILE> <MSGFILE> CLAMAV
DebugVirusScanner=True
VirusScannerSerializeFalse
VirusScannerScanAlways=True
VirusScannerClamAVNative=True
InboundVirusNDRTyp=0
http://www.xwall.us/index.php/xwall-features/78-xwall-site/xwall-features
0
tmb5Author Commented:
Thanks again for all your help.  By adding the lines:
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
to the xwall.ini the error code disappeared in the log file.
Really appreciate your assistance.
0
btanExec ConsultantCommented:
thanks for sharing
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.