Solved

Running ClamAV on Xwall and am getting following error "clamdscan.exe returned error level 2" Can someone help me?

Posted on 2014-12-26
6
250 Views
Last Modified: 2014-12-28
I am running Exchange 2003 with Xwall and recently added Clam Antivirus.   Here is what the log file shows:
Connection opened with ClamAV at localhost:3310
14-12-26 07:05:31 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:31 0006: < C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:31 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Virus: Scanning attachments...
14-12-26 07:05:32 0006: Connection opened with ClamAV at localhost:3310
14-12-26 07:05:32 0006: > zIDSESSION
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3m
14-12-26 07:05:32 0006: < 1: C:\Program Files\XWall\TEMP\$TEgcp3m: OK
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:32 0006: < 2: C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:32 0006: > zEND
14-12-26 07:05:32 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3m --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3o
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3n --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3q
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
0
Comment
Question by:tmb5
  • 3
  • 2
6 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40519364
may want to try in Xwall not to enable ClamAV On Demand Scan, but enable Native ClamAV Support. see the setup
http://www.dataenter.co.at/doc/xwall_sanesec.htm
other possibility is whether clamdscan has rights to create the logfile, maybe can remove --log option in its execution and see if error comes up again. good to test the setup based on some test file as stated in above link or send an mail containing an EICAR test virus to your XWall server and check the log. See the pdf (last pg) for more info http://www.fortune.ch/util/Installation_of_ClamAV-SOSDG_for_XWall.pdf
Can do a search from Xwall forum as well http://www.xwall.us/index.php/forum/search
0
 
LVL 18

Expert Comment

by:hopeleonie
ID: 40519392
I would never run ClamAV on a Server!
0
 

Author Closing Comment

by:tmb5
ID: 40520331
Btan
I am running Native ClamAv. and have On demand turned off.  And I have used EICAR test virus and the ClamAV is definitely catching the virus so it is working despite the log file saying otherwise.  I have loaded sanesec.  The files seemed to be appropriately uploaded and I have turned it on in the Xwall Manager, but it does not appear to be working.   I checked the wall.ini file and there is no entry for sanesec at all.  Do you have any idea how I can get information about the appropriate entries for the wall.ini file and I could update it manually.
Finally, I have removed the log options from clamAV entry because they did not seem to work correctly and kept generating a file called "program" in the c root directory which, of course, caused problems.  
Any other recommendations you might have would be most appreciated.
Cheers
Terry
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 61

Expert Comment

by:btan
ID: 40520359
you can check out the xwall.ini setting below
Connect to ClamAV

VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
http://www.dataenter.com/doc/xwall_undocumented_config.htm

Another sample from this
Just for information, this is what my XWALL.INI entries for AV look like:
ScanInboundMessages=True
VirusScanner=C:\ClamAV\clamdscan.exe
VirusScannerPara=<FILE> --no-summary --log=<TEMPFILE>
VirusScannerTyp=10
VirusScannerExitCode=XxXXXXXXXXXXXXXXXXXXXXXXX
VirusPostScanner=C:\WINDOWS\system32\cscript.exe
VirusPostScannerPara=C:\XWALL\ParseReport.vbs <TEMPFILE> <MSGFILE> CLAMAV
DebugVirusScanner=True
VirusScannerSerializeFalse
VirusScannerScanAlways=True
VirusScannerClamAVNative=True
InboundVirusNDRTyp=0
http://www.xwall.us/index.php/xwall-features/78-xwall-site/xwall-features
0
 

Author Comment

by:tmb5
ID: 40520527
Thanks again for all your help.  By adding the lines:
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
to the xwall.ini the error code disappeared in the log file.
Really appreciate your assistance.
0
 
LVL 61

Expert Comment

by:btan
ID: 40521186
thanks for sharing
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now