Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Running ClamAV on Xwall and am getting following error "clamdscan.exe returned error level 2" Can someone help me?

Posted on 2014-12-26
6
Medium Priority
?
322 Views
Last Modified: 2014-12-28
I am running Exchange 2003 with Xwall and recently added Clam Antivirus.   Here is what the log file shows:
Connection opened with ClamAV at localhost:3310
14-12-26 07:05:31 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:31 0006: < C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:31 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Virus: Scanning attachments...
14-12-26 07:05:32 0006: Connection opened with ClamAV at localhost:3310
14-12-26 07:05:32 0006: > zIDSESSION
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3m
14-12-26 07:05:32 0006: < 1: C:\Program Files\XWall\TEMP\$TEgcp3m: OK
14-12-26 07:05:32 0006: > zSCAN C:\Program Files\XWall\TEMP\$TEgcp3n
14-12-26 07:05:32 0006: < 2: C:\Program Files\XWall\TEMP\$TEgcp3n: OK
14-12-26 07:05:32 0006: > zEND
14-12-26 07:05:32 0006: Connection closed with ClamAV at localhost:3310
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3m --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3o
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
14-12-26 07:05:32 0006: Executing C:\clamav\clamdscan.exe C:\Program Files\XWall\TEMP\$TEgcp3n --no-summary --log=C:\Program Files\XWall\TEMP\$TEgcp3q
14-12-26 07:05:32 0006: clamdscan.exe returned error level 2
0
Comment
Question by:tmb5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 40519364
may want to try in Xwall not to enable ClamAV On Demand Scan, but enable Native ClamAV Support. see the setup
http://www.dataenter.co.at/doc/xwall_sanesec.htm
other possibility is whether clamdscan has rights to create the logfile, maybe can remove --log option in its execution and see if error comes up again. good to test the setup based on some test file as stated in above link or send an mail containing an EICAR test virus to your XWall server and check the log. See the pdf (last pg) for more info http://www.fortune.ch/util/Installation_of_ClamAV-SOSDG_for_XWall.pdf
Can do a search from Xwall forum as well http://www.xwall.us/index.php/forum/search
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 40519392
I would never run ClamAV on a Server!
0
 

Author Closing Comment

by:tmb5
ID: 40520331
Btan
I am running Native ClamAv. and have On demand turned off.  And I have used EICAR test virus and the ClamAV is definitely catching the virus so it is working despite the log file saying otherwise.  I have loaded sanesec.  The files seemed to be appropriately uploaded and I have turned it on in the Xwall Manager, but it does not appear to be working.   I checked the wall.ini file and there is no entry for sanesec at all.  Do you have any idea how I can get information about the appropriate entries for the wall.ini file and I could update it manually.
Finally, I have removed the log options from clamAV entry because they did not seem to work correctly and kept generating a file called "program" in the c root directory which, of course, caused problems.  
Any other recommendations you might have would be most appreciated.
Cheers
Terry
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 65

Expert Comment

by:btan
ID: 40520359
you can check out the xwall.ini setting below
Connect to ClamAV

VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
http://www.dataenter.com/doc/xwall_undocumented_config.htm

Another sample from this
Just for information, this is what my XWALL.INI entries for AV look like:
ScanInboundMessages=True
VirusScanner=C:\ClamAV\clamdscan.exe
VirusScannerPara=<FILE> --no-summary --log=<TEMPFILE>
VirusScannerTyp=10
VirusScannerExitCode=XxXXXXXXXXXXXXXXXXXXXXXXX
VirusPostScanner=C:\WINDOWS\system32\cscript.exe
VirusPostScannerPara=C:\XWALL\ParseReport.vbs <TEMPFILE> <MSGFILE> CLAMAV
DebugVirusScanner=True
VirusScannerSerializeFalse
VirusScannerScanAlways=True
VirusScannerClamAVNative=True
InboundVirusNDRTyp=0
http://www.xwall.us/index.php/xwall-features/78-xwall-site/xwall-features
0
 

Author Comment

by:tmb5
ID: 40520527
Thanks again for all your help.  By adding the lines:
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
to the xwall.ini the error code disappeared in the log file.
Really appreciate your assistance.
0
 
LVL 65

Expert Comment

by:btan
ID: 40521186
thanks for sharing
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question