Versions Information:
=====================
1.93.0.665 – compatible with ClamAV Version 0.93.x
1.94.0.689 – compatible with ClamAV Version 0.94.x
1.94.0.711 – actual release
The actual release works with Microsoft ISA 2000, 2004 and 2006.
1. Install ClamAV:
=====================
1.1. ClamAV Native Win32 Port
Download the Current Stable Release 0.9x (clamav-win32-0.94.7z) from [Precompiled Binaries] Part at http://oss.netfarm.it/clamav/ including the msvcrt80 side by side assembly Microsoft.VC80.8.0.50727.762.CRT.x86.7z from the [NOTES] Part. Unzip both in the folder clamav\clamav-win-0.94 from step 1.2.
1.2. Use the Explorer to create the following directory structure:
|
clamav |
Folder for WebFilter cache, statistics and exceptions. |
|
clamav\av-scan |
Folder for downloading and scanning of binaries. |
|
clamav\av-temp |
Folder for temporary ClamAV activities. |
|
clamav\clamav-win-0.94 |
ClamAV Native Win32 Port and msvcrt80 side by side assembly. |
|
clamav\db.0.94 |
Folder for ClamAV Virus definition database. |
Important: Ensure that the service account from Microsoft Web Proxy Service (ISA 2000) or Microsoft Firewall Service (ISA 2004 and higher) has modify access or give Everyone this access right to the folder clamav and below! Also important is that you exclude this clamav folder (including subfolders) from scanning by other local installed Virus Scanners!
1.3. Configure global settings for ClamAV (clamd and freshclam) and download the Virus definition database and make a first scan. Create or modify the clamav.reg file and import them to the local registry
[HKEY_LOCAL_MACHINE\SOFTWARE\ClamAV]
"ConfigDir"="D:\\clamav\\clamav-win32-0.94"
"DataDir"="D:\\clamav\\db.0.94.x"
1.3.1. Create or modify a text file named freshclam.conf in the ClamAV Native Win32 Port folder and fill it with the following content (by the way change the your.proxy.* with your settings):
DatabaseMirror database.clamav.net
DNSDatabaseInfo current.cvd.clamav.net
HTTPProxyServer your.proxy.servername
HTTPProxyPort 8080
HTTPProxyUsername your.proxy.username
HTTPProxyPassword your.proxy.password
UpdateLogFile D:\clamav\freshclam.log
DatabaseDirectory D:\clamav\db.0.94.x
Other parameters can be found at:
http://www.clamav.net/doc/latest/clamav-0.94/etc/freshclam.conf
1.3.2. Install freshclam (ClamWin Free Antivirus Database Updater) as service, from command prompt type
cd /d D:\clamav\clamav-win32-0.94
.\freshclam.exe -–install
After successful install, set the service to run automatically and start it. Monitor the log file D:\clamav\freshclam.log and the database directory D:\clamav\db.0.94.x for modifications and errors.
1.3.3. Create or modify a text file named clamd.conf in the ClamAV Native Win32 Port folder
TCPSocket 3310
MaxThreads 2
LogFile D:\clamav\clamd.log
DatabaseDirectory D:\clamav\db.0.94.x
TemporaryDirectory D:\clamav\av-temp
Other parameters can be found at:
http://www.clamav.net/doc/latest/clamav-0.94/etc/clamd.conf
1.3.4. Install ClamD (ClamWin Free Antivirus Scanner Service) service, from command prompt type
cd /d D:\clamav\clamav-win32-0.94
.\clamd.exe -–install
After successful install,
- create a local user called svcClamD with no password expiry
- make this user member of the normal Users group
- use this user as logon account for the ClamD Service
- give this User svcClamD modify access on folder D:\clamav (including files and subfolders)
- set the service to run automatically and configure the service recovery to restart it
- start the service
Notice: The extra user account prevents high level access in case of buffer overflows or anything else, inside the ClamD service during a failure of a scan. If an unhandled error occurs and malicious code should be executed, than it run’s with normal user permissions and an outbreak or system hijacking can be excluded.
Monitor the log file D:\clamav\clamd.log for modifications and errors.
1.3.5. Download the Eicar Test file from http://www.eicar.org/download/eicar_com.zip and store it on your disk at D:\clamav\clamav-win32-0.94.
1.3.6. Open a command prompt and go to directory, where the clamdscan.exe (D:\clamav\clamav-win32-0.94) is stored. Enter the following to the command prompt “clamdscan eicar_com.zip“ the EICAR Test Signature should be found. Please follow with the next steps if this was successful otherwise the WebFilter can not be run.
2. Register, Configure and Install the WebFilter
2.1. Copy the following content of the zip file to the ISA install folder
(C:\Program Files\Microsoft ISA Server\). Files from the zip file are:
|
ISAVirusClamAV.dll |
ISA Server WebFilter plug-in |
|
ISAVirusClamAVInstaller.exe |
Install and Configuration Tool |
|
BugslayerUtil.dll |
Library for crash analysis |
|
ISA2000.dll |
Library for installing on ISA 2000 |
|
ISA2004.dll |
Library for installing on ISA 2004 and 2006 |
2.2. Copy the following content of the zip file to the clamav folder (D:\clamav\). Files from the zip file are:
|
403-isa2000.html |
Template for Virus found for ISA 2000 |
|
403-isa2004.html |
Template for Virus found for ISA 2004 |
|
URLexception.conf |
URL exceptions (see Sample) |
Sample URLexception.conf – do not scan files from this URL list
http://www.microsoft.com/
downloads.microsoft.com/
.microsoft.com/
|
http://www.microsoft.com/ |
all HTTP downloads from this host |
|
downloads.microsoft.com/ |
all HTTP and FTP downloads from this host |
|
.microsoft.com/ |
all HTTP and FTP downloads from this domain |
Notice: Use notepad to modify this file and define one URL per line.
2.3. Setup your Internet Explorer to access the internet:
2.4. Use the Explorer and double click the ISAVirusClamAVInstaller.exe, fill in the configuration parameters and click save. As next press the License button to obtain a valid license for your Pickup ID. Now it’s time to install the WebFilter, to do so press Install, after the install succeeded restart the Microsoft Web Proxy Service (ISA 2000) or Microsoft Firewall Service (ISA 2004 and higher) in the Control Panel – Administrative Tools – Services to load the plug-in. Please ensure that the ISA Server Service needs modify access to the ClamAV folder and the folder for the Logfile.
2.5. Select the previously created folders in the dialog and setup your limits
2.6. Select your license model and type your name and eMail address, to which we should sent your pickup code.
Press the “Request License” button, to forward your lincensing request to the license server. For the Trial Mode you will get an unapproved PickupID for 30 day’s beginning at the Pickup date.
2.7. Enter the Pickup ID from the eMail that you got and press the “License” button to start your license, the result will be visible down right.
2.8. Now it’s time to press the “Install” button, to install the WebFilter as part of your ISA Server.
2.9. Press the “Save” button to store the settings to the registry.
2.10. To validate the correct install, start the ISA Management Tool and look for the “Virus filter for ISA Server” at Configuration\Add-ins\Web Filters
3. Uninstall:
=====================
Use the Explorer and double click the ISAVirusClamAVInstaller.exe, after the uninstall succeeded restart the Microsoft Firewall Service in the Control Panel – Administrative Tools – Services to release the plug-in. After that you can delete the five files from the table. Note: all settings stored in the registry are cleared during the uninstall
4. Known Issues:
=====================
4.1. Local Virus Scanner is running
If you found similar entries in the clamd.log:
D:\clamav\av-scan\vir11.tmp: Input/Output error ERROR
D:\clamav\av-scan\vir10.tmp: Input/Output error ERROR
D:\clamav\av-scan\eicar.zip: Input/Output error ERROR
A Local Virus scanner is faster than our ClamAV. Exclude the folder D:\clamav (and subfolders) from all scanning activity!
4.2. Wrong Path to ClamAV
No test virus is found.
Ensure that the full ClamAV Package is present including the Microsoft Runtime Libraries. May be a full ISA Server restart is necessary.
4.3. High CPU value of the ISA Server after install
Mostly it is that the ISA Server does not have enough access rights to the folders for logging and loading of his necessary files.