Clamav not updating virus signatures
(On Edit: Some Smarter Mail installations have the file in the \etc folder instead of \bin - please verify that the proper path to in the Clam matches the actual location of your Clamd.conf).An easy way to find the proper path for the Clam file just find your EXISTING and open it in notepad (or any text editor of you choice).Currently any file attachment can contain a payload and Clam AV will not catch it.I originally started at looking for ways to use the Spam Assassin MIMEHeader plugin to check for files inside files, but couldn't make it work.This is not a difficult process and I can implement it on a Smarter Mail server in less than 4 minutes and never have to stop the Smarter Mail service (it's transparent and just works great). ANTIVIRUS shows Clam AV stuck on "Updating" for it's virus definitions. Solution: I found that many of the original Clam AV developers and others have developed third party signatures that greatly increase the effectiveness of Clam AV. You can investigate all of the below at Sanesecutity you can do all of what I've done below yourself if you desire I've just made installation easier and configured it for use with the standard Clam AV installed by Smarter Mail.
If you stay logged in to your Smarter Mail server all the time you can run the Clam in loop mode by changing the last line in your Clam from "LOOP_MODE=N" to "LOOP_MODE=Y".When the batch file is run in loop mode it will automatically download the signatures hourly, but if you log off the computer it will not run and you will need to use the Task Scheduler method.#5 If you want to verify that your Clam Sup installation is working properly take a look at your C:\Program Files (x86)\Smarter Tools\Smarter Mail\Service\Clam\share\clamav folder (or whatever your path may be).You should see a total of 20 files and one folder called "SIG_TMP" (this temp folder holds the new verified signatures to be integrated into Clam AV and can be ignored).That's all there is to it and you've turned Clam AV into one of the best antivirus solutions possible.I suggest you enable the Virus Quarantine and monitor the results.