How to improve ClamAV catch ransomware even zero-hour style protection!

clamav protection

ClamAV Porblem: The standard SmarterMail install of ClamAV is very poor at catching basic viruses, trojans, and other malware, what to speak about zero-hour virus protection. Currently any .zip file attachment can contain a .exe, .js, .pdf payload and ClamAV will not catch it.  The below solution has the ability to stop a lot of spam. Essentially all you’re doing is adding thousands of additional signatures to ClamAV and automating hourly updates to catch the newest threats.

How to greatly improve ClamAV virus/trojan/ransomware catching ability even zero-hour virus protection

  1. Download pre-configured package from this link: http://www.hostbreak.com/downloads/clamav.rar.You will be downloading a file named ClamAV.rar. You may scan it for Virus, it is clean.
  2. Go to your SmarterMail server and rename “C:\Program Files (x86)\SmarterTools\SmarterMail\Service\clam” to “clam.orig” .
  3. Extract ClamAV.rar to C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam
  4. If necessary edit \Clamsup\Clamsup.cfg and adjust the path. Usually, the default settings will work. If your SmarterMail program files are installed on C:\Program Files (x86)…. you don’t need to do any editing, etc. If you’ve installed SmarterMail on a different drive or path you will need to edit the ClamSup.cfg file to represent the proper paths.
  5. Create a schedule task to run “C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\ClamSup\ClamsUp.bat” every 1-hour. Verify the schedule task can run without errors.
    1. When you Run the ClamSup.bat file it will download all the signatures to your ClamAV installation “C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav”. There is a built in delay in the batch file so ClamAV can validate each new signature.  It may take 10 minutes or so for the batch file to complete.
  6. Open SmarterMail webmail, log in as admin, go to Security > Antispam Administration, Click ClamAV and then click Update ClamAV button.
  7. To verify that your ClamSup installation is working properly take a look at your C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav folder (or whatever your path may be). You should see a total of 20+ files and one folder called “SIG_TMP” (this temp folder holds the new verified signatures to be integrated into ClamAV and can be ignored).

To receive latest zero-hour signatures from www.securiteinfo.com:

  1. Signup at https://www.securiteinfo.com/clients/customers/account.
  2. After signup go to Setup tab, copy the URLs and paste them in your freshclam.conf.
  3. Run ClamAV update through Update ClamAV button.

That’s it! You and your customers are now protected to maximum length against latest viruses.

For any comments or assistance write us notify [AT] hostbreak [dot] com

credits: this article is derived from great work done by Joel at SmarterMail forum

Check Also

117133_39451

Steps to grow your business Online (part 3)

Now, you have learned how to start your website and optimize it for better online ...