ClamAV Plugin for Kerio Connect 8+

Unfortunately, starting with version 8 of Kerio Connect built-in support for ClamAV has been dropped. Up until this version it was possible to easily setup ClamAV in conjunction with Kerio Connect, as described in Setting up ClamAV for Kerio Connect.

Fortunately, Kerio provides a SDK for developing AV plugins, including code for ClamAV. This post describes the steps required to compile and setup the ClamAV plugin using Windows and Cygwin for Kerio Connect 8.

In case you just want to download the compiled version scroll down to the Download section. 32bit and 64bit versions are available.

Download SDK

First of all download the SDK from GitHub and extract it to your Cygwin /home/user directory, e.g. /home/mkerstner/antivirus-sdk-master.

Compile Plugin

Next we need to compile the ClamAV plugin. Open a Cygwin terminal and open the folder where you’ve just extracted the SDK, e.g. /home/mkerstner/antivirus-sdk-master.

For the compilation process to work you need to following tools:

  1. gcc (gcc-core and gcc-g++)
  2. cmake
  3. make
  4. boost (libboost-devel and runtime)

Please refer to the README included in the SDK for further information regarding the setup process of these tools. Once you’ve installed these tools (via your Cygwin setup.exe) you are ready to compile the plugin.

Note this guide has been tested to work with gcc 3.4.4, cmake 2.8.9-2, make 3.82.90-1 and libboost 1.48.0-1 on Cygwin setup.exe version 2.774 on a Windows 7 64bit machine.

1. run CMake

From withing the clam folder of your SDK directory run cmake as follows:

mkerstner@Homer ~/antivirus-sdk-master/clam
$ cmake .
-- The C compiler identification is GNU 4.5.3
-- The CXX compiler identification is GNU 4.5.3
CMake Warning at /usr/share/cmake-2.8.9/Modules/Platform/CYGWIN.cmake:15 (message):
  CMake no longer defines WIN32 on Cygwin!

  (1) If you are just trying to build this project, ignore this warning or
  quiet it by setting CMAKE_LEGACY_CYGWIN_WIN32=0 in your environment or in
  the CMake cache.  If later configuration or build errors occur then this
  project may have been written under the assumption that Cygwin is WIN32.
  In that case, set CMAKE_LEGACY_CYGWIN_WIN32=1 instead.

  (2) If you are developing this project, add the line

    set(CMAKE_LEGACY_CYGWIN_WIN32 0) # Remove when CMake >= 2.8.4 is required

  at the top of your top-level CMakeLists.txt file or set the minimum
  required version of CMake to 2.8.4 or higher.  Then teach your project to
  build on Cygwin without WIN32.
Call Stack (most recent call first):
  /usr/share/cmake-2.8.9/Modules/CMakeSystemSpecificInformation.cmake:36 (INCLUD                         E)
  CMakeLists.txt:1 (PROJECT)

-- Check for working C compiler: /usr/bin/gcc.exe
-- Check for working C compiler: /usr/bin/gcc.exe -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++.exe
-- Check for working CXX compiler: /usr/bin/c++.exe -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
cygwin warning:
  MS-DOS style path detected: C:/boost/lib
  Preferred POSIX equivalent is: /cygdrive/c/boost/lib
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:

http://cygwin.com/cygwin-ug-net/using.html#using-pathnames

-- Boost version: 1.48.0
-- Found the following Boost libraries:
--   thread
--   filesystem
--   system
--   date_time
--   regex
--   chrono
-- Configuring done
-- Generating done
-- Build files have been written to: /home/Anmat/antivirus-sdk-master/clam

2. Run make

Once all dependencies have been satisfied it’s time to run make to start the compilation process:

mkerstner@Homer ~/antivirus-sdk-master/clam
$ make all
Scanning dependencies of target avir_clam
[ 33%] Building CXX object CMakeFiles/avir_clam.dir/avPlugin.cpp.o
[ 66%] Building CXX object CMakeFiles/avir_clam.dir/ClamPlugin.cpp.o
[100%] Building C object CMakeFiles/avir_clam.dir/home/Anmat/antivirus-sdk-master/api/avCommon.c.o
Linking CXX shared library avir_clam.dll
Creating library file: libavir_clam.dll.a
[100%] Built target avir_clam

Done! The plugin was successfully compiled.

Copy Plugin to Plugin Container

In order for Kerio Connect to recognize the plugin we need to copy the the compiled plugin to Kerio’s AV connect plugin dir. Thus, copy avir_clam.dll and libavir_clam.dll.a to your Kerio installation folder, e.g. C:\Program Files (x86)\Kerio\MailServer\plugins\Avirs\

Be sure to restart Kerio Connect server afterwards.

Setting up the Plugin

In versions prior to 8 external antivirus plugins could be easily selected via the “Use external antivirus” option in the administration web console. It seems like this option has been made invisible by default. Luckily, you can still edit this option in mailserver.cfg directly:

<table name="Antivir">
  <variable name="AvirEnabled">0</variable>
  <variable name="UsedInternal">0</variable>
  <variable name="UseMcAfee">0</variable>
  <variable name="UsedPlugin">avir_clam</variable>
  <variable name="EnabledExtAV">avir_clam</variable>
  <variable name="JpegEnabled">1</variable>
  <variable name="AdminNotify"></variable>
  <variable name="AdminNotifyFiltered"></variable>
  <variable name="Bounce">1</variable>
  <variable name="RemoveAttachments">1</variable>
  <variable name="InsertSubjectPrefix">0</variable>
  <variable name="SubjectPrefix">**VIRUS**</variable>
  <variable name="CheckImpossibleMode">1</variable>
  <variable name="DelayIfFailed">1</variable>
  <variable name="UpdateInterval">6</variable>
  <variable name="UpdateDatabaseTime">0</variable>
  <variable name="UpdateLastCheck">0</variable>
  <variable name="ShortTimeout">60</variable>
  <variable name="LongTimeout">120</variable>
  <variable name="UpdateTimeout">3600</variable>
  <variable name="RestartWait">300</variable>
  <variable name="MaxScanningThreads">8</variable>
</table>

The options you need to edit are:

<variable name="UsedPlugin">avir_clam</variable>
<variable name="EnabledExtAV">avir_clam</variable>

Be sure to restart the server again.

Finally, open the administration web interface and select your shiny new ClamAV plugin from the external antivirus plugins selection box:

kerio_connect_8_clamav_plugin

You will get a warning message upon startup saying that support for external plugins will be discountinued:

kerio_connect_8_clamav_plugin_warning

You can ignore this warning. The plugin should work as expected.

That’s it! Enjoy :)

Download ClamAV Plugin

53 thoughts on “ClamAV Plugin for Kerio Connect 8+

  1. Thanks for your work.

    I posted it on our youtube and Xing channel and we will also promote it in one of our next newsletters.

    Keep up your good work!

  2. anybody can compile a 32bits windows version please! i tried compiling for hours with cygwin and ubuntu e.t.c i always get mithic error :( i am no programmer…

    • Hey Carl,
      in order to help I need more info on the error you get when compiling the plugin. I don’t have a 32bit Windows right now to test the setup, but it should work just the same as the 64bit solution described in this post.

      Anyways, I’ll try to provide a 32bit version too.

      Cheers

          • Hi, thank you, but as i am no programer i don’t know where to ad the option, i tried
            make all CFLAGS=-D__USE_W32_SOCKETS
            make all CC=”-D__USE_W32_SOCKETS”
            make all CC=”gcc -D__USE_W32_SOCKETS”
            make CFLAGS=’-D__USE_W32_SOCKETS’

            and i forget some… so i must be doing it wrong :(

          • Hu,

            thank you, trying that give’s me:
            $ make all -D__USE_W32_SOCKETS
            make: invalid option — D
            make: invalid option — _
            make: invalid option — _
            make: invalid option — U
            make: invalid option — E
            make: invalid option — _
            Usage: make [options] [target] …
            … all the option…

            thank you !

  3. Hi,

    I’m having trouble getting this to work, only due to my total inexperience. Did anyone ever get a 32bit version made?

    Thanks in advanced!

  4. Hi,

    OK, I’m back and I’m still having problems. I have copied both files to the \avirs folder, but still see this in the error log.

    [30/Apr/2013 10:23:15] AntivirusModule.cpp: Server: external plugin cannot be initialized: Unable to load library c:\program files\kerio\mailserver\plugins\avirs\avir_clam.dll, error: Unable to load AV plug-in c:\program files\kerio\mailserver\plugins\avirs\avir_clam.dll. ((126) The specified module could not be found.)

    [30/Apr/2013 10:23:15] AntivirusModule.cpp: Server: external plugin failed to start Unable to load library c:\program files\kerio\mailserver\plugins\avirs\avir_clam.dll, error: Unable to load AV plug-in c:\program files\kerio\mailserver\plugins\avirs\avir_clam.dll. ((126) The specified module could not be found.)

    [30/Apr/2013 10:23:15] AntivirusModule.cpp: Restarting of avir_clam plugin has failed, next try is planned after 300 seconds.

    If anyone has any thoughts that would be great.
    Many Thanks.

  5. Hello Matthias,

    great tutorial. But I am not sure. Can I use the plugins for linux version? :roll: :oops:

    le.grec

  6. On a 64 Bit Windows 2008 with Kerio Connect 8.0.2 build 1117, I tried the 64 bit plugins, failed with:

    [31/May/2013 13:04:58] AntivirusModule.cpp: Server: external plugin cannot be initialized: Unable to load library c:\program files (x86)\kerio\mailserver\plugins\avirs\avir_clam.dll, error: Unable to load AV plug-in c:\program files (x86)\kerio\mailserver\plugins\avirs\avir_clam.dll. ((126) The specified module could not be found.)
    [31/May/2013 13:04:58] AntivirusModule.cpp: Server: external plugin failed to start Unable to load library c:\program files (x86)\kerio\mailserver\plugins\avirs\avir_clam.dll, error: Unable to load AV plug-in c:\program files (x86)\kerio\mailserver\plugins\avirs\avir_clam.dll. ((126) The specified module could not be found.)
    [31/May/2013 13:04:58] AntivirusModule.cpp: Restarting of avir_clam plugin has failed, next try is planned after 300 seconds.

    Just for sake of it I tried the 32 bit version too, same error. Luckily it still works with old avir_clammt plugin, so I am fine, but I’d rather be prepared for future.

    I looked into the KB article you sent to Ross, but my Windows Module Installer service is just fine, I can start it with no errors.

  7. I had this working fine with Kerio 8.0.2, but have been unable to get it going in 8.1.1. Using the 32-bit version of Kerio and the plugin. I noticed that the entries in mailserver.cfg were missing and put them back, but Kerio keeps removing them.

      • I have it running on windows 2008 server r2 64-bit. I tried both the 32- and 64-bit versions of the plugin. I upgraded to the 32-bit version of kerio 8.1.1.

  8. Ahhh. There is so many things wrong in this guide…
    – 64-bit DLL does not make a sense and is not necessary.
    – libavir_clam.dll.a has no use and there is no reason to copy it.
    – Kerio Connect 8.1 detects the AV plugins automatically so messing up the config file is not a good thing.
    – The plug-in is supposed to be compiled with MS Visual Studio 2010. Using cygwin will probably not work.

    • Hi Pavel,
      thanks for the feedback. First off, why does a natively compiled 64-bit version not make sense to you? Sure, 64-bit processors are capable of emulating 32-bit applications (e.g. IA-32 EL) but still, sometimes you are just better off compiling it for the target system. Second, you are of course right about the *.dll.a file, but it does not harm the system to copy it. As far as the claimed auto-detection works this guide was written for an early version 8 of Kerio Connect, which in fact did *not* automatically detect or work with ClamAV ootb. I have not tested this guide with newer versions, so it might be easier now or work ootb. Finally, Kerio provides an official guide to compile this plugin using Linux tools (and cygwin for Windows). So I beg to differ that it does not work when compiled using cygwin on Windows. Cheers

  9. Unfortunately debian plugins available here are not compatible anymore with Connect 8.2.1 (was working with 8.2.0).
    I hope it “just” need to be recompiled with latest SDK and not a dead end..

      • Hi Matthias,
        I hope it will be possible to make it work but I have doubts (the end of support for external anti-viruses was “pending”)
        These kind of changes is just making my anger against Kerio grow (after the mess with Workspace and all the changes in Connect licensing..)
        Until recently I was kind of evangelizing for their products..now I’m looking for alternatives..

    • Hi mikhail,
      I’m sorry but I havn’t had time to test the extension with more recent Kerio releases for some time now. I will try to have a look at at though and post back here. Cheers

        • Hey guys,
          I try to make ClamAV work with Kerio 8.2.1 too.
          After changing the too lines:

          avir_clam
          avir_clam

          in mailserver.cfg and restarting kerio the mailserver.cfg
          will allways be oberwritten. In Version 8.1 I simply had to change both
          files mailserver.cfg and mailserver.cfg.bak.
          But this doesn’t work anymore.

          Anywhere must be another backup-file or there is a checking-routine which
          checks the mailserver.cfg-file.

          Cheers,
          Olivier

          • Hello Olivier,

            did you find out solution with your mailserver.cfg overwrite? It’s doing the same for me.. and so far I didn’t solved it..


            Martin

          • Hey Oliver,

            i’ve got the sampe Problem with the mailserver.cfg on Kerio 8.2.4 (2550) :-(
            Can’t find where the original mailserver.cfg coe from.

            CU
            Henning

  10. Hey guys,

    I can’t use the precompiled version from Matthias so I compiled my own version with Visual Studio 2008. It is much smaller (only 200KB) and works now for about 2 weeks without problems. If someone is interested on this version, I can share it.

    Best regards
    Frank

  11. Has anyone worked on this to get it running under Mac OS X? If you have, do you have any hints to share (or a working plug-in?).

    Thanks.

    • For Mac:

      install macports (https://www.macports.org/install.php; if you already have it installed you can update with sudo port selfupdate)

      Then from a shell:
      sudo port install boost +universal
      sudo port install cmake

      If you fail to make the universal boost variant you will get errors like this:
      ld: warning: in /opt/local/lib/libboost_thread-mt.a, file was built for unsupported file format which is not the architecture being linked (i386)

      NOTE: Making the universal variant of boost had to recompile (assumedly) all of the dependencies (including python and a compiler toolchain). On my xserve this took about three hours. If you are here because your production machine doesn’t have a virus scanner you may want to downgrade to Version 8.0.2 and follow the steps in the blog post labeled “Setting up the Plugin” substituting avir_clammt for avir_clam but beware this gotcha: http://kb.kerio.com/product/kerio-connect/installation-and-upgrade/downgrading-from-kerio-connect-81-to-older-versions-on-mac-os-x-1417.html

      After you follow the instructions from the blog post (up there at the top of this page) for “cmake .” and “make all” you should find avir_clam.dylib in your working directory. I copied mine to the proper place with this command: “sudo cp avir_clam.dylib /usr/local/kerio/mailserver/plugins/avirs/”
      or for newer version “sudo cp avir_clam.dylib /usr/local/kerio/mailserver/plugins/avserver/avirs/“ see note below.

      NOTE: When I upgraded to 8.1.x I had to move the .dylib to /usr/local/kerio/mailserver/plugins/avserver/avirs/ I’m not sure if this would have been the appropriate place for 8.0.x also. Modifying the configuration file was not necessary in 8.1.x when placing the plugin in this directory, but it does have to be enabled using the gui.

      The clam plugin included in 8.0.2 shows in the web gui as Clam AntiVirus, the version I compiled shows Clam AntiVirus plugin v0.1 for Kerio.

      NOTE: I tried two different sites that email EICAR test files to the email address you enter and both of them had the attachments stripped before they got to my server. I would suggest you test using machines you control (and make sure you don’t email through your ISPs servers).

      Hope this helps someone.

Leave a Comment

Your email address will not be published. Required fields are marked *