Setting up ClamAV for Kerio Connect

ClamAV represents a viable alternative to commercial antivirus solutions on the market. Fortunately, Kerio Connect (formerly Kerio Mailserver) offers support for ClamAV out-of-the-box. Nevertheless, it takes some steps in order to manage a working setup that will automatically update the virus database and carry out scheduled checks aside from simply checking emails. The following approach has proven to work on Windows 2003 and Windows 2008 servers using ClamWin/ClamAV 0.97 and up. If you run into problems please report them.

Basically, there are 2 versions of the Clam antivirus suite: ClamAV and ClamWin. Whereas ClamWin is aimed at desktop users that require a GUI and does not include the daemon clamd, ClamAV is the command line version that indeed includes the daemon which is required to setup Kerio Connect to be used together with the Clam suite.

UPDATE: Special thanks go to Bob H. at MIS Specialists for pointing out that Kerio is dropping support for all AV solutions except Sophos beginning with version 8. According to their blog Kerio “they are trying to make our life easier by providing an open source reference implementation, based on their current ClamAV plug-in”. I will try to have a look at this issue and post back with news.

Setup

Since we want to use the functionality provided by ClamWin (scheduled updates and scans, graphical configuration tools) we first need to set it up.

1. Download and setup ClamWin

Be sure to use C:ClamAV as your destination path, since we do not want to have spaces in the path which would cause potential problems later when setting up the clamd daemon. Configure ClamWin as usual but additionally create a tmp and a db directory and set the update path to the db directory: Afterwards, run another definitions update to make sure the settings are correct and the files are being saved into the newly created db folder. That’s all there is to set up ClamWin. Unfortunately, ClamWin does not include the daemon required for Kerio Connect to do the checks. So, let’s install and configure ClamAV.

2. Download and setup ClamAV

Extract the downloaded archive to C:ClamAV (the folder you installed ClamWin in the first step). Doing so will add some folder and files, such as clamd.exe, the daemon we need in our setup. The next step is to configure the daemon using a text file called clamd.conf:

3. Create C:ClamAVclamd.conf using the following content:

PidFile C:ClamAVclamd.pid
LogFile C:ClamAVclamd.log
DatabaseDirectory C:ClamAVdb
TemporaryDirectory C:ClamAVtmp
TCPSocket 3310
TCPAddr 127.0.0.1
DetectPUA yes
DetectBrokenExecutables yes
HeuristicScanPrecedence yes
ArchiveBlockEncrypted yes
StreamMaxLength 30M

Thanks to Martijn for these settings. Of course there are a lot more options to set but these settings work and should suffice for a first setup. Now that we have all the settings required by the daemon let’s test it by starting it from the command line: If you don’t see any error messages here we are ready to move on to the setup of the daemon as a Windows service. Otherwise re-check the steps above, especially if you extracted ClamAV in the correct destination path and that clamd.conf has been saved in this directory too.

4. Add clamd.exe as a Windows service

There are a lot of ways to add services under Windows, such as using sc.exe, cygwin or instsrv.exe included in the Windows Resource Kit. Basically, what we need to do is to add clamd.exe as a service and specify certain startup parameters for it to work, i.e. which config file (clamd.conf) to use. Thus, let’s add the service. My personal favorite when dealing with Windows services is sc.exe:

sc create clamd binpath= c:clamavclamd.exe type= own start= auto

This will as a service called clamd that will start clamd.exe. Note that you can easily delete services again using sc.exe in case something went wrong on the first attempt:

sc delete clamd

As previously mentioned, the clamd service must be configured to use clamd.conf as its configuration file. To do so open the service management console using services.msc and specify “-c c:clamAVclamd.conf” as startup parameter in the General tab. Note that you must stop the service first to edit the startup parameters in the management console. Once this is done be sure to test the service by starting and stopping it, using net start clamd and net stop clamd.

5. Set ClamAV as antivirus scanner in Kerio Connect

Finally, once ClamWin, ClamAV and the daemon have been setup correctly it is time to configure Kerio Connect to use ClamAV as its antivirus suite. To do so open up Kerio’s administration interface and navigate to the Antivirus tab: In the ClamAV settings tab leave the default values: Be sure to check and save the settings using “Apply“. If the setup does not work Kerio Connect will complain immediately. In this case re-check your settings, especially if clamd is running as a service (e.g. netstat -a | findstr 3310). If the service does not start or keeps stopping for some reason try to add the service using instsrv.exe and srvany.exe from the Windows Resource Kit. Also make sure that the service is started with the “-c c:clamavclamd.conf” startup parameter. Finally, restart the machine just to make sure the service starts correctly when booting up. If everything went smoothly you now have an open source AV scanner configured using Kerio Connect.