Posted on 58 Comments

ClamAV Plugin for Kerio Connect 8+

Kerio Connect Logo

Unfortunately, starting with version 8 of Kerio Connect built-in support for ClamAV has been dropped. Up until this version it was possible to easily setup ClamAV in conjunction with Kerio Connect, as described in Setting up ClamAV for Kerio Connect. Fortunately, Kerio provides a SDK for developing AV plugins, including code for ClamAV. This post describes the steps required to compile and setup the ClamAV plugin using Windows and Cygwin for Kerio Connect 8.

In case you just want to download the compiled version scroll down to the Download section. 32bit and 64bit versions are available.

Download SDK

First of all download the SDK from GitHub and extract it to your Cygwin /home/user directory, e.g. /home/mkerstner/antivirus-sdk-master.

Compile Plugin

Next we need to compile the ClamAV plugin. Open a Cygwin terminal and open the folder where you’ve just extracted the SDK, e.g. /home/mkerstner/antivirus-sdk-master. For the compilation process to work you need to following tools:

  1. gcc (gcc-core and gcc-g++)
  2. cmake
  3. make
  4. boost (libboost-devel and runtime)

Please refer to the README included in the SDK for further information regarding the setup process of these tools. Once you’ve installed these tools (via your Cygwin setup.exe) you are ready to compile the plugin. Note this guide has been tested to work with gcc 3.4.4, cmake 2.8.9-2, make 3.82.90-1 and libboost 1.48.0-1 on Cygwin setup.exe version 2.774 on a Windows 7 64bit machine.

1. run CMake

From withing the clam folder of your SDK directory run cmake as follows:

mkerstner@Homer ~/antivirus-sdk-master/clam
$ cmake .
-- The C compiler identification is GNU 4.5.3
-- The CXX compiler identification is GNU 4.5.3
CMake Warning at /usr/share/cmake-2.8.9/Modules/Platform/CYGWIN.cmake:15 (message):
  CMake no longer defines WIN32 on Cygwin!

  (1) If you are just trying to build this project, ignore this warning or
  quiet it by setting CMAKE_LEGACY_CYGWIN_WIN32=0 in your environment or in
  the CMake cache.  If later configuration or build errors occur then this
  project may have been written under the assumption that Cygwin is WIN32.
  In that case, set CMAKE_LEGACY_CYGWIN_WIN32=1 instead.

  (2) If you are developing this project, add the line

    set(CMAKE_LEGACY_CYGWIN_WIN32 0) # Remove when CMake >= 2.8.4 is required

  at the top of your top-level CMakeLists.txt file or set the minimum
  required version of CMake to 2.8.4 or higher.  Then teach your project to
  build on Cygwin without WIN32.
Call Stack (most recent call first):
  /usr/share/cmake-2.8.9/Modules/CMakeSystemSpecificInformation.cmake:36 (INCLUD                         E)
  CMakeLists.txt:1 (PROJECT)

-- Check for working C compiler: /usr/bin/gcc.exe
-- Check for working C compiler: /usr/bin/gcc.exe -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++.exe
-- Check for working CXX compiler: /usr/bin/c++.exe -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
cygwin warning:
  MS-DOS style path detected: C:/boost/lib
  Preferred POSIX equivalent is: /cygdrive/c/boost/lib
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
-- Boost version: 1.48.0
-- Found the following Boost libraries:
--   thread
--   filesystem
--   system
--   date_time
--   regex
--   chrono
-- Configuring done
-- Generating done
-- Build files have been written to: /home/Anmat/antivirus-sdk-master/clam

2. Run make

Once all dependencies have been satisfied it’s time to run make to start the compilation process:

mkerstner@Homer ~/antivirus-sdk-master/clam
$ make all
Scanning dependencies of target avir_clam
[ 33%] Building CXX object CMakeFiles/avir_clam.dir/avPlugin.cpp.o
[ 66%] Building CXX object CMakeFiles/avir_clam.dir/ClamPlugin.cpp.o
[100%] Building C object CMakeFiles/avir_clam.dir/home/Anmat/antivirus-sdk-master/api/avCommon.c.o
Linking CXX shared library avir_clam.dll
Creating library file: libavir_clam.dll.a
[100%] Built target avir_clam

Done! The plugin was successfully compiled.

Copy Plugin to Plugin Container

In order for Kerio Connect to recognize the plugin we need to copy the the compiled plugin to Kerio’s AV connect plugin dir. Thus, copy avir_clam.dll and libavir_clam.dll.a to your Kerio installation folder, e.g. C:Program Files (x86)KerioMailServerpluginsAvirs Be sure to restart Kerio Connect server afterwards.

Setting up the Plugin

In versions prior to 8 external antivirus plugins could be easily selected via the “Use external antivirus” option in the administration web console. It seems like this option has been made invisible by default. Luckily, you can still edit this option in mailserver.cfg directly:

<table name="Antivir"> 
 <variable name="AvirEnabled">0</variable> 
 <variable name="UsedInternal">0</variable> 
 <variable name="UseMcAfee">0</variable> 
 <variable name="UsedPlugin">avir_clam</variable> 
 <variable name="EnabledExtAV">avir_clam</variable> 
 <variable name="JpegEnabled">1</variable> 
 <variable name="AdminNotify"></variable> 
 <variable name="AdminNotifyFiltered"></variable> 
 <variable name="Bounce">1</variable> 
 <variable name="RemoveAttachments">1</variable> 
 <variable name="InsertSubjectPrefix">0</variable> 
 <variable name="SubjectPrefix">**VIRUS**</variable> 
 <variable name="CheckImpossibleMode">1</variable> 
 <variable name="DelayIfFailed">1</variable> 
 <variable name="UpdateInterval">6</variable> 
 <variable name="UpdateDatabaseTime">0</variable> 
 <variable name="UpdateLastCheck">0</variable> 
 <variable name="ShortTimeout">60</variable> 
 <variable name="LongTimeout">120</variable> 
 <variable name="UpdateTimeout">3600</variable> 
 <variable name="RestartWait">300</variable> 
 <variable name="MaxScanningThreads">8</variable> 
</table>

The options you need to edit are:

<variable name="UsedPlugin">avir_clam</variable> 
<variable name="EnabledExtAV">avir_clam</variable>

Be sure to restart the server again. Finally, open the administration web interface and select your shiny new ClamAV plugin from the external antivirus plugins selection box: kerio_connect_8_clamav_plugin You will get a warning message upon startup saying that support for external plugins will be discountinued: kerio_connect_8_clamav_plugin_warning You can ignore this warning. The plugin should work as expected. That’s it! Enjoy 🙂

Download ClamAV Plugin

Posted on 4 Comments

Setting up ClamAV for Kerio Connect

Kerio Connect Logo

ClamAV represents a viable alternative to commercial antivirus solutions on the market. Fortunately, Kerio Connect (formerly Kerio Mailserver) offers support for ClamAV out-of-the-box. Nevertheless, it takes some steps in order to manage a working setup that will automatically update the virus database and carry out scheduled checks aside from simply checking emails. The following approach has proven to work on Windows 2003 and Windows 2008 servers using ClamWin/ClamAV 0.97 and up. If you run into problems please report them.

Basically, there are 2 versions of the Clam antivirus suite: ClamAV and ClamWin. Whereas ClamWin is aimed at desktop users that require a GUI and does not include the daemon clamd, ClamAV is the command line version that indeed includes the daemon which is required to setup Kerio Connect to be used together with the Clam suite.

UPDATE: Special thanks go to Bob H. at MIS Specialists for pointing out that Kerio is dropping support for all AV solutions except Sophos beginning with version 8. According to their blog Kerio “they are trying to make our life easier by providing an open source reference implementation, based on their current ClamAV plug-in”. I will try to have a look at this issue and post back with news.

Setup

Since we want to use the functionality provided by ClamWin (scheduled updates and scans, graphical configuration tools) we first need to set it up.

  1. Download and setup ClamWin

Be sure to use C:ClamAV as your destination path, since we do not want to have spaces in the path which would cause potential problems later when setting up the clamd daemon. Configure ClamWin as usual but additionally create a tmp and a db directory and set the update path to the db directory: Afterwards, run another definitions update to make sure the settings are correct and the files are being saved into the newly created db folder. That’s all there is to set up ClamWin. Unfortunately, ClamWin does not include the daemon required for Kerio Connect to do the checks. So, let’s install and configure ClamAV.

  1. Download and setup ClamAV

Extract the downloaded archive to C:ClamAV (the folder you installed ClamWin in the first step). Doing so will add some folder and files, such as clamd.exe, the daemon we need in our setup. The next step is to configure the daemon using a text file called clamd.conf:

  1. Create C:ClamAVclamd.conf using the following content:
PidFile C:ClamAVclamd.pid
LogFile C:ClamAVclamd.log
DatabaseDirectory C:ClamAVdb
TemporaryDirectory C:ClamAVtmp
TCPSocket 3310
TCPAddr 127.0.0.1
DetectPUA yes
DetectBrokenExecutables yes
HeuristicScanPrecedence yes
ArchiveBlockEncrypted yes
StreamMaxLength 30M

Thanks to Martijn for these settings. Of course there are a lot more options to set but these settings work and should suffice for a first setup. Now that we have all the settings required by the daemon let’s test it by starting it from the command line: If you don’t see any error messages here we are ready to move on to the setup of the daemon as a Windows service. Otherwise re-check the steps above, especially if you extracted ClamAV in the correct destination path and that clamd.conf has been saved in this directory too.

  1. Add clamd.exe as a Windows service

There are a lot of ways to add services under Windows, such as using sc.exe, cygwin or instsrv.exe included in the Windows Resource Kit. Basically, what we need to do is to add clamd.exe as a service and specify certain startup parameters for it to work, i.e. which config file (clamd.conf) to use. Thus, let’s add the service. My personal favorite when dealing with Windows services is sc.exe:

sc create clamd binpath= c:clamavclamd.exe type= own start= auto

This will as a service called clamd that will start clamd.exe. Note that you can easily delete services again using sc.exe in case something went wrong on the first attempt:

sc delete clamd

As previously mentioned, the clamd service must be configured to use clamd.conf as its configuration file. To do so open the service management console using services.msc and specify “-c c:clamAVclamd.conf” as startup parameter in the General tab. Note that you must stop the service first to edit the startup parameters in the management console. Once this is done be sure to test the service by starting and stopping it, using net start clamd and net stop clamd.

  1. Set ClamAV as antivirus scanner in Kerio Connect

Finally, once ClamWin, ClamAV and the daemon have been setup correctly it is time to configure Kerio Connect to use ClamAV as its antivirus suite. To do so open up Kerio’s administration interface and navigate to the Antivirus tab: In the ClamAV settings tab leave the default values: Be sure to check and save the settings using “Apply“. If the setup does not work Kerio Connect will complain immediately. In this case re-check your settings, especially if clamd is running as a service (e.g. netstat -a | findstr 3310). If the service does not start or keeps stopping for some reason try to add the service using instsrv.exe and srvany.exe from the Windows Resource Kit. Also make sure that the service is started with the “-c c:clamavclamd.conf” startup parameter. Finally, restart the machine just to make sure the service starts correctly when booting up. If everything went smoothly you now have an open source AV scanner configured using Kerio Connect.