ClamAV on Windows 2008 x64 update

by Peter Tyrrell Friday, February 19, 2010 10:19 AM

Further to my previous post which describes how to install and run ClamAV as a service on Windows, here is extra info on what is required for Windows Server 2008 x64, discovered the hard way, through trial and error, by the persistent IT brains at SET-BC (Special Education Technology British Columbia). Particular thanks to IT Manager Gordon Eddy.

Configuring ClamD and FreshClam services

No special configuration is needed for the services. Clam and FreshClam both run fine under Local System, with automatic start and defaults for other service settings. The service account needs read/write access to C:\ClamAV, which it would have by default if Local System is used.

Starting the services

If the ClamD service is started from the services UI and there is no database, or the database is no good, it will fail silently. This could lead one off on a long goose chase looking at service accounts, permissions, service settings, etc. trying to figure out why the service won’t run, when in fact all you need is to run FreshClam once to get a good database, and then ClamD will run fine.

Run FreshClam immediately after installing ClamAV, before trying to run the ClamD service the first time. If FreshClam reports corruption or other problems with the existing database files, delete everything in ..\data and run FreshClam again.

There is no useful error info returned when trying to start ClamD from the services UI. On the other hand, starting it from a command prompt using "NET START CLAMD" does return a bit of useful info. Executing it directly as "clamd.exe --daemon" also returns some (different) info.

Registry setting required

There is a registry file in the ..\docs folder called clamav.reg that contains some path information. The docs seem to be saying that this is not necessary unless you are running Clam from somewhere other than the default location. We found this is not true. Even if installed to C:\ClamAV, Clam will not run without this info in the registry.

TCPAddr setting required

In clamd.config, the comments suggest that the TCPAddr setting is optional. It is not. Set it to the address at which ClamD should respond. If this is missing, the Clamd service will run, but will not respond to requests.

blog comments powered by Disqus

Month List