Mailing List Archive

Hi there,

On Thu, 16 Sep 2021, Marcy Rogers via clamav-users wrote:

> I have a question about the Windows Installation of the ClamAV .104.0
> software.

I don't use Windows any more but I'll try to help in case nobody with
more current Windows experience chips in.

> I know that the .msi is not working correctly. On your documentation

For the avoidance of doubt, I'm just another user like you, and this
mailing list is mostly populated by users. A couple of people from
the Sourcefire which is (now) the provider of ClamAV keep an eye on
things here and make announcements etc. There are third parties who
provide packages to install ClamAV on Windows but AFAIK the Windows
installation instructions in the official ClamAV documentation assume
that you've installed from the source. FWIW I think that's the best
way to do it and it's what I always do. (on Linux, however).

> under the configuration, you have to check the Registry to confirm the
> location of the Databases.
>
> When I search my registry for the paths you have listed, Clamav is not
> listed under the software folder at all.
>
> Config files path search order:
>
> 1. The content of the registry key:
> "HKEY_LOCAL_MACHINE/Software/ClamAV/ConfDir"
> 2. The directory where libclamav.dll is located: "C:\Program
> Files\ClamAV"
> 3. "C:\ClamAV"
>
> Database files path search order:
>
> 1. The content of the registry key:
> "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir"
> 2. The directory "database" inside the directory where libclamav.dll is
> located: "C:\Program Files\ClamAV\database"
> 3. "C:\ClamAV\db"
>
> The number 1's is not on my machine at all. I can add it but is there
> anything else that should be listed under ClamAV path?

As I understand it, the paths in the sections above which you have
copied from the official documentation are telling you where ClamAV
WILL look under normal circumstances (i.e. when you have installed
ClamAV as directed and not modified things too much) for the library
and database files. It doesn't actually EXPECT you to have modified
those Registry keys but you can if you wish. If you don't modify the
Registry keys, all you need to do is make sure that the library and
database files are in the places where ClamAV will look for them when
it needs them. It's up to you where you store the database files but
the configuration file for freshclam (freshclam.conf) needs to have
the location of the datbase files in its 'DatabaseDirectory' line.
Here's mine:

$ grep DatabaseDirectory /etc/mail/clamav/freshclam.conf
DatabaseDirectory /EXPORTS/clamav/databases
$

The path is in /EXPORTS because in our case the database directory is
on a network-mounted partition remote from the server itself. If for
example you decided NOT to put your database files in the directory
"C:\ClamAV\db" or in the directory "C:\Program Files\ClamAV\database"
then set the value of "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir" to
tell ClamAV where you've put them. But I think it's there for that
reason, and under normal circumstances you won't need to change it.

> I have looked at the machines that are still running the .103.3 and there
> is nothing listed in those registry keys either.

I guess the same applies to earlier versions.

HTH

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Ged,

Thank you for your response. I was asking these questions because I have
put the new .104.0 on one of my computers. When I installed the msi, there
was nothing in the Clamav Folder. I then downloaded the zip file and
placed the items in the zip into the clamav folder.
When I run the clamd.exe and then the clamdscan.exe, I get an error message
when the Clamdscan.exe starts that the clamd.log file is too large or too
small. I was asked to submit a bug ticket on the github website. I
submitted that ticket on the github and I got an answer back that I need to
run PowerShell as an admin and to make sure that the Config file had the
path for the log file a c:\program files\clamav. Well, I always opened
Powershell as an Admin and I am also logged on as an admin and my config
file does have the correct path to the log file. I answered the git hub
replay and have not heard anything back as of yet. I was working on
troubleshooting this until I heard something and the only thing that I
noticed was the paths in the registry. I am guessing, from the look of the
machines that I have with ClamAV .103.3 that the registry keys are not in
that version and have been added to the new version of ClamAV. If that is
so, then the .msi did not put the registry keys in place and I need to add
them manually. If I need to add them manually, I am guessing there is
more than one key under the clamav key. If that is so, I would like to
know the rest of them all so that I can add them and see if I still get the
error message.


I hope that explains things better.

Thanks,
Marcy


On Thu, Sep 16, 2021 at 1:51 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 16 Sep 2021, Marcy Rogers via clamav-users wrote:
>
> > I have a question about the Windows Installation of the ClamAV .104.0
> > software.
>
> I don't use Windows any more but I'll try to help in case nobody with
> more current Windows experience chips in.
>
> > I know that the .msi is not working correctly. On your documentation
>
> For the avoidance of doubt, I'm just another user like you, and this
> mailing list is mostly populated by users. A couple of people from
> the Sourcefire which is (now) the provider of ClamAV keep an eye on
> things here and make announcements etc. There are third parties who
> provide packages to install ClamAV on Windows but AFAIK the Windows
> installation instructions in the official ClamAV documentation assume
> that you've installed from the source. FWIW I think that's the best
> way to do it and it's what I always do. (on Linux, however).
>
> > under the configuration, you have to check the Registry to confirm the
> > location of the Databases.
> >
> > When I search my registry for the paths you have listed, Clamav is not
> > listed under the software folder at all.
> >
> > Config files path search order:
> >
> > 1. The content of the registry key:
> > "HKEY_LOCAL_MACHINE/Software/ClamAV/ConfDir"
> > 2. The directory where libclamav.dll is located: "C:\Program
> > Files\ClamAV"
> > 3. "C:\ClamAV"
> >
> > Database files path search order:
> >
> > 1. The content of the registry key:
> > "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir"
> > 2. The directory "database" inside the directory where libclamav.dll is
> > located: "C:\Program Files\ClamAV\database"
> > 3. "C:\ClamAV\db"
> >
> > The number 1's is not on my machine at all. I can add it but is there
> > anything else that should be listed under ClamAV path?
>
> As I understand it, the paths in the sections above which you have
> copied from the official documentation are telling you where ClamAV
> WILL look under normal circumstances (i.e. when you have installed
> ClamAV as directed and not modified things too much) for the library
> and database files. It doesn't actually EXPECT you to have modified
> those Registry keys but you can if you wish. If you don't modify the
> Registry keys, all you need to do is make sure that the library and
> database files are in the places where ClamAV will look for them when
> it needs them. It's up to you where you store the database files but
> the configuration file for freshclam (freshclam.conf) needs to have
> the location of the datbase files in its 'DatabaseDirectory' line.
> Here's mine:
>
> $ grep DatabaseDirectory /etc/mail/clamav/freshclam.conf
> DatabaseDirectory /EXPORTS/clamav/databases
> $
>
> The path is in /EXPORTS because in our case the database directory is
> on a network-mounted partition remote from the server itself. If for
> example you decided NOT to put your database files in the directory
> "C:\ClamAV\db" or in the directory "C:\Program Files\ClamAV\database"
> then set the value of "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir" to
> tell ClamAV where you've put them. But I think it's there for that
> reason, and under normal circumstances you won't need to change it.
>
> > I have looked at the machines that are still running the .103.3 and there
> > is nothing listed in those registry keys either.
>
> I guess the same applies to earlier versions.
>
> HTH
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

I hope I did not send this out 2 times. If I did. Sorry.

Ged,

Thank you for your response. I was asking these questions because I have
put the new .104.0 on one of my computers. When I installed the msi, there
was nothing in the Clamav Folder. I then downloaded the zip file and
placed the items in the zip into the clamav folder.
When I run the clamd.exe and then the clamdscan.exe, I get an error message
when the Clamdscan.exe starts that the clamd.log file is too large or too
small. I was asked to submit a bug ticket on the github website. I
submitted that ticket on the github and I got an answer back that I need to
run PowerShell as an admin and to make sure that the Config file had the
path for the log file a c:\program files\clamav. Well, I always opened
Powershell as an Admin and I am also logged on as an admin and my config
file does have the correct path to the log file. I answered the git hub
replay and have not heard anything back as of yet. I was working on
troubleshooting this until I heard something and the only thing that I
noticed was the paths in the registry. I am guessing, from the look of the
machines that I have with ClamAV .103.3 that the registry keys are not in
that version and have been added to the new version of ClamAV. If that is
so, then the .msi did not put the registry keys in place and I need to add
them manually. If I need to add them manually, I am guessing there is
more than one key under the clamav key. If that is so, I would like to
know the rest of them all so that I can add them and see if I still get the
error message.


I hope that explains things better.

Thanks,
Marcy


On Thu, Sep 16, 2021 at 1:51 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 16 Sep 2021, Marcy Rogers via clamav-users wrote:
>
> > I have a question about the Windows Installation of the ClamAV .104.0
> > software.
>
> I don't use Windows any more but I'll try to help in case nobody with
> more current Windows experience chips in.
>
> > I know that the .msi is not working correctly. On your documentation
>
> For the avoidance of doubt, I'm just another user like you, and this
> mailing list is mostly populated by users. A couple of people from
> the Sourcefire which is (now) the provider of ClamAV keep an eye on
> things here and make announcements etc. There are third parties who
> provide packages to install ClamAV on Windows but AFAIK the Windows
> installation instructions in the official ClamAV documentation assume
> that you've installed from the source. FWIW I think that's the best
> way to do it and it's what I always do. (on Linux, however).
>
> > under the configuration, you have to check the Registry to confirm the
> > location of the Databases.
> >
> > When I search my registry for the paths you have listed, Clamav is not
> > listed under the software folder at all.
> >
> > Config files path search order:
> >
> > 1. The content of the registry key:
> > "HKEY_LOCAL_MACHINE/Software/ClamAV/ConfDir"
> > 2. The directory where libclamav.dll is located: "C:\Program
> > Files\ClamAV"
> > 3. "C:\ClamAV"
> >
> > Database files path search order:
> >
> > 1. The content of the registry key:
> > "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir"
> > 2. The directory "database" inside the directory where libclamav.dll is
> > located: "C:\Program Files\ClamAV\database"
> > 3. "C:\ClamAV\db"
> >
> > The number 1's is not on my machine at all. I can add it but is there
> > anything else that should be listed under ClamAV path?
>
> As I understand it, the paths in the sections above which you have
> copied from the official documentation are telling you where ClamAV
> WILL look under normal circumstances (i.e. when you have installed
> ClamAV as directed and not modified things too much) for the library
> and database files. It doesn't actually EXPECT you to have modified
> those Registry keys but you can if you wish. If you don't modify the
> Registry keys, all you need to do is make sure that the library and
> database files are in the places where ClamAV will look for them when
> it needs them. It's up to you where you store the database files but
> the configuration file for freshclam (freshclam.conf) needs to have
> the location of the datbase files in its 'DatabaseDirectory' line.
> Here's mine:
>
> $ grep DatabaseDirectory /etc/mail/clamav/freshclam.conf
> DatabaseDirectory /EXPORTS/clamav/databases
> $
>
> The path is in /EXPORTS because in our case the database directory is
> on a network-mounted partition remote from the server itself. If for
> example you decided NOT to put your database files in the directory
> "C:\ClamAV\db" or in the directory "C:\Program Files\ClamAV\database"
> then set the value of "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir" to
> tell ClamAV where you've put them. But I think it's there for that
> reason, and under normal circumstances you won't need to change it.
>
> > I have looked at the machines that are still running the .103.3 and there
> > is nothing listed in those registry keys either.
>
> I guess the same applies to earlier versions.
>
> HTH
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Hi Marcy,

I will revisit your GitHub issue after I share this response here.

The default config directory on Windows is the directory containing clamscan.exe / clamd.exe.
The default database directory on Windows is named "database" and is located next to clamscan.exe / clamd.exe.

The registry keys referenced in https://docs.clamav.net/manual/Usage/Configuration.html#additional-notes-about-the-config-files-and-database-directories are optional. These keys can be set to override the default database and config directories. We do not use them normally. They are not set by our installer. I'm not certain if I've ever used them, personally.

-Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Marcy Rogers via clamav-users <clamav-users@lists.clamav.net>
Sent: Wednesday, September 22, 2021 6:57 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Marcy Rogers <owdeea@gmail.com>
Subject: Re: [clamav-users] Windows Side of Clamav

I hope I did not send this out 2 times. If I did. Sorry.

Ged,

Thank you for your response. I was asking these questions because I have put the new .104.0 on one of my computers. When I installed the msi, there was nothing in the Clamav Folder. I then downloaded the zip file and placed the items in the zip into the clamav folder.
When I run the clamd.exe and then the clamdscan.exe, I get an error message when the Clamdscan.exe starts that the clamd.log file is too large or too small. I was asked to submit a bug ticket on the github website. I submitted that ticket on the github and I got an answer back that I need to run PowerShell as an admin and to make sure that the Config file had the path for the log file a c:\program files\clamav. Well, I always opened Powershell as an Admin and I am also logged on as an admin and my config file does have the correct path to the log file. I answered the git hub replay and have not heard anything back as of yet. I was working on troubleshooting this until I heard something and the only thing that I noticed was the paths in the registry. I am guessing, from the look of the machines that I have with ClamAV .103.3 that the registry keys are not in that version and have been added to the new version of ClamAV. If that is so, then the .msi did not put the registry keys in place and I need to add them manually. If I need to add them manually, I am guessing there is more than one key under the clamav key. If that is so, I would like to know the rest of them all so that I can add them and see if I still get the error message.


I hope that explains things better.

Thanks,
Marcy


On Thu, Sep 16, 2021 at 1:51 PM G.W. Haywood via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
Hi there,

On Thu, 16 Sep 2021, Marcy Rogers via clamav-users wrote:

> I have a question about the Windows Installation of the ClamAV .104.0
> software.

I don't use Windows any more but I'll try to help in case nobody with
more current Windows experience chips in.

> I know that the .msi is not working correctly. On your documentation

For the avoidance of doubt, I'm just another user like you, and this
mailing list is mostly populated by users. A couple of people from
the Sourcefire which is (now) the provider of ClamAV keep an eye on
things here and make announcements etc. There are third parties who
provide packages to install ClamAV on Windows but AFAIK the Windows
installation instructions in the official ClamAV documentation assume
that you've installed from the source. FWIW I think that's the best
way to do it and it's what I always do. (on Linux, however).

> under the configuration, you have to check the Registry to confirm the
> location of the Databases.
>
> When I search my registry for the paths you have listed, Clamav is not
> listed under the software folder at all.
>
> Config files path search order:
>
> 1. The content of the registry key:
> "HKEY_LOCAL_MACHINE/Software/ClamAV/ConfDir"
> 2. The directory where libclamav.dll is located: "C:\Program
> Files\ClamAV"
> 3. "C:\ClamAV"
>
> Database files path search order:
>
> 1. The content of the registry key:
> "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir"
> 2. The directory "database" inside the directory where libclamav.dll is
> located: "C:\Program Files\ClamAV\database"
> 3. "C:\ClamAV\db"
>
> The number 1's is not on my machine at all. I can add it but is there
> anything else that should be listed under ClamAV path?

As I understand it, the paths in the sections above which you have
copied from the official documentation are telling you where ClamAV
WILL look under normal circumstances (i.e. when you have installed
ClamAV as directed and not modified things too much) for the library
and database files. It doesn't actually EXPECT you to have modified
those Registry keys but you can if you wish. If you don't modify the
Registry keys, all you need to do is make sure that the library and
database files are in the places where ClamAV will look for them when
it needs them. It's up to you where you store the database files but
the configuration file for freshclam (freshclam.conf) needs to have
the location of the datbase files in its 'DatabaseDirectory' line.
Here's mine:

$ grep DatabaseDirectory /etc/mail/clamav/freshclam.conf
DatabaseDirectory /EXPORTS/clamav/databases
$

The path is in /EXPORTS because in our case the database directory is
on a network-mounted partition remote from the server itself. If for
example you decided NOT to put your database files in the directory
"C:\ClamAV\db" or in the directory "C:\Program Files\ClamAV\database"
then set the value of "HKEY_LOCAL_MACHINE/Software/ClamAV/DataDir" to
tell ClamAV where you've put them. But I think it's there for that
reason, and under normal circumstances you won't need to change it.

> I have looked at the machines that are still running the .103.3 and there
> is nothing listed in those registry keys either.

I guess the same applies to earlier versions.

HTH

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml