ClamAV Guide - Part II : Phishing, Scam and Spam Protection with ClamAV

Getting Started - Downloading Required Packages

Visit http://hideout.ath.cx/clamav/ and download the latest version of the following components:

1. The latest ClamSup package (ZIP)
2. Rsync for Windows (ZIP)

ClamSup is an add-on batch file that can update third-party signatures, while Rsync is used by ClamSup to download updates.

Installing ClamSup

Extract the contents of ClamSup.zip to the installation directory of ClamAV (C:\clamav by default). Replace existing files with the ones in the archive when prompted.

You can configure ClamSup signature sources by editing clamsup.ini. You will probably find the default signature set suitable, so we recommend to skip this step for now, and revisit this file once you familiarized yourself with ClamAV.

Installing Rsync

Extract the contents of rsync_w32.zip to the installation directory of ClamAV (C:\clamav by default). Replace existing files with the ones in the archive when prompted.

Scheduling updates

To schedule the update process, issue the following command from command-line:

schtasks /create /sc hourly /mo 1 /tn "ClamSup" /tr c:\clamav\ClamSup.bat /ru "NT AUTHORITY\SYSTEM"

This will add a scheduled task called ClamSup which will run ClamSup.bat under the SYSTEM account in every hour to update the default anti-virus signatures. If you would like to update more (or less) frequently, feel free to modify the command accordingly (see this link regarding the syntax).

Adding Further Signatures (Optional)

There are a lot of third-party signatures available for ClamAV to extend its filtering capabilities. Probably the most well-known are the signatures offered by Sanesecurity built against different threats. You can find more info about these at

http://www.sanesecurity.com/clamav/databases.htm