Community Discussions and Support
3rd Part anti malware/phishing

Hello - we've been using Mercury for some decades now & find it an excellent server - every day's a school day. I was wondering if anyone out there used an email security package with Mercury - some crap will always get through but I'd like to be as tight as poss without losing too much performance. We use the pop3 client to download from 2 wildcard accounts & distribute to users via imap [Tbird Outlook roundcube etc] or using integrated Pegasus.
Any ideas appreciated - looking out in the wild it seems everyone's trying to push to Google or Microsoft....which I don't want to do.
Cheers
G


Hello - we've been using Mercury for some decades now & find it an excellent server - every day's a school day. I was wondering if anyone out there used an email security package with Mercury - some crap will always get through but I'd like to be as tight as poss without losing too much performance. We use the pop3 client to download from 2 wildcard accounts & distribute to users via imap [Tbird Outlook roundcube etc] or using integrated Pegasus. Any ideas appreciated - looking out in the wild it seems everyone's trying to push to Google or Microsoft....which I don't want to do. Cheers G

Are you looking for something other than ClamAV the integrates with Clamwall in Mercury? ClamAV along with some SaneSecurity signatures was the only product I used and I never experienced a malware problem. I say "was" because I have been away from Mercury for a little over 2 years (retired).


Are you looking for something other than ClamAV the integrates with Clamwall in Mercury? ClamAV along with some SaneSecurity signatures was the only product I used and I never experienced a malware problem. I say "was" because I have been away from Mercury for a little over 2 years (retired).

Thanks for the reply - yes I am. I need something a little more sophisticated, I don't think Clam/Spam/Gray have been updated since 2009. We catch quite a few malware/phishing based threats, but more are getting through to the end user & some of them are quite clever indeed. We have a training strategy set up for users & a good server central cyber sec but I'd rather minimise any malevolent traffic they can see.


Thanks for the reply - yes I am. I need something a little more sophisticated, I don't think Clam/Spam/Gray have been updated since 2009. We catch quite a few malware/phishing based threats, but more are getting through to the end user & some of them are quite clever indeed. We have a training strategy set up for users & a good server central cyber sec but I'd rather minimise any malevolent traffic they can see.

Clamwall is just an interface between Mercury and ClamAV. ClamAV does the work. Are you updating ClamAV as new versions are released? The ClamAV website shows the newest version is dated 2022-11-23. As of about a year ago all was well between Clamwall & ClamAV.
Do you supplement the ClamAV signatures with any from SaneSecurity?


I have been away from Mercury for awhile (retired now) but I recall that maintaining ClamAV was the most tedious part of running Mercury. By maintaining I mean updating its program. It is a manual process that requires the download and extraction of a .zip or .msi and doing a comparison of the new .conf files to the existing ones for changes (editing the new ones and then replacing the old one with the new ones when they changed). As tedious as it was, I never had a crisis of confidence in it.


Mailboxes were on a server which ran an enterprise anti-malware product. It was the backup to ClamAV. The mailbox directories were excluded from active scanning but were included in scheduled scans. I don't recall ever seeing a detection in a mailbox directory by the enterprise product.


Clamwall is just an interface between Mercury and ClamAV. ClamAV does the work. Are you updating ClamAV as new versions are released? The ClamAV website shows the newest version is dated 2022-11-23. As of about a year ago all was well between Clamwall & ClamAV. Do you supplement the ClamAV signatures with any from SaneSecurity? I have been away from Mercury for awhile (retired now) but I recall that maintaining ClamAV was the most tedious part of running Mercury. By maintaining I mean updating its program. It is a manual process that requires the download and extraction of a .zip or .msi and doing a comparison of the new .conf files to the existing ones for changes (editing the new ones and then replacing the old one with the new ones when they changed). As tedious as it was, I never had a crisis of confidence in it. Mailboxes were on a server which ran an enterprise anti-malware product. It was the backup to ClamAV. The mailbox directories were excluded from active scanning but were included in scheduled scans. I don't recall ever seeing a detection in a mailbox directory by the enterprise product.

Shall check out the Website for updates....& look into sane security. All mailboxes are scanned by our centralised security software....but I always favour a set of belts & braces.....& yes ClamAV set up is tedious


Shall check out the Website for updates....& look into sane security. All mailboxes are scanned by our centralised security software....but I always favour a set of belts & braces.....& yes ClamAV set up is tedious

In case you don't know, there is a mailing list that you can subscribe to through which you can receive announcements of new releases. There is a link to it in the "Updated" section of the "Downloads" page on the clamav.net site.


I still have my 'notes to self' regarding the ClamAV update process. I can post it if you think it would be helpful.


In case you don't know, there is a mailing list that you can subscribe to through which you can receive announcements of new releases. There is a link to it in the "Updated" section of the "Downloads" page on the clamav.net site. I still have my 'notes to self' regarding the ClamAV update process. I can post it if you think it would be helpful.

I do think that may be helpful - that's very much appreciated Brian.


I do think that may be helpful - that's very much appreciated Brian.

Below is the content of my note-to-self file about updating ClamAV in Mercury. It is a copy/paste from a .txt file so please forgive any formatting oddities.


===========================
How to upgrade ClamAV using a .zip file download.


Note: This is a list of procedures that I created for myself. It is not based on any source from ClamAV nor substantiated by ClamAV. Use it at your own risk. -Brian Fluet


Preparation:


  1. Extract the downloaded .zip file

  2. Determine whether the existing .conf files can be reused. Create new ones if necessary.

    a. Compare the clamd.conf.sample file to the current clamd.conf file for changes in configuration options to determine whether the existing clamd.conf file can be used or if it needs to be replaced with the new one. If the differences are only in the values (eg: no new or changed entries) then the old one can be used otherwise a new one must created by modifying the sample file with the appropriate values. Use the old .conf file for reference.

    The process I used for comparing the old and new .conf files was to copy them to a temporary location and then use the FC (File Compare) command tool.

    Note: If you keep the .zip from the previous version, it is easier to compare the .conf.sample files from the previous version to the current version. It eliminates the difference detections resulting from configuration.

    b. Compare the freshclam.conf.sample to the current freshclam.conf file as per above.

You can proceed with the upgrade once .conf files are ready.

Upgrade:

  1. Shut down Mercury or pause the Mercury Distributing POP3 Client.

  2. Use Task Manager to kill the clamd.exe process

  3. Rename C:\ClamAV to C:\ClamAV_{version} (eg: ClamAV_0.102.1).

  4. Create a new C:\ClamAV directory.

  5. Copy the entire content of the extracted .zip to the new \ClamAV directory.

  6. Copy a clamd.conf file to C:\ClamAV (the new one if needed or the existing one from the renamed directory if no changes)

  7. Copy a freshclam.conf file to C:\ClamAV (the new one if needed or the existing one from the renamed directory if no changes)

  8. Create the directory C:\ClamAV\log

  9. Create the directory C:\ClamAV\temp

  10. Copy the entire content of the \Database directory from the renamed directory to C:\ClamAV\Database.

  11. Copy the \Sigupdate directory from the renamed directory to C:\ClamAV (result should be C:\ClamAV\Sigupdate).

  12. Execute freshclam.exe. All you should see is the flash of a command window.

Confirm success:

  1. Confirm that a freshclam log file was created and that no errors were logged.

  2. Start Mercury or unpause the Mercury Distributing POP3 Client.

  3. Open Task Manager and confirm the clamd.exe process has started. Mercury should start it automatically upon the processing of the first message retrieved.

  4. Check the clamd log file for any abnormalities.


===========================


Below is the content of my note-to-self file about updating ClamAV in Mercury. It is a copy/paste from a .txt file so please forgive any formatting oddities. =========================== How to upgrade ClamAV using a .zip file download. Note: This is a list of procedures that I created for myself. It is not based on any source from ClamAV nor substantiated by ClamAV. Use it at your own risk. -Brian Fluet Preparation: 1. Extract the downloaded .zip file 2. Determine whether the existing .conf files can be reused. Create new ones if necessary. a. Compare the clamd.conf.sample file to the current clamd.conf file for changes in configuration options to determine whether the existing clamd.conf file can be used or if it needs to be replaced with the new one. If the differences are only in the values (eg: no new or changed entries) then the old one can be used otherwise a new one must created by modifying the sample file with the appropriate values. Use the old .conf file for reference. The process I used for comparing the old and new .conf files was to copy them to a temporary location and then use the FC (File Compare) command tool. Note: If you keep the .zip from the previous version, it is easier to compare the .conf.sample files from the previous version to the current version. It eliminates the difference detections resulting from configuration. b. Compare the freshclam.conf.sample to the current freshclam.conf file as per above. You can proceed with the upgrade once .conf files are ready. Upgrade: 3. Shut down Mercury or pause the Mercury Distributing POP3 Client. 4. Use Task Manager to kill the clamd.exe process 5. Rename C:\ClamAV to C:\ClamAV_{version} (eg: ClamAV_0.102.1). 6. Create a new C:\ClamAV directory. 7. Copy the entire content of the extracted .zip to the new \ClamAV directory. 8. Copy a clamd.conf file to C:\ClamAV (the new one if needed or the existing one from the renamed directory if no changes) 9. Copy a freshclam.conf file to C:\ClamAV (the new one if needed or the existing one from the renamed directory if no changes) 10. Create the directory C:\ClamAV\log 11. Create the directory C:\ClamAV\temp 12. Copy the entire content of the \Database directory from the renamed directory to C:\ClamAV\Database. 11. Copy the \Sigupdate directory from the renamed directory to C:\ClamAV (result should be C:\ClamAV\Sigupdate). 12. Execute freshclam.exe. All you should see is the flash of a command window. Confirm success: 13. Confirm that a freshclam log file was created and that no errors were logged. 14. Start Mercury or unpause the Mercury Distributing POP3 Client. 15. Open Task Manager and confirm the clamd.exe process has started. Mercury should start it automatically upon the processing of the first message retrieved. 16. Check the clamd log file for any abnormalities. ===========================

Thanks a lot Brian - all oddities forgiven.... & mostly welcomed over here!


Thanks a lot Brian - all oddities forgiven.... & mostly welcomed over here!
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft