I will introduce you how to setup Event Processor to scan incoming mail by ClamWin.

First, go to ClamWin site to download latest ClamWin and install it.

Warning: If your latest version clamscan.exe uses unreasonable CPU time, please update it to old version. I suggest you to install v0.88. Download clamwin v0.88.

1.Check the checkbox of [Server settings] -> [Preference(2)] -> [Store mail in original format without reforming] and apply it.

2. Back to raidenmaild main form, click [Setup] -> [Event Processor]

-->

3. In Event Processor form

[Enable Event Processor] -- Checked

[All received mails] -- Checked

[EXECUTE] Browse <ClamWin>\Bin\clamscan.exe, ex: C:\ClamWin\bin\clamscan.exe

[PARAMETERS]

-d "C:\Documents and Settings\All Users\.clamwin\db" -i --quiet -l "C:\clamwin.log" --tempdir="c:\clamwin\temp" --remove %F

(The parameters should be modified if your directories is not the same as above, and tempdir may need to be created manually)

After parameters are ready, just click [Add event], give a name, check the list to enable it.

4. If you have other anti-virus program installed, I suggest you to add 2 directories into exclusive directory.

• RaidenMAILD Inboxes directory
• ClamWin tempdir directory

5. It is already done when you go to this step. It is time to test how clamwin works. First, let's test normal mail situation. Open your mail client application and send a mail to mailbox in raidenmaild, you should see some log in the main screen log window. Just like below.

[6/14/2006 5:31:37 PM] [768] SMTP service connection from 192.168.0.93
[6/14/2006 5:31:41 PM] [768] 192.168.0.93 requests SMTP service - Sender: postmaster@yourdomain.here
[6/14/2006 5:31:44 PM] [768] 192.168.0.93 - Mail received (To:postmaster@raidenmaild.com) 3007bytes ( 7.4 Kb/s)
[6/14/2006 5:31:48 PM] [768] SMTP service disconnect connection from 192.168.0.93
[6/14/2006 5:31:48 PM] Save mail to <postmaster> mailbox, the filename is _20060614173141-7737797-768.eml 3122bytes
[6/14/2006 5:31:48 PM] Event condition found(clamscan), and execute the event successfully(C:\ClamWin\bin\clamscan.exe -d "C:\Documents and Settings\All Users\.clamwin\db" -i --quiet -l "C:\clamwin.log" --tempdir="C:\ClamWin\bin\temp" --remove C:\RaidenMAILD\Inboxes\postmaster\_20060614173141-7737797-768.eml)

6. Check the log file of ClamWin (depend on your paramenter -l ). You can see scanning log just like below.

--------------------------------------
Scan started: Wed Jun 14 17:31:50 2006

-- summary --
Known viruses: 59663
Engine version: 0.88.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 2.594 sec (0 m 2 s)

7. We are going to test virus sample mail this time. To prevent other anti-virus to reject virus sample file processing, we need to stop its auto protection function first.

8. Go to http://www.eicar.org/anti_virus_test_file.htm to download virus sample file. I suggest you to download eicar_com.zip to verify ClamWin can scan virus in zip file. Save eicar_com.zip to a file and open mail client to attach it to send, you will see some log in the main screen log window in raidenmaild.

9. Then let's check the clamwin log file again, you will find that the virus mail was detected and removed.

--------------------------------------
Scan started: Wed Jun 14 20:27:11 2006

C:\RaidenMAILD\Inboxes\postmaster\_20060614202710-18266938-260.eml: Eicar-Test-Signature FOUND
C:\RaidenMAILD\Inboxes\postmaster\_20060614202710-18266938-260.eml: Removed

-- summary --
Known viruses: 59663
Engine version: 0.88.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Time: 2.703 sec (0 m 2 s)

10. When these tests are done, congratulations to you, you already integrated raidenmaild with clamwin. Don't forget to enable the auto protection function of other anti-virus program to protect your file system.

Thanks for your reading.

Back to Index