Clamwin "Output buffer is empty"

Junior Member
Posts: 7
Joined: Mon Jan 25, 2010 3:42 pm

Clamwin "Output buffer is empty"

Postby Snomon » Mon Jan 25, 2010 3:55 pm

Hello Alex,
I have eW 3.0.217 setup to use Clamwin with the following command line:

c:\CLAMWIN\BIN\CLAMSCAN.EXE <file> --tempdir="c:\ClamWin\temp" -d "c:\ClamWin\db"

I have installed Clamwin into these directories and the update db files are working properly.

I have this eW and Clamwin configuration installed on two different boxes (One is Server 2008 x64 and other is SBS 2008 x64)

In eW, the Test Antivius works, but doesn't show the proper database date on both boxes.

I have a filter that simply says "if message is infected", add sender IP to black list and so on...

On one box, the filter runs great, On my SBS box, the eW logs generates "The antivirus test failed: Output buffer is empty"

Any clues what is causing the error, it appears that on my SBS box, Clamwin isn't working properly.

Thanks in advance!

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Mon Jan 25, 2010 6:29 pm

Hello, I'd recommend try to run ClamWin from command line and see what's happened.

Junior Member
Posts: 7
Joined: Mon Jan 25, 2010 3:42 pm

Postby Snomon » Mon Jan 25, 2010 7:22 pm

Hello Alex,
Thanks for the prompt reply! I tried the cmd line and the clamwin command line worked properly. I also have eW and Clamwin on the DEP exception list.

Thanks

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Mon Jan 25, 2010 8:55 pm

The "empty buffer" error occurs if called application (ClamWin) didn't write anything into STDOUT. I'll try to test on SBS 2008 and let you know.

Junior Member
Posts: 7
Joined: Mon Jan 25, 2010 3:42 pm

Postby Snomon » Thu Jan 28, 2010 6:45 am

Hi Alex,
Just a follow up to see if you tried this on SBS 08 x64 to verify output buffer issue.

Thanks in advance.

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Thu Jan 28, 2010 12:39 pm

Hi, I've tested ClamWin from SourceForge http://sourceforge.net/projects/clamwin/ , and it works fine with default command line. Do you use this ClamAV build or something else?

Junior Member
Posts: 7
Joined: Mon Jan 25, 2010 3:42 pm

Postby Snomon » Thu Jan 28, 2010 4:17 pm

Hi Alex,
I have Clamwin 0.95.3 installed.

I tested the following command line also with no issues:
c:\CLAMWIN\BIN\CLAMSCAN.EXE <file> --tempdir="c:\ClamWin\temp" -d "c:\ClamWin\db"

Note this isn't the default install folder and there are \db and \temp subdirs in place. I have this exact config working on a couple of different boxes without output buffer issue.


Here's a log snippet:
1/28/2010 7:57:44 AM 161 5865 -> Processing filter 'Clamwin Scan'
1/28/2010 7:57:44 AM 161 5865 Checking condition 'message is infected'
1/28/2010 7:57:49 AM 161 10857 The antivirus test failed: Output buffer is empty

Here's the filter in place:
if message is infected
then add sender IP to black list for 1 day(s)
and learn message as spam
and add sender to Paranoid Black List
and add [Infected Message: ] to the subject


Thanks!

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Thu Jan 28, 2010 8:40 pm

I was testing on 32bit Windows 2008 Standart Server. No problems. Will try to get 64bit SBS 2008.

Junior Member
Posts: 7
Joined: Mon Jan 25, 2010 3:42 pm

Postby Snomon » Tue Feb 09, 2010 8:32 pm

Hi Alex,
I created a SBS 2008 x64 bit VM and could not duplicate my problem. However in looking at my original box, I see the following event that is generated on every email scan. However when I invoke command line for clamscan.exe, it runs fine.... I've overlayed Clamwin and eW install on current box and doesn't fix it. Hope this helps.

Since clamscan.exe crashes, that's why there is a "Output Buffer is empty"

Seen this before?

Event ID 1000
------------------
Faulting application CLAMSCAN.EXE, version 0.95.3.0, time stamp 0x4af00a42, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x1894, application start time 0x01caa9c674cc5580.

Expert
User avatar
Posts: 449
Joined: Sun May 02, 2004 2:12 pm

Postby DFitch » Wed Feb 10, 2010 12:41 am

My suggestion would be to try a windows port of Clam AV like:
http://hideout.ath.cx/ClamAV/

Very fast and stable.
HowTo Make ClamD as a service you can follow my notes here and ignore the hMailserver info at end of post.
http://www.hmailserver.com/forum/viewtopic.php?f=12&t=13699

also think TBB, developer of that version made the installer version install reg entries and you can start the service from the cmd. Check his notes for details and you can skip my how-to.
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server (VMware)

Next

Return to General

Who is online

Users browsing this forum: Bing [Bot] and 1 guest