Re: [Exim] Clamd clamming up the works

Top Page
Delete this message
Reply to this message
Author: Adrian Phillips
Date:  
To: Justin F. Knotzke
CC: Exim Users Mailing List
Subject: Re: [Exim] Clamd clamming up the works
>>>>> "Justin" == Justin F Knotzke <jknotzke@???> writes:

    Justin>    Hi,


    Justin>    On my Linux box logrotate ran and clamd didn't
    Justin> restart. As a result my logs were full of:


    Justin> 2003-10-02 16:19:12 1A59up-0004un-MG malware acl
    Justin> condition: clamd: connection to 127.0.0.1, port 3310
    Justin> failed (Bad file descriptor)


    Justin>    Would someone be as so kind as to tell me how I can
    Justin> setup my exim4.conf to not reject mail after DATA because
    Justin> it cannot contact clamd?


Try calling clamd using a script instead, for example :-

#!/usr/bin/perl -w
#
# Test script to run Trend/Clamav virus scanners from exiscan

use strict;
use File::Basename;
use File::Slurp;
use File::Spec::Functions;

my $to_log = '';                # logging written at end
my $scanned;                    # output from scanners
my $virus_found;                # which virii found
my $save_virus;                    # save virus to Virus cache dir.
my $virus_cache_dir = "/var/cache/virusmails";


# Make sure files canæt be read by default
umask (027);

# Log intro
$to_log = "\n" . "*" x 80 . "\n" . gmtime() . "\n";

# Trend can handle the unpacking so give it the eml file instead of
# the directory. Note: interesting enough, giving Trend the directory
# seems to mean that the return code is 0, possibly because exiscan
# creates an empty _scanner_output file which is the last scanned.
my $file_to_scan = $ARGV[0];
die ("No file given\n") if ! $file_to_scan;
my $dir_name = basename ($file_to_scan);
my $eml = $dir_name . ".eml";
my $eml_file = catfile ($file_to_scan, $eml);
$file_to_scan = $eml_file if -f $eml_file;


# Do a Trend scan - just copy the output to exiscan, this will have to
# handled differently when clamav is added
$scanned = `/etc/iscan/vscan -a $file_to_scan 2>&1`;
$to_log .= $scanned . "Exit code : " . ($? >> 8) . "\n";
($virus_found) = $scanned =~ m"Found virus ([^ ]*)";
if ($virus_found) {
print "Found virus $virus_found\n";
$save_virus = -1;
}

# And clamav - use mbox for now although even snapshots after 0.60
# have problems
$scanned = `clamdscan $file_to_scan 2>&1`;
$to_log .= $scanned . "Exit code : " . ($? >> 8) . "\n";
($virus_found) = $scanned =~ m": ([^ ]*) FOUND";
if ($virus_found) {
print "Found virus $virus_found\n";
$save_virus = -1;
}

# A virus found so store the eml file if any to the virus cache dir.
if ($save_virus) {
  if (-f $eml_file) {
    eval { write_file (catfile ($virus_cache_dir, $eml), read_file ($eml_file)) };
  }
  if (! -f $eml_file || $@) {
    $to_log .= "Unable to copy mail file - " .
      (! -f $eml_file ?
       "no .eml file found\n" :
       $@
      );
  }
  else {
    $to_log .= "Copied mail file to " . catfile ($virus_cache_dir, $eml) . "\n";
  }
}


# And log info. to the log file
append_file ("/var/log/exim4/virusscan", $to_log);

Sincerely,

Adrian Phillips

--
Who really wrote the works of William Shakespeare ?
http://www.pbs.org/wgbh/pages/frontline/shakespeare/