RE: [Exim] Advice - Building mail platform from scratch

Pàgina inicial
Delete this message
Reply to this message
Autor: Rene Klootwijk
Data:  
A: 'Exim Users'
Assumpte: RE: [Exim] Advice - Building mail platform from scratch
> > Exiscan does not support running clamav (clamd), or any of
> the other
> > virusscanners as far as I know, on a remote host.
>
> I think you must be talking about some other patch, possibly
> to some other mta. To have Exiscan use a remote clamd, all
> you have to do is set
>
>     av_scanner = clamd:hostname port

>
> This has been the case for some time. Maybe you should read this:
>
> http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt
>
> At least, that's how the Exiscan patch for Exim 4 works. Are
> you talking about the old exiscan filter for Exim 3?


Have you ever tried it? I am talking about exiscan-4.34-21. This is the code
that takes care of requesting clamd to scan the files:

      /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */


      snprintf(CS file_name,1024,"SCAN %s/scan/%s\n", spool_directory,
message_id);


      if (send(sock, file_name, Ustrlen(file_name), 0) < 0) {
        close(sock);
        log_write(0, LOG_MAIN|LOG_PANIC,"malware acl condition: clamd:
unable to write to socket (%s)",
                  strerror(errno));
        return DEFER;
      }


      /*
        We're done sending, close socket for writing.


        One user reported that clamd 0.70 does not like this any more ...


      */


      /* shutdown(sock, SHUT_WR); */


      /* Read the result */
      memset(av_buffer, 0, sizeof(av_buffer));
      bread = read(sock, av_buffer, sizeof(av_buffer));
      close(sock);



As you can see it used the SCAN command. From the clamd man page:

 SCAN file/directory
              Scan a file or directory (recursively) with archive
              support enabled (if not disabled in clamav.conf). A
              full path is required.


 STREAM Scan  stream  -  on  this command clamd will return
              "PORT number" and you can connect to that port  and
              send a data to scan.


Exiscan connecting to spamd using an IP socket will only work when clamd has
access to the directory in which the temporary files have been stored,
either via NFS or when spamd is running in the same system. The STREAM
command has to be used and each file has to be send to the remote host over
a new connection to the port returned by clamd over the first connection
(see manpage).

--
René