>Date: Mon, 28 Feb 2005 12:21:27 +0000
>To: exim-users@???, Exim-users <exim-users@???>
>Subject: Re: [Fwd: [exim] deferring when clamd/spamd is down]
>From: Ian Eiloart <iane@???>
...
>clamav's instability (if it still exists) makes it vulnerable
>to a denial of service attack. I don't want my SMTP service to
>vulnerable to that same attack - which would be the effect if I
>didn't use defer_ok.
>
>Another possibility is that I misconfigure clamav, and it simply
>won't start. Again, I don't want to lose my mail service.
>
>Using watchdog ensures that (except for the DoS condition, and a
>misconfiguration on my part), clamav should always be available.
You can do the same thing on a Unix box using Dan Bernstein's
daemontools software. Just set:
# Don't fork into background.
# Default: disabled
Foreground
in clamd's configuration file and start it with a run file of the
form:
#!/bin/sh
# Shell script to start up the clamd daemon.
# DHD March 2005
clamd=/usr/local/sbin/clamd
exec $clamd
I've just managed to set up ClamAV on a test box in the above manner
and it seems to work with Exim-4.50 + Content Scanning. Well at
least it detects the standard test, Eicar-Test-Signature.
I'm now running both clamd and sophie under the control of
daemontools on this box.
When I put it all into production use, I'll use clamd and then
sophie. At the very least it'll be interesting to see what, if
anything, that ClamAV misses and Sophos catches.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@??? Phone: +44 1225 386101
