Please don't top-post. I reordered your answer for better readability.
> On Wed, Nov 02, 2005 at 01:04:24PM +0100, exim-users@??? said:
>
>>Dimitrios Koutsos schrieb:
>>
>>>Is any using a similar set up and managed to get load balancing between
>
>
>>>the external clamd's?
>>
>>Are external virus scanners supported at all? If I remember correctly,
>>only the path to the spoolfile gets passed to clamd, not the maildata
>>itself...
>
>
> You remember correctly - it does not work.
Dimitrios Koutsos schrieb:
> Are 100% sure?
> I do get messages like :
> stream: Worm.Mabutu.A-unp FOUND
> in the remote clamd.log and I only got messages like
> malware acl condition: clamd: unable to send file body to socket
> (X.X.X.X:1779)
> in the exim_mainlog just for the messages that exceeded the
> message_size_limit
> which were flagged with
> WARNING: ScanStream: Size limit reached ( max: 10485760)
> in the clmad.log
>
> So, exim connects to the remote clamd, clamd accepts the connection,
> viruses are found and clamd complaints when the size of the email is
> larger than the StreamMaxLength
> So at first glance these are all indications that it is actually
> working...
>
> Has anyone tried with exim-4.52-5 and ClamAV 0.87?
>
> Is it possible that it has been implemented on these versions?
While stream mode was introduced in ClamAV a couple of versions back, I
haven't read anything in exim's changelog that Tom switched over to use
it. Either check the source or wait for a response from Tom. He has to
know. But your logs seem to support that exim nowadays speaks indeed to
remote clamds.
BTW: It's more efficient to set the message size limit within exim, so
the data doesn't need to be transferred to clamd in the first place.
Something like this in your data acl:
deny
condition = ${if > {$message_size}{MESSAGE_SIZE_VIRUS_MAX} \
{false}{true}}
malware = *
Patrick
