Re: [exim] ACL time content scanning failover

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim users
Subject: Re: [exim] ACL time content scanning failover
Tom Bombadil wrote:
> Greetings all...
>
> We are trying to failover clamav scanning to a 2nd server in case the
> 1st server is down, or not functioning properly.
>
> Exim doc gives us an example on how to scan the the message twice using
> two different AV scanners.
>
> But I couldn't figure out a way of using the 2nd scanner just in case
> the 1st one fails.
>
> Any hints?
>
> Thanks :)
>


As you saw in the docs, "if the value of av_scanner starts with a dollar
character, it is expanded before use."

You can use this to check the scanner is there and to provide an
alternative with an ${if expansion.

Since you are using clamav and it's got a sense of humor, you can PING
it to see if it's there - it will reply PONG if it's there.

Here's a simple one.. it could be expanded out to as many servers as you
want I suppose. You can either use the UNIX socket or X.X.X.X:PORT
connection of your clamd.

av_scanner = \
  ${if eq\
     {${readsocket{/tmp/clamd}{PING}{5s}{ }{GNIP}}}\
     {PONG}\
     {clamd:/tmp/clamd}\
     {clamd:backup.clamd.server.com:6969}\
  }


Of course, you have to waste the cycles to check if clamd is up and then
actually scan with it : /
Also, using the string expansion means that the malware condition no
longer caches so don't call it more than once.

Ted

--
The Exim Manual
http://www.exim.org/docs.html
http://www.exim.org/exim-html-current/doc/html/spec_html/index.html