In <200905290850.33816.bss@???>, Boyd Stephen Smith Jr. wrote:
>In <1243588413.22774.5.camel@???>, Graeme Fowler wrote:
>>On Thu, 2009-05-28 at 21:32 -0500, Boyd Stephen Smith Jr. wrote:
>>> Notice that the port varies, for some reason.
>>
>>That's in response to the ClamAV API STREAM command, which is used for
>>TCP connections to the scanning daemon. You make a connection and then
>>this happens:
>>
>>Client: STREAM
>>Server: PORT 12345
>>
>>The client then opens a connection to port 12345 and streams the message
>>down it for ClamAV to scan.
>
>That is unfortunate. Is there any way to restrict ClamAV to only one port
> for that? Or possibly an iptables conntrack helper to load?
This got me looking in the right direction. You can control which ports
this secondary connection is on through the simple use of clamd.conf.
Specifically, the StreamMinPort and StramMaxPort options.
This might not even be an issue in the future, since the INSTREAM command is
supported by modern clamd.
Thanks for the help; sorry for the noise.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@??? ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/