[exim-dev] [Bug 926] clamd 0.95 deprecates "STREAM" command

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 926] clamd 0.95 deprecates "STREAM" command
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=926




--- Comment #3 from Phil Pennock <exim-dev@???> 2009-12-05 09:40:21 ---
It works for me. I just tested it.

Code went in with revision 1.4 of malware.c:
Wed Jan 5 13:33:58 2005 UTC (4 years, 11 months ago) by tom

"""Added patches for remote clamd operation and improved drwebd error handling.
Contributed by Alex Miller"""

This with:
 av_scanner = $acl_m_avscanner
and in my ACL referenced from "acl_smtp_data":
  deny  message = [VIRUS] This message contains malware ($malware_name)
        set acl_m_avscanner = clamd:127.0.0.1 3310:local
        malware = *


Exim debug trace:
23725 processing "deny"
23725 check set acl_m_avscanner = clamd:127.0.0.1 3310:local
23725 check malware = *
23725 Expanded av_scanner global: clamd:127.0.0.1 3310:local
23725 waiting for data on socket
23725 deny: condition test succeeded
23725 unspool_mbox(): unlinking
'/var/spool/exim/scan/1NGqyI-0006Af-PB/1NGqyI-0006Af-PB.eml'
23725 unspool_mbox(): unlinking
'/var/spool/exim/scan/1NGqyI-0006Af-PB/1NGqyI-0006Af-PB-00000.com'
23725 SMTP>> 550 [VIRUS] This message contains malware (Eicar-Test-Signature)

clamd log:
Sat Dec 5 09:30:38 2009 ->
/var/spool/exim/scan/1NGqyI-0006Af-PB/1NGqyI-0006Af-PB.eml:
Eicar-Test-Signature FOUND
and no complaint of garbage.

This on FreeBSD 7.x with ClamAV 0.95.3.

You're doing something else wrong. If you need assistance debugging, please
ask for user support on the exim-users mailing-list, not in this bug.


Jethro, if you're talking to a local ClamAV I can now confirm that:
(1) you have a workaround
(2) we need to update the docs to mention this option!
(3) none of this changes the need to use the new API; since ClamAV is software
where people should be either up-to-date or not running it, even on the more
conservative distributions AIUI, it should be safe to just replace the current
API with the new one, instead of making it an option.

-Phil


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email