On Thu, 25 Feb 2010, Frank DeChellis wrote:
> We are using Exim 4.67.
>
> Is there a way, with the av_scanner option, to specify 2 clamav
> processes running on 2 different IPs . I see there is a way to do it
> with spamd_address but can?t find anything similar for av_scanner.
>
> I did format the line the same way it says for spamd_address but it
> doesn?t work.
The clue is that av_scanner is expanded when needed ...
Here's what I've been doing for a few months (I was having a problem with
clamds crashing, although I've not noticed it in a while). I run a clamd
locally on each MX (so I use a socket), but they also bind to the hosts's
IP (rather than just localhost) so they could receive queries from other
hosts. Alternatively you might run your clamds on separate hosts
entirely.
First of all I need some macros:
# The set of sockets to use for A/V scanning.
# Note that we need two versions for each: the "R" version is used
# in the readsocket call, and may take a different format. Ideally we
# should be able to generate one from the other.
PRIMARYCLAMDSOCK = /var/run/clamav/clamd.sock
PRIMARYCLAMDRSOCK = PRIMARYCLAMDSOCK
BACKUPCLAMDSOCK = ip.ad.re.ss 3310
BACKUPCLAMDRSOCK = inet:ip.ad.re.ss:3310
Then I declare that av_scanner will have the value of an ACL variable:
# av_scanner will be expanded just before execution:
av_scanner = $acl_m_avscanner
Then, I have the following in my acl_smtp_data. In summary, it tests the
primary clamd, and if it responds, uses it. If not, it tries the
secondary one. If that fails, defer.
It's a little cumbersome, but it works for me. Other methods or tidy-ups
welcome.
## A/V content scanning
## Before we do the actual check, we need to determine if our preferred
## scanner is operational. If not, we can test an alternative one, and
## we use whichever worked.
## Selection technique based on:
##
http://lists.exim.org/lurker/message/20070918.172526.ff9818ec.en.html
## Set our default preference
warn
set acl_m_avscannerok = false
## Test the preferred socket to see if it seems to be responsive
warn
! condition = ${if bool{$acl_m_avscannerok}}
condition = ${if eq {${readsocket{PRIMARYCLAMDRSOCK}{PING}{1s}{} \
{Could not connect to clamd socket \
PRIMARYCLAMDSOCK}}} \
{PONG} \
}
set acl_m_avscanner = clamd:PRIMARYCLAMDSOCK
set acl_m_avscannerok = true
warn
# if acl_m_avscannerok is still false, then the previous check didn't
# work, so try with an alternative socket
! condition = ${if bool{$acl_m_avscannerok}}
condition = ${if eq {${readsocket{BACKUPCLAMDRSOCK}{PING}{1s}{} \
{Could not connect to clamd socket \
BACKUPCLAMDSOCK}}} \
{PONG} \
}
set acl_m_avscanner = clamd:BACKUPCLAMDSOCK
set acl_m_avscannerok = true
defer
# if we could not find an operational scanner, defer
! condition = ${if bool{$acl_m_avscannerok}}
logwrite = No A/V available, deferring
message = local problem, try again later
## Perform A/V content scan with selected scanner
deny
message = Your message contains a virus or other harmful content \
($malware_name)\n\
REFUSENOTICE
log_message = MSGTAG_MALWARE: \
malware=$malware_name: \
Malware found in message: \
Subject=${quote:$header_subject:} \
LOGMSG_DATA
malware = *
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
