Thank you very much for the info.
Will adding a second address to the av_scanner line be an option in the
future?
Frank
On 10-02-25 5:37 PM, "Jethro R Binks" <jethro.binks@???> wrote:
> On Thu, 25 Feb 2010, Frank DeChellis wrote:
>
>> We are using Exim 4.67.
>>
>> Is there a way, with the av_scanner option, to specify 2 clamav
>> processes running on 2 different IPs . I see there is a way to do it
>> with spamd_address but can?t find anything similar for av_scanner.
>>
>> I did format the line the same way it says for spamd_address but it
>> doesn?t work.
>
> The clue is that av_scanner is expanded when needed ...
>
> Here's what I've been doing for a few months (I was having a problem with
> clamds crashing, although I've not noticed it in a while). I run a clamd
> locally on each MX (so I use a socket), but they also bind to the hosts's
> IP (rather than just localhost) so they could receive queries from other
> hosts. Alternatively you might run your clamds on separate hosts
> entirely.
>
> First of all I need some macros:
>
> # The set of sockets to use for A/V scanning.
> # Note that we need two versions for each: the "R" version is used
> # in the readsocket call, and may take a different format. Ideally we
> # should be able to generate one from the other.
> PRIMARYCLAMDSOCK = /var/run/clamav/clamd.sock
> PRIMARYCLAMDRSOCK = PRIMARYCLAMDSOCK
> BACKUPCLAMDSOCK = ip.ad.re.ss 3310
> BACKUPCLAMDRSOCK = inet:ip.ad.re.ss:3310
>
>
> Then I declare that av_scanner will have the value of an ACL variable:
>
> # av_scanner will be expanded just before execution:
> av_scanner = $acl_m_avscanner
>
>
> Then, I have the following in my acl_smtp_data. In summary, it tests the
> primary clamd, and if it responds, uses it. If not, it tries the
> secondary one. If that fails, defer.
>
> It's a little cumbersome, but it works for me. Other methods or tidy-ups
> welcome.
>
>
> ## A/V content scanning
> ## Before we do the actual check, we need to determine if our preferred
> ## scanner is operational. If not, we can test an alternative one, and
> ## we use whichever worked.
> ## Selection technique based on:
> ## http://lists.exim.org/lurker/message/20070918.172526.ff9818ec.en.html
>
> ## Set our default preference
> warn
> set acl_m_avscannerok = false
>
> ## Test the preferred socket to see if it seems to be responsive
> warn
> ! condition = ${if bool{$acl_m_avscannerok}}
> condition = ${if eq {${readsocket{PRIMARYCLAMDRSOCK}{PING}{1s}{} \
> {Could not connect to clamd socket \
> PRIMARYCLAMDSOCK}}} \
> {PONG} \
> }
> set acl_m_avscanner = clamd:PRIMARYCLAMDSOCK
> set acl_m_avscannerok = true
>
> warn
> # if acl_m_avscannerok is still false, then the previous check didn't
> # work, so try with an alternative socket
> ! condition = ${if bool{$acl_m_avscannerok}}
> condition = ${if eq {${readsocket{BACKUPCLAMDRSOCK}{PING}{1s}{} \
> {Could not connect to clamd socket \
> BACKUPCLAMDSOCK}}} \
> {PONG} \
> }
> set acl_m_avscanner = clamd:BACKUPCLAMDSOCK
> set acl_m_avscannerok = true
>
> defer
> # if we could not find an operational scanner, defer
> ! condition = ${if bool{$acl_m_avscannerok}}
> logwrite = No A/V available, deferring
> message = local problem, try again later
>
> ## Perform A/V content scan with selected scanner
> deny
> message = Your message contains a virus or other harmful content \
> ($malware_name)\n\
> REFUSENOTICE
> log_message = MSGTAG_MALWARE: \
> malware=$malware_name: \
> Malware found in message: \
> Subject=${quote:$header_subject:} \
> LOGMSG_DATA
> malware = *
>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com
