Re: [exim] Specifying clamav on 2 machines with av_scanner

Inizio della pagina
Delete this message
Reply to this message
Autore: Frank DeChellis
Data:  
To: Jethro R Binks, exim-users
Oggetto: Re: [exim] Specifying clamav on 2 machines with av_scanner
Thank you very much for the info.

Will adding a second address to the av_scanner line be an option in the
future?

Frank


On 10-02-25 5:37 PM, "Jethro R Binks" <jethro.binks@???> wrote:

> On Thu, 25 Feb 2010, Frank DeChellis wrote:
>
>> We are using Exim 4.67.
>>
>> Is there a way, with the av_scanner option, to specify 2 clamav
>> processes running on 2 different IPs . I see there is a way to do it
>> with spamd_address but can?t find anything similar for av_scanner.
>>
>> I did format the line the same way it says for spamd_address but it
>> doesn?t work.
>
> The clue is that av_scanner is expanded when needed ...
>
> Here's what I've been doing for a few months (I was having a problem with
> clamds crashing, although I've not noticed it in a while). I run a clamd
> locally on each MX (so I use a socket), but they also bind to the hosts's
> IP (rather than just localhost) so they could receive queries from other
> hosts. Alternatively you might run your clamds on separate hosts
> entirely.
>
> First of all I need some macros:
>
> # The set of sockets to use for A/V scanning.
> # Note that we need two versions for each: the "R" version is used
> # in the readsocket call, and may take a different format. Ideally we
> # should be able to generate one from the other.
> PRIMARYCLAMDSOCK = /var/run/clamav/clamd.sock
> PRIMARYCLAMDRSOCK = PRIMARYCLAMDSOCK
> BACKUPCLAMDSOCK = ip.ad.re.ss 3310
> BACKUPCLAMDRSOCK = inet:ip.ad.re.ss:3310
>
>
> Then I declare that av_scanner will have the value of an ACL variable:
>
> # av_scanner will be expanded just before execution:
> av_scanner = $acl_m_avscanner
>
>
> Then, I have the following in my acl_smtp_data. In summary, it tests the
> primary clamd, and if it responds, uses it. If not, it tries the
> secondary one. If that fails, defer.
>
> It's a little cumbersome, but it works for me. Other methods or tidy-ups
> welcome.
>
>
> ## A/V content scanning
> ## Before we do the actual check, we need to determine if our preferred
> ## scanner is operational. If not, we can test an alternative one, and
> ## we use whichever worked.
> ## Selection technique based on:
> ## http://lists.exim.org/lurker/message/20070918.172526.ff9818ec.en.html
>
>   ## Set our default preference
>   warn
>       set acl_m_avscannerok = false

>
>   ## Test the preferred socket to see if it seems to be responsive
>   warn
>      ! condition = ${if bool{$acl_m_avscannerok}}
>        condition = ${if eq {${readsocket{PRIMARYCLAMDRSOCK}{PING}{1s}{} \
>                            {Could not connect to clamd socket \
>                            PRIMARYCLAMDSOCK}}} \
>                            {PONG} \
>                    }
>         set acl_m_avscanner = clamd:PRIMARYCLAMDSOCK
>         set acl_m_avscannerok = true

>
>   warn
>       # if acl_m_avscannerok is still false, then the previous check didn't
>       # work, so try with an alternative socket
>      ! condition = ${if bool{$acl_m_avscannerok}}
>        condition = ${if eq {${readsocket{BACKUPCLAMDRSOCK}{PING}{1s}{} \
>                            {Could not connect to clamd socket \
>                            BACKUPCLAMDSOCK}}} \
>                            {PONG} \
>                    }
>         set acl_m_avscanner = clamd:BACKUPCLAMDSOCK
>         set acl_m_avscannerok = true

>
>   defer
>       # if we could not find an operational scanner, defer
>      ! condition = ${if bool{$acl_m_avscannerok}}
>         logwrite = No A/V available, deferring
>          message = local problem, try again later

>
>   ## Perform A/V content scan with selected scanner
>   deny
>          message = Your message contains a virus or other harmful content \
>                    ($malware_name)\n\
>                    REFUSENOTICE
>      log_message = MSGTAG_MALWARE: \
>                    malware=$malware_name: \
>                    Malware found in message: \
>                    Subject=${quote:$header_subject:} \
>                    LOGMSG_DATA
>          malware = *

>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK



Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com