------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=926
Andreas M. Kirchwitz <amk@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |amk@???
--- Comment #15 from Andreas M. Kirchwitz <amk@???> 2010-07-21 02:29:15 ---
If I do understand Phil Pennock's new code correctly, it's still not possible
to use INSTREAM (or even FILDES) for UNIX domain sockets, right?
Now that the new code is more flexible than the old one, it would be great if
at least INSTREAM would be supported for UNIX domain sockets as well. That way,
you wouldn't need to put clamd in Exim's Unix group (which is bad for
security).
The new code currently reads:
if ((*clamd_options == '/') || (strcmpic(clamd_options2,US"local") == 0))
use_scan_command = TRUE;
else
use_scan_command = FALSE;
However, there no longer a reason to make such a big difference between UNIX
domain sockets and TCP sockets. Both support INSTREAM and SCAN. STREAM is
special to TCP sockets but is deprecated anyway. FILDES is special to UNIX
domain sockets and would be really nice to have (see clamdscan command line
tool), but that's a different story.
If we don't want to break the old configuration syntax (UNIX domain sockets do
SCAN by default), we could introduce a second secret option "remote" that is
special to UNIX domain sockets and results in INSTREAM (instead of SCAN).
It's a little bit ugly, but it will fit nicely to the secret option "local" for
TCP sockets (which does "SCAN" instead of STREAM/INSTREAM).
Just an example (unverified):
if (
( (*clamd_options == '/')
#ifndef WITH_OLD_CLAMAV_STREAM
&& (strcmpic(clamd_options2,US"remote") != 0) )
#endif
|| (strcmpic(clamd_options2,US"local") == 0)
)
use_scan_command = TRUE;
else
use_scan_command = FALSE;
Haven't tested it but that might just work without additional changes.
(Except documentation, of course.)
Any opinions?
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
