Re: [exim] Misleading message "clamd: failed to connect to …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Marcin Mirosław
CC: exim-users
Subject: Re: [exim] Misleading message "clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused" ?
On 2014-06-30 at 16:31 +0200, Marcin Mirosław wrote:
> I have defined connection to av_scanner as below:
> av_scanner = clamd:127.0.0.1 3310 : 192.168.254.10 3310


> 2014-06-30 16:18:01 1X1cPB-0001CM-E1 malware acl condition: clamd:
> failed to connect to 127.0.0.1: couldn't connect to any host: Connection
> refused


> So message "couldn't connect to any host:" is a little misleading, exim
> can connect to any host (but not to localhost).


Sorry, that's misleading, yes. What it means is "for the hostname or IP
address given, couldn't connect to any host matching that hostname". If
you had specified "localhost 3310" on an IPv6 system, then it would have
tried 127.0.0.1 and ::1 both before reporting that error.

So when Exim is working through the list of possible targets, in random
order now, each item is tried in turn; when they're IP addresses instead
of hostnames, then the message is misleading.

> Have you got any idea why clamd uses word "local" even when connection
> is from remote host?


Bug?

Their code:
----------------------------8< cut here >8------------------------------
        if (stream) {
            struct sockaddr_in sa;
            socklen_t salen = sizeof(sa);
            if(getpeername(conn->sd, (struct sockaddr *)&sa, &salen) || salen > sizeof(sa) || sa.sin_family != AF_INET)
                strncpy(fdstr, "instream(local)", sizeof(fdstr));
            else
                snprintf(fdstr, sizeof(fdstr), "instream(%s@%u)", inet_ntoa(sa.sin_addr), ntohs(sa.sin_port));
            reply_fdstr = "stream";
        } else {
            snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd);
            reply_fdstr = fdstr;
        }
----------------------------8< cut here >8------------------------------


So will fail on IPv6; your config is IPv4-only though? So something
non-obvious probably happening in the path to get here and I'm
disinclined to spend more than 5 minutes looking at this or getting
familiar with the ClamAV code base to answer. :) So, ask on the ClamAV
mailing lists?

Or are you using IPv6-mapped IPv4 stuff, to get connections which look
like :ffff:192.0.2.1 -- in which case, "lack of IPv6 support in that bit
of the ClamAV codebase".

-Phil