Re: [exim] Misleading message "clamd: failed to connect to …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhil Pennock at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Marcin Mirosław
Date:  
To: exim-users
CC: exim-users
Subject: Re: [exim] Misleading message "clamd: failed to connect to 127.0.0.1: couldn't connect to any host: Connection refused" ?
W dniu 02.07.2014 03:43, Phil Pennock pisze:

Hi Phil, hi all!

> On 2014-06-30 at 16:31 +0200, Marcin Mirosław wrote:
>> I have defined connection to av_scanner as below:
>> av_scanner = clamd:127.0.0.1 3310 : 192.168.254.10 3310
>
>> 2014-06-30 16:18:01 1X1cPB-0001CM-E1 malware acl condition: clamd:
>> failed to connect to 127.0.0.1: couldn't connect to any host: Connection
>> refused
>
>> So message "couldn't connect to any host:" is a little misleading, exim
>> can connect to any host (but not to localhost).
>
> Sorry, that's misleading, yes. What it means is "for the hostname or IP
> address given, couldn't connect to any host matching that hostname". If
> you had specified "localhost 3310" on an IPv6 system, then it would have
> tried 127.0.0.1 and ::1 both before reporting that error.
>
> So when Exim is working through the list of possible targets, in random
> order now, each item is tried in turn; when they're IP addresses instead
> of hostnames, then the message is misleading.

Should I fill bug for this?


>> Have you got any idea why clamd uses word "local" even when connection
>> is from remote host?
>
> Bug?
> 
> Their code:
> ----------------------------8< cut here >8------------------------------
>         if (stream) {
>             struct sockaddr_in sa;
>             socklen_t salen = sizeof(sa);
>             if(getpeername(conn->sd, (struct sockaddr *)&sa, &salen) || salen > sizeof(sa) || sa.sin_family != AF_INET)
>                 strncpy(fdstr, "instream(local)", sizeof(fdstr));
>             else
>                 snprintf(fdstr, sizeof(fdstr), "instream(%s@%u)", inet_ntoa(sa.sin_addr), ntohs(sa.sin_port));
>             reply_fdstr = "stream";
>         } else {
>             snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd);
>             reply_fdstr = fdstr;
>         }
> ----------------------------8< cut here >8------------------------------

>
> So will fail on IPv6; your config is IPv4-only though? So something
> non-obvious probably happening in the path to get here and I'm
> disinclined to spend more than 5 minutes looking at this or getting
> familiar with the ClamAV code base to answer. :) So, ask on the ClamAV
> mailing lists?
>
> Or are you using IPv6-mapped IPv4 stuff, to get connections which look
> like :ffff:192.0.2.1 -- in which case, "lack of IPv6 support in that bit
> of the ClamAV codebase".

With clamav compiled with ipv6 support nothing changed.
Thank you, you spend far more time than I expected. I was expecting
answer like "it's known bug" or "I've never seen such behavior".
Sorry for late anwer.

Marcin




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Deployment of Multiple Exim Servers for Scalability[exim] Matching An Incoming Mail Address->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)