[exim] av_scanner is broken suddenly?

Top Page
Delete this message
Reply to this message
Author: Victor Sudakov
Date:  
To: exim-users
Subject: [exim] av_scanner is broken suddenly?
Dear Colleagues,

Something strange happened to clamd TCP communication after upgrading
exim to exim-4.94_4 (FreeBSD).

The configuration is standard:

av_scanner = clamd:192.168.153.104 3310
[...]
acl_check_data:
  deny    malware    = */defer_ok
          message    = This message contains a virus ($malware_name).


clamav is alive (first thing I checked):

$ telnet 192.168.153.104 3310
Trying 192.168.153.104...
Connected to 192.168.153.104.
Escape character is '^]'.
VERSION
ClamAV 0.103.0/26031/Mon Dec 28 19:43:18 2020
Connection closed by foreign host.

However, on mail delivery exim complains in the log:

2020-12-28 21:57:21 1kttxZ-0000Xw-3x malware acl condition: clamd : unable to send file body to socket (192.168.153.104)

The packet dump is available at http://admin.sibptus.ru/~vas/2.pcap
You can see from it that exim's host opens a TCP connection to the
clamav host, the clamav host replies with SYN+ACK, but the exim host sends a TCP RST
immediately. Why could that happen?

Accessing exim locally via a Unix socket would probably work around the
problem, but for the present I have to keep exim and clamav on different
hosts.

Any bright ideas please? Any debug I could enable and look at?

--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/