Dear Colleagues,
Something strange happened to clamd TCP communication after upgrading
exim to exim-4.94_4 (FreeBSD).
The configuration is standard:
av_scanner = clamd:192.168.153.104 3310
[...]
acl_check_data:
deny malware = */defer_ok
message = This message contains a virus ($malware_name).
clamav is alive (first thing I checked):
$ telnet 192.168.153.104 3310
Trying 192.168.153.104...
Connected to 192.168.153.104.
Escape character is '^]'.
VERSION
ClamAV 0.103.0/26031/Mon Dec 28 19:43:18 2020
Connection closed by foreign host.
However, on mail delivery exim complains in the log:
2020-12-28 21:57:21 1kttxZ-0000Xw-3x malware acl condition: clamd : unable to send file body to socket (192.168.153.104)
The packet dump is available at
http://admin.sibptus.ru/~vas/2.pcap
You can see from it that exim's host opens a TCP connection to the
clamav host, the clamav host replies with SYN+ACK, but the exim host sends a TCP RST
immediately. Why could that happen?
Accessing exim locally via a Unix socket would probably work around the
problem, but for the present I have to keep exim and clamav on different
hosts.
Any bright ideas please? Any debug I could enable and look at?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet
http://vas.tomsk.ru/
