On Fri, 2 Dec 2016 16:57:32 +0100
No; the built-in code uses IO::Socket::UNIX and can only scan local
files. You need to write your own wrapper code if you want to
stream files to another host.

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mail

Hi Benoît,
As I understand it, clamav needs access to local /var/spool/MIMEDefang/
and I don't see any lines in /usr/bin/mimedefang.pl hat point to a
tcp/ip socket for clamav.

What about moving clamav scans to a second mimedefang instance running
on a different host, which is only responsible for scanning and calling
this mimdefang afterwards?

Ciao!


_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roari

On Dec 2, 1:22pm, "Bill Cole" wrote:
} On 2 Dec 2016, at 12:01, Dianne Skoll wrote:
} > On Fri, 2 Dec 2016 16:57:32 +0100
} > Benoit Panizzon <***@imp.ch> wrote:
} >
} >> Does anyone know, if it's possible to use
} >> ClamdSock = "host:port";
} >> in MIMEDefang?
} >
} > No; the built-in code uses IO::Socket::UNIX and can only scan local
} > files. You need to write your own wrapper code if you want to
} > stream files to another host.
}
} Note that this is pretty easy if you have the 'socat' software
} installed. You could run something like this out of init (or whatever
} replacement for init your system uses):
}
} socat UNIX-LISTEN:/var/run/fakeclamd.sock,mode=777,fork
} TCP:<clamdhost>:<clamdport>
}
} Note that this provides no on-the-wire security but in its favor, only
} needs a persistent socat process on the client side. By using an OPENSSL
} socket type instead of TCP and a mirror image socat process on the
} server side (i.e. have socat instead of clamd listening on the network
} interface, talking to the clamd socket) you could secure the conversion.
} See the socat man page for more information.

Just curious, has anybody in this thread read the clamd manpage
recently?

The clamd socket is primarily a control channel, i.e. you send
it a command like, "SCAN <path>", which won't work very well if
<path> is inaccessible to clamd. There is "STREAM" (deprecated)
which returns "PORT <portno>" and "INSTREAM" which takes chunked
data. None of this is particularly amenable to use by socat (you
could use NFS to make <path> available to a remote clamd, but that
isn't recommended). Likewise, you can't just replace a connection
to a UNIX domain socket with a connection to an INET socket.

}-- End of excerpt from "Bill Cole"
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpen

Hi all

Thank you for the comments. I wrote that email a bit in a hurry, because
we have an 'old' installation which uses MIMEDefang where we cannot
update clamd (and the OS base) anymore. Clamd keeps crashing with new
definition files.

So as a quick fix I got clamd on our new filter installation listining
to an inet socket and failed to have this connected from MIMEDefang on
the old one trying to set $clamdsock = "inet:clamdhost:port" or similar.

After sending the email I read on what I could find on the toppic.

Yes, the problem is that MIMEDefang passes the path to be scanned to
the clamd socket, so the file needs to be local on the machine running
clamd.

Of course it would not bee too dificult to add: ClamAV::Client to
mimedefang-filter and then use the scan_stream method which, as I
understand, would use the INSTREAM command to pass the content to be
scanned to clamd.

I'm not sure yet, if INSTREAM takes care of unpacking zip payloads and
similar. I have not tested and probably will not have the time to do so.

I guess I'll have to put a higher priority on moving the remaining
customers from our 'old' infrastructure to the new one.

-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roa

Not with the built-in Clam support.

What we did on our outbound mail cluster was to call clamdscan on a
slightly modified copy INPUTMSG (something we needed for other
processing anyway), and parse the results. Originally we also used
--config-file with several config files set either per-server,
randomized on MD child initialization, or randomized per call to
pseudo-randomize which clamd host got tried; at the time we ran into
some strange issues running clamd behind a Linux LVM load-balancer. We
tried again recently and it runs fine behind LVM so now we just use one
standard config file to direct the call to the load-balancer IP.

It works quite well, although pushing mail messages back and forth over
a network socket like that eats local bandwidth - I'd suggest making
sure that activity runs on a physically separate NIC to a private network.

-kgd
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://li