Michael,
> [...] What this meant to normal amavisd installations that used CONTSCAN /
> clamscan for primary scanner, and the command line clamscan for backup,
> is that if, when, while clamd was offline for updates, reboot,
> maintenance, etc, the CLI version clamscan took over.
> I may have a solution for companies that can run a backup clamd scanner
> in TCP mode
> it appears that the (newer) clamdscan and clamd automatically support
> the TCP new streams mode and if you set up a clamd scanner on a remote
> host, open up the TCP port and run clamdscan {file/directory} clamd on
> the remote knows you are remote, lets clamdscan know that, and clamdscan
> starts to send the file through TCP instead of just sending the fileid.
> (you have to edit clamd.conf on both systems, take our socket, use TCP
> options. clamd doesn't support both unix socket and TCP socket)
> [...]
> B) clamdscan supports the remote streaming mode, and can be an effective
> option, especially if the network is local
> 3) MAYBE amavisd 2.6.4 can augment the amavisd/clam modes by
> implementing the remote mode.
>
> I have even thought of using the clamdscan/tcp remote option as a
> PRIMARY scanner, and have tested the throughput results.
>
> observations include:
> with build in CONTSCAN, amavisd loads the code once, and probaly caches
> the unix socket.
> with using clamdscan (tcp/remote) as the primary scanner, nothing is
> cached, clamdscan needs to be called (the binary) for each message,
> hence the question/request to support the TCP mode.
Given the overhead of having to stream the whole content to a remote
scanner, the cost of spawning a clamdscan process is probably negligible.
I don't think there is a need to duplicate in amavisd what clamdscan
client does just fine.
> if clamd supported both TCP and unix sockets on the same server, and you
> had two servers, amavisd could use unix sockets for primary, and then
> maybe tcp for backup scanner.
Just add an entry like:
### http://www.clamav.net/ - using remote clamd scanner
['ClamAV-clamdscan', 'clamdscan',
"--stdout --no-summary --config-file=/etc/clamd-client.conf {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
and you have a backup clamd scanner on a remote host.
The /etc/clamd-client.conf is just a copy of your main /etc/clamd.conf,
with changed:
TCPSocket 3310
TCPAddr <remote-host-running-clamd>
It would be more comfortable if clamdscan supported a command-line
option to specify a host/port of a scanning host, but using an alternative
config file works fine too for the time being. Someone should send
a suggestion to ClamAV folks.
Mark
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
