> *********** REPLY SEPARATOR *********** > > On 4/15/2005 at 3:58 PM Nigel Horne wrote: > > >On Friday 15 Apr 2005 15:56, Carl Thompson wrote: > >> > >> *********** REPLY SEPARATOR *********** > >> > >> On 4/14/2005 at 10:24 PM Nigel Horne wrote: > >> > >> >> Okay this is what i have for clamav-milter on remote server > >> > > >> >Remote to sendmail? Or remote to clamd? Or both? > >> > > >> >> CLAMAV_FLAGS="-qlm5 --external --server=xxx.xxx.xxx.xxx > >> >> local:/var/run/clamav/clmilter.sock" > >> >> > >> >> and I have to run clamd on that server so that clamav uses it > >> >> externally to scan for virus (if i understand this correctly) > >> > > >> >I presume by "that server" you mean the server running clamav-milter > >> > > >> >> > >> >> and on my primary server i did the same thing and clamav creates > >> >> local socket and scans thru clamd on remote server. > >> > > >> >I presume by "primary server" you mean the server running > clamd, though > >> >I don't understand what you mean by you "did the same thing"? > Why would > >> >you do the same on both machines? Surely one runs clamd and one > >> >runs clamav-milter? > >> > > >> >> however if i use > >> >> INPUT_MAIL_FILTER(`clamav', `S=inet:[EMAIL PROTECTED], F=, > >T=S:4m;R:4m')dnl > >> >> (machine name chaned to correct machine of course) > >> > > >> >By "machineb" do you mean the same as "primary server" above? Or the > >> >same as "that server"? > >> > > >> >> I still get socket errors in maillog about attempting to scan and > >> >> clamd is on the remote socket not clamav-milter on the > remote socket. > >> > > >> >> I'm sure i'm doing something simple wrong but I sure can't figure it > >out. > >> > > >> >Sorry, but I can't figure out what you're trying to do and what you've > >> >tried to set up. > >> > > >> >The following scenarios are possible: > >> >1) sendmail, clamav-milter and clamd all on one machine > >> >2) sendmail and clamav-milter on one machine, clamd on another machine > >> >3) sendmail on one machine, clamav-milter and clamd on another machine > >> >4) sendmail, clamav-milter and clamd all on separate machines > >> >5) sendmail and clamav-milter on one machine, clamd running > on multiple > >> >machines load balanced > >> >6) sendmail and clamav-milter on separate machines, clamd running on > >> >multiple machines load balanced, which may include the same machines. > >> > > >> >Please be very specific about what you're trying to achieve. I guess > >> >it's either scenario 2 or scenario 3? > >> I can get scenario 2 to work without a problem and this is how I did it > >for some time before .82 (when clamd scanning was integrated into > >clamav-milter and you no longer needed to run clamd just for > clamav-milter) > >> > >> The problem I have is scenario 3. > >> > >> machine a has sendmail on it > >> machine b is a low use box so I would like to run clamav-milter and > >clamd (if its necessary now) on it and have machine a connect to > >clamav-milter on machine b. however I am unable to get clamav-milter to > >listen on a TCP port on machine b > > > >Machine a configure looks correct: > > INPUT_MAIL_FILTER(`clamav', `S=inet:[EMAIL PROTECTED], F=, > T=S:4m;R:4m')dn > > > >On machineb try starting clamav-milter thus (based on the options you > >gave, and ensure that clamd > >is running on machineb first): > > CLAMAV_FLAGS="-qlm5 --external inet:3311" > > > >> Carl > > > >-Nigel > > > > As a final update to this little endeavor this is what I did > > on the mail server i used > INPUT_MAIL_FILTER(`clamav', `S=inet:[EMAIL PROTECTED], F=, T=S:4m;R:4m')dn > > on the scanning server i did the following > > CLAMAV_FLAGS="-qlm5 inet:3311 --server xxx.xxx.xxx.xxx" > > I tried it with --external and that worked fine if I had clamd > running (as it should be) so I figured i would try it internal > and that worked fine. > > I did however have to specify --server because without it it > bound to 3311 of 127.0.0.1
Again I need more information here. When you say xxx.xxx.xxx.xxx, what IP address did you use? Furthermore what do you have in your tcpwrappers files (/etc/hosts.allow and /etc/hosts.deny). --server is to do with the link clamav-milter<->clamd, where as the inet:3311 is to do with the link sendmail<->clamav-milter, so adding --server should have no effect on the incoming as you've stated. I need more information to see what's going on with the bind you mention. > Carl -Nigel _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
