Michael,
For what it's worth, I discovered today after updating packages on my gentoo system that I've had to modify the clamav-perlfilter which you provide at <http://karmak.org/2004/courier-clamav/>.
After upgrading from courier-0.45.5 to courier-0.45.6.20040618 and from
clamav-0.70 to clamav-0.75, the filter starts hanging (resulting in
messages like "courierfilter: connect(): Connection timed out" in the
maillog).
After much screwing around this afternoon I've found I can alleviate the problem by changing the line open(CLAMOUT, "cat ${filename} | clamdscan --stdout - |"); to open(CLAMOUT, "clamdscan --stdout ${filename} |");
The issue must be related to clamav and not courier, because invoking a similar command line by hand (i.e. cat somefile | clamdscan --stdout -) causes the same hang, while passing the filename direct does not.
What is the purpose of the cat and pipe, anyhow? I suppose this way the $filename could contain malicious characters resulting in an exploit, but so it could the second way, as well.
The pipe is necessary if you are running clamd as a different user than courier. For example, on my system clamd runs as the 'clamav' user, and courier runs as the 'courier' user. If the second approach is working for you, you must be running clamd and courier as the same user. (Personally I think this is not a good idea.)
The problem is that courier writes the file to disk with so that it is only readable by the courier user. If clamd is not running under the same uid as courier it cannot read the file. So you have to let courier read the file and send it to clamdscan on stdin.
I am curious about the error you are getting though. I just installed the latest clamav (0.75.1), and I tested it with a couple viruses and it worked fine. This entry in the ChangeLog for 0.75.1 may be relevant:
* clamdscan: fix stdin scanning in local mode (patch by Stephen
Gran <steve*lobefin.net>)Try 0.75.1 and see if that solves the problem.
As an unrelated aside, I also earlier changed the result code ("virus
detected") from 500 to 577, which seems more consistent with the
semantics described in RFC 1893.
I don't mind changing this, but what is your rationale?
Does anyone else following this thread have an opinion?
Otherwise I have been very happy with this filter, which has been stopping lots of viruses on their way in.
Yeah, between the clamav filter and a couple good DNSBLs in etc/esmtpd, you can really cut down the junk mail.
-ben
On 04 7 2004 at 8:29 am -0400, Michael Carmack wrote:
Here are two simple ways of getting Courier working with ClamAV:
http://karmak.org/2004/courier-clamav/
m.
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
