Mike Tremaine wrote: > Anyone have trouble downloading large files through the Proxy? I'm asking > because built the new ClamAV but I was testing it out and noticed that I had > problem with Frox blocking large tar.gz files even after I change the Clamd > settings to allow [pass] large archives. It kept treating them like they were > Viruses. > > I rebooted the test box and now it acts like they can pass but the download > still times out. And since everything is on the same 100/mbit LAN there is no > way it is really timing out. > >
So here is the deal with Frox and large archive files [or even other very large files]. Frox calls clamdscan internally and pass the file you have downloaded to it as sub-process. Clamdscan scans the file and returns the 0 or 1 [actually 256 ;/] for clean or virus. Life is good and it works.... Except frox will only wait for clamdscan to return for a limited amount of time. [I think it is 120 secs but I'll have to look at the source code.] If clamdscan does not return frox times out the session. One of the horrible things about this is that even if you have set clamd to not scan Archives greater then XXMB frox will still scan it. So that 250MB tarball you just downloaded is going to get scanned. If you have a slow system [like my 550MHZ development box!!!] this is going to time out and you can not download through frox anything bigger then clamdscan can scan in 2mins. Here is my solution. I wrote wrapper that can handle calling clamdscan and doing sanity checks on the file first. I tested this out and it works fine. I'm going to improve it a bit more so that all the options can be set on the command line which will make it even more flexible. Then I'll try to update the Frox GUI page so we can control it from there. But here is the solution in the raw form. http://www.stellarcore.net/downloads/efw2-development/clamdscan_wrapper.py You can install that in /usr/local/bin and all you have to do is change 1 line in /etc/froc/frox.conf. VirusScanner '"/usr/local/bin/clamdscan_wrapper.py" "%s"' Restart Frox and you can now pass big archives without wasting the CPU scanning them. I set maxsize at 15000000 somewhere near 15MB and maxsize_return is 0 which means signal Frox that it is ok. If you want to deny large archives change the 0 to a 1 and it will be denied. Increase maxsize to whatever you feel is right for your system. It takes my development box a little more then 2mins to scan a 30MB abiword tar.gz... Obviously if you are not having this problem don't bother with this fix. I'll work on making it clean and getting my changes upstream into Endian for the next release. -Mike ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
