On Thu, 25 Feb 2010, Frank DeChellis wrote: > We are using Exim 4.67. > > Is there a way, with the av_scanner option, to specify 2 clamav > processes running on 2 different IPs . I see there is a way to do it > with spamd_address but can?t find anything similar for av_scanner. > > I did format the line the same way it says for spamd_address but it > doesn?t work.
The clue is that av_scanner is expanded when needed ... Here's what I've been doing for a few months (I was having a problem with clamds crashing, although I've not noticed it in a while). I run a clamd locally on each MX (so I use a socket), but they also bind to the hosts's IP (rather than just localhost) so they could receive queries from other hosts. Alternatively you might run your clamds on separate hosts entirely. First of all I need some macros: # The set of sockets to use for A/V scanning. # Note that we need two versions for each: the "R" version is used # in the readsocket call, and may take a different format. Ideally we # should be able to generate one from the other. PRIMARYCLAMDSOCK = /var/run/clamav/clamd.sock PRIMARYCLAMDRSOCK = PRIMARYCLAMDSOCK BACKUPCLAMDSOCK = ip.ad.re.ss 3310 BACKUPCLAMDRSOCK = inet:ip.ad.re.ss:3310 Then I declare that av_scanner will have the value of an ACL variable: # av_scanner will be expanded just before execution: av_scanner = $acl_m_avscanner Then, I have the following in my acl_smtp_data. In summary, it tests the primary clamd, and if it responds, uses it. If not, it tries the secondary one. If that fails, defer. It's a little cumbersome, but it works for me. Other methods or tidy-ups welcome. ## A/V content scanning ## Before we do the actual check, we need to determine if our preferred ## scanner is operational. If not, we can test an alternative one, and ## we use whichever worked. ## Selection technique based on: ## http://lists.exim.org/lurker/message/20070918.172526.ff9818ec.en.html ## Set our default preference warn set acl_m_avscannerok = false ## Test the preferred socket to see if it seems to be responsive warn ! condition = ${if bool{$acl_m_avscannerok}} condition = ${if eq {${readsocket{PRIMARYCLAMDRSOCK}{PING}{1s}{} \ {Could not connect to clamd socket \ PRIMARYCLAMDSOCK}}} \ {PONG} \ } set acl_m_avscanner = clamd:PRIMARYCLAMDSOCK set acl_m_avscannerok = true warn # if acl_m_avscannerok is still false, then the previous check didn't # work, so try with an alternative socket ! condition = ${if bool{$acl_m_avscannerok}} condition = ${if eq {${readsocket{BACKUPCLAMDRSOCK}{PING}{1s}{} \ {Could not connect to clamd socket \ BACKUPCLAMDSOCK}}} \ {PONG} \ } set acl_m_avscanner = clamd:BACKUPCLAMDSOCK set acl_m_avscannerok = true defer # if we could not find an operational scanner, defer ! condition = ${if bool{$acl_m_avscannerok}} logwrite = No A/V available, deferring message = local problem, try again later ## Perform A/V content scan with selected scanner deny message = Your message contains a virus or other harmful content \ ($malware_name)\n\ REFUSENOTICE log_message = MSGTAG_MALWARE: \ malware=$malware_name: \ Malware found in message: \ Subject=${quote:$header_subject:} \ LOGMSG_DATA malware = * Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
