Thank you very much for the info. Will adding a second address to the av_scanner line be an option in the future?
Frank On 10-02-25 5:37 PM, "Jethro R Binks" <[email protected]> wrote: > On Thu, 25 Feb 2010, Frank DeChellis wrote: > >> We are using Exim 4.67. >> >> Is there a way, with the av_scanner option, to specify 2 clamav >> processes running on 2 different IPs . I see there is a way to do it >> with spamd_address but can?t find anything similar for av_scanner. >> >> I did format the line the same way it says for spamd_address but it >> doesn?t work. > > The clue is that av_scanner is expanded when needed ... > > Here's what I've been doing for a few months (I was having a problem with > clamds crashing, although I've not noticed it in a while). I run a clamd > locally on each MX (so I use a socket), but they also bind to the hosts's > IP (rather than just localhost) so they could receive queries from other > hosts. Alternatively you might run your clamds on separate hosts > entirely. > > First of all I need some macros: > > # The set of sockets to use for A/V scanning. > # Note that we need two versions for each: the "R" version is used > # in the readsocket call, and may take a different format. Ideally we > # should be able to generate one from the other. > PRIMARYCLAMDSOCK = /var/run/clamav/clamd.sock > PRIMARYCLAMDRSOCK = PRIMARYCLAMDSOCK > BACKUPCLAMDSOCK = ip.ad.re.ss 3310 > BACKUPCLAMDRSOCK = inet:ip.ad.re.ss:3310 > > > Then I declare that av_scanner will have the value of an ACL variable: > > # av_scanner will be expanded just before execution: > av_scanner = $acl_m_avscanner > > > Then, I have the following in my acl_smtp_data. In summary, it tests the > primary clamd, and if it responds, uses it. If not, it tries the > secondary one. If that fails, defer. > > It's a little cumbersome, but it works for me. Other methods or tidy-ups > welcome. > > > ## A/V content scanning > ## Before we do the actual check, we need to determine if our preferred > ## scanner is operational. If not, we can test an alternative one, and > ## we use whichever worked. > ## Selection technique based on: > ## http://lists.exim.org/lurker/message/20070918.172526.ff9818ec.en.html > > ## Set our default preference > warn > set acl_m_avscannerok = false > > ## Test the preferred socket to see if it seems to be responsive > warn > ! condition = ${if bool{$acl_m_avscannerok}} > condition = ${if eq {${readsocket{PRIMARYCLAMDRSOCK}{PING}{1s}{} \ > {Could not connect to clamd socket \ > PRIMARYCLAMDSOCK}}} \ > {PONG} \ > } > set acl_m_avscanner = clamd:PRIMARYCLAMDSOCK > set acl_m_avscannerok = true > > warn > # if acl_m_avscannerok is still false, then the previous check didn't > # work, so try with an alternative socket > ! condition = ${if bool{$acl_m_avscannerok}} > condition = ${if eq {${readsocket{BACKUPCLAMDRSOCK}{PING}{1s}{} \ > {Could not connect to clamd socket \ > BACKUPCLAMDSOCK}}} \ > {PONG} \ > } > set acl_m_avscanner = clamd:BACKUPCLAMDSOCK > set acl_m_avscannerok = true > > defer > # if we could not find an operational scanner, defer > ! condition = ${if bool{$acl_m_avscannerok}} > logwrite = No A/V available, deferring > message = local problem, try again later > > ## Perform A/V content scan with selected scanner > deny > message = Your message contains a virus or other harmful content \ > ($malware_name)\n\ > REFUSENOTICE > log_message = MSGTAG_MALWARE: \ > malware=$malware_name: \ > Malware found in message: \ > Subject=${quote:$header_subject:} \ > LOGMSG_DATA > malware = * > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks > Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK Frank DeChellis President, Internet Access Worldwide Welland, Ontario, Canada www.iaw.com -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
