Re: [exim] av_scanner is broken suddenly?

Wed, 30 Dec 2020 23:11:39 -0800 

Jeremy Harris via Exim-users wrote:
> On 30/12/2020 13:20, Victor Sudakov via Exim-users wrote:
> > In my situation, I set net.inet.tcp.fastopen.client_enable=0 on the
> > client (exim host) and it cured the problem.
> 
> Good to know.  It's a workaround, not a fix, IMO.
> 
> > I could probably have set
> > net.inet.tcp.fastopen.server_enable=1 on the server side (clamd host)
> > and it would cure the problem too?
> 
> It's worth trying.  However, a TFO implementation is *required*
> to operate properly talking to a non-TFO peer.
> 
> > Jeremy, I did not quite understand if the whole problem is a bug in
> > FreeBSD
> 
> This.

Maybe I should file a PR to the FreeBSD team, but could you suggest a
very simple test case? Maybe a couple of lines of code to open a TCP
connection and fail?


> 
> > or a bug in Exim, or both, but if I can provide any help or
> > additional info/testing to clear the situation once and for all, I'd be
> > glad to.
> 
> If you could get a run with the original configuration, but with debug
> enabled (command-line "-d+all") on the exim that ends up calling
> out to Clam, that will help to locate that "close(-1)" we saw.
> 
> If that's the exim daemon:
> 
> - Check using "ps" for any extra args normally used on your
>   exim daemon process
> - stop the exim service
> - run
>   # exim -d+all -bd 2>&1 | tee logfile
>   to get a daemon with debug.

I now have this log and am ready to send it privately to you or another
person requesting it, preferably in encrypted form. I would not like to
publish such a detailed log somewhere on the Internet.

A relevant snippet from the log is below:


13:54:33 63708 Malware scan:  clamd tmo=2m
13:54:33 63708 trying server name 192.168.153.104, port 3310
13:54:33 63708  TFO mode connection attempt to 192.168.153.104, 10 data
13:54:33 63708 Malware scan: issuing clamd new-style remote scan (zINSTREAM)
13:54:33 63708  socket: domain AF_INET lcl [95.170.141.50]:47149 type 
SOCK_STREAM proto tcp
13:54:33 63708 LOG: MAIN PANIC
13:54:33 63708   malware acl condition: clamd  : unable to send file body to 
socket (192.168.153.104)
13:54:33 63708 deny: condition test failed in ACL "acl_check_data"


-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

Attachment: signature.asc
Description: PGP signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to