Re: [Mimedefang] Timeouts and message_contains_virus

Tue, 26 Jan 2010 06:34:03 -0800 

Op 26 jan 2010, om 10:47 heeft Petra Humann het volgende geschreven:

I'm using message_contains_virus_sophie for virus checking.
Sometimes (rarely) the sophie daemon dies, but the socket file persists. Because of this mimedefang-filter can't get results from the subroutine 
and the mail server is temp failing any mail.
... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): timeout before data read, where=body ... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): to error state ... sm-mta[15124]: o0PFjX0p015124: Milter: data, reject=451 4.3.2 Please try again later 

Is it possible to set a timeout value for getting the result
of virus scanning in message_contains_virus_sophie?
On a .pdf attachment maybe? We had the same issue over a year ago, reported to sophos, never really heard back that it's fixed, but newer versions of the engine could suddenly process the sample file I collected.
We quick-fixed it by skipping sohos scanning entirely for certain senders (based on a hardcoded "%skip_sophos = ..." in the code, even. It was quite rare.) Since that still scanned the message on the two other scanners, I wasn't too worried about viruses getting through.
It is possible to use a timeout, but it requires patching mimedefang.pl. In "sub entity_contains_virus_sophie" and "sub message_contains_virus_sophie" there is a call: 
        $sock->sysread($output,256)
That blocks until something is received. If you replace that with a function that reads a socket with a timeout, you're done. Eg: 
        read_with_timeout($sock, $output, 256, timeout => 60);

Then you still have to implement read_with_timeout:
# note: completely untested. Debugging is left as an excersize for the reader... 
sub read_with_timeout {
    my ($sock, $buf, $len, %opts) = @_;
    IO::Select->new($sock)->can_read( $opts{timeout} || 0)
        or return undef;
    return $sock->sysread($buf, $len);
}
That should do it. No guarantees, if it breaks, you get to keep both pieces, YMMV, etc. 

--
Jan-Pieter Cornet <[email protected]>
Systeembeheer XS4ALL Internet bv
Internet: www.xs4all.nl
Contact: www.xs4all.nl/contact

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to