On 27 Feb 2005, at 08:29, John Peacock wrote:
Since I can't leave well enough alone, I have started to write a new clamav plugin along the following lines:
1) communicate directly with the clamd daemon (via TCP/IP or unix domain socket), much like the spamassassin plugin does with spamd;
2) directly call clamd on the temporary files that qpsmtpd already has (to save writing out a copy of the file body).
Unfortunately, I am having problems on both counts. For reasons I cannot yet understand, using socket communications works fine when run under the debugger, but hangs on reading from the socket when run outside of the debugger. Hrrmmmm.
You know I have a perl module to do this on CPAN, right?
The second change is giving me other issues. libclamav uses heuristics to determine what type of file is being scanned, and then calls the appropriate code. Unfortunately, the temporary files which qpsmtpd creates in the spooldir contain only the MIME body, and libclamav doesn't recognize the file as containing any content (and thus doesn't scan it at all).
I've got a severely inelegant hack which patches the libclamav code to scan any unknown file type as if it were a mail message. This is hardly a general fix, but it might be sufficient for me to run privately. A better fix would be to extract the MIME sections myself, before handing off scanning to libclamav. There are two options here as well:
a) use something like MIME-tools to decode the attachments from within Perl;
b) use ripmime to decode the attachments (this works on the body-only files, modulo some odd off-by-one thing with the filenames).
The ultimate plan after the next release is for me to integrate my perl mail parser, which will give us access to the body parts. But I have no plans to start doing that until Ask stamps a release out.
Matt.
