[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problems with Exim av_scanner using a separate ClamAV server



I'm getting errors in my /var/log/exim4/paniclog:
2009-05-28 20:15:17 1M9m0T-00059K-21 malware acl condition: clamd: 
connection to 172.20.2.91, port 1189 failed (Connection refused)
2009-05-28 20:18:42 1M9m3l-0005GE-PF malware acl condition: clamd: 
connection to 172.20.2.91, port 1114 failed (Connection refused)
2009-05-28 20:19:25 1M9m4T-0005GL-94 malware acl condition: clamd: 
connection to 172.20.2.91, port 1520 failed (Connection refused)
2009-05-28 20:20:09 1M9m5B-0005GQ-4V malware acl condition: clamd: 
connection to 172.20.2.91, port 1533 failed (Connection refused)
2009-05-28 20:20:37 1M9m5c-0005GV-Vu malware acl condition: clamd: 
connection to 172.20.2.91, port 1574 failed (Connection refused)
2009-05-28 20:24:40 1M9m9Y-0005Ga-L0 malware acl condition: clamd: 
connection to 172.20.2.91, port 1703 failed (Connection refused)
2009-05-28 20:26:15 1M9mB5-0005Gf-Bk malware acl condition: clamd: 
connection to 172.20.2.91, port 1426 failed (Connection refused)
2009-05-28 20:28:03 1M9mCl-0005Gk-9s malware acl condition: clamd: 
connection to 172.20.2.91, port 1221 failed (Connection refused)
2009-05-28 20:29:40 1M9mEN-0005Gp-Q4 malware acl condition: clamd: 
connection to 172.20.2.91, port 1966 failed (Connection refused)
2009-05-28 20:31:42 1M9mGJ-0005Gu-NB malware acl condition: clamd: 
connection to 172.20.2.91, port 1697 failed (Connection refused)

Notice that the port varies, for some reason.

What I think is relevant about my configuration is:
(on the exim4 server)
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs-local:
CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/conf.d/local/acl_check_data

/etc/exim4/conf.d/main/02_exim4-config_options-local:
av_scanner = clamd:ichi 3310

/etc/exim4/conf.d/acl/40_exim4-config_check_data:
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif

/etc/exim4/conf.d/local/acl_check_data:
deny
  add_header = X-Virus-Scanned: clamav@iguanasuicide.net
  message = This message was detected as possible malware ($malware_name).
  malware = */defer_ok

/etc/hosts:
172.20.2.91     ichi.iguanasuicide.net ichi

(on the clamd server)
netstat -plnt:
tcp        0      0 0.0.0.0:3310            0.0.0.0:*               LISTEN      
22551/clamd

iptables -L:
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3310

Have I found a bug in exim4?  Is there any way I can convince it to use some 
constant port?
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: