clamav: allow configuration to use TCP socket
Something having to do with passing a file descriptor over spamd's Unix socket causes the ClamAV milter to fail. The milter says "ERROR: Unknown reply from clamd," and running strace on spamd reveals "No file descriptor received. ERROR." Some work by others can be found on the Internet that suggests using a TCP socket for the communication between the milter and spamd fixes this. Lucian Cristian confirmed this on OpenWrt. I am not sure why the Unix socket does not work. I suspect it is something related to musl, but I have not yet found evidence of this. This merge request adds the option to configure spamd to use a TCP socket, and it uses this as the default. The merge request also adds an init script for clamav-milter. Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
W. Michael Petullo
parent
f95f280a46
commit
54016ddaf4
5 changed files with 144 additions and 3 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=clamav
|
||||
PKG_VERSION:=0.102.4
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
|
||||
|
|
@ -88,6 +88,7 @@ TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed $(if $(CONFIG_USE_MUSL),-lfts)
|
|||
|
||||
define Package/clamav/conffiles
|
||||
/etc/config/clamav
|
||||
/etc/config/clamav-milter
|
||||
endef
|
||||
|
||||
define Package/clamav/install
|
||||
|
|
@ -106,9 +107,11 @@ define Package/clamav/install
|
|||
|
||||
$(INSTALL_DIR) $(1)/etc/config
|
||||
$(INSTALL_CONF) ./files/clamav.config $(1)/etc/config/clamav
|
||||
$(INSTALL_CONF) ./files/clamav-milter.config $(1)/etc/config/clamav-milter
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/init.d/
|
||||
$(INSTALL_BIN) ./files/clamav.init $(1)/etc/init.d/clamav
|
||||
$(INSTALL_BIN) ./files/clamav-milter.init $(1)/etc/init.d/clamav-milter
|
||||
|
||||
$(INSTALL_DIR) $(1)/usr/share/clamav
|
||||
$(CP) ./files/bytecode.cvd $(1)/usr/share/clamav/
|
||||
|
|
|
|||
26
net/clamav/files/clamav-milter.config
Normal file
26
net/clamav/files/clamav-milter.config
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
config clamav-milter 'clamav-milter'
|
||||
option clamav_milter_config_file '/etc/clamav/clamav-milter.conf'
|
||||
option Foreground 'true'
|
||||
option PidFile '/var/run/clamav/clamav-milter.pid'
|
||||
option User 'nobody'
|
||||
option MilterSocketGroup 'nogroup'
|
||||
option AllowSupplementaryGroups 'true'
|
||||
option ReadTimeout '120'
|
||||
option OnClean 'Accept'
|
||||
option OnInfected 'Quarantine'
|
||||
option OnFail 'Defer'
|
||||
option AddHeader 'Replace'
|
||||
option LogVerbose 'true'
|
||||
option LogTime 'true'
|
||||
option LogSyslog 'true'
|
||||
option LogFacility 'LOG_LOCAL6'
|
||||
option LogInfected 'Full'
|
||||
option LogClean 'Basic'
|
||||
option MaxFileSize '25M'
|
||||
option SupportMultipleRecipients 'true'
|
||||
option RejectMsg 'Rejecting Harmful Email: %v found.'
|
||||
option TemporaryDirectory '/tmp'
|
||||
option MilterSocket 'unix:/var/run/clamav/clamav-milter.sock'
|
||||
option MilterSocketMode '666'
|
||||
option ClamdSocket 'tcp:127.0.0.1:3310'
|
||||
option FixStaleSocket 'true'
|
||||
100
net/clamav/files/clamav-milter.init
Normal file
100
net/clamav/files/clamav-milter.init
Normal file
|
|
@ -0,0 +1,100 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2015 OpenWrt.org
|
||||
|
||||
START=90
|
||||
STOP=10
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/clamav-milter
|
||||
CLAMAV_MILTER_CONFIGFILE="/tmp/clamav/clamav-milter.conf"
|
||||
|
||||
validate_clamav_milter_section() {
|
||||
uci_load_validate clamav-milter clamav_milter "$1" "$2" \
|
||||
'clamav_milter_config_file:string' \
|
||||
'Foreground:string' \
|
||||
'PidFile:string' \
|
||||
'User:string' \
|
||||
'MilterSocketGroup:string' \
|
||||
'AllowSupplementaryGroups:string' \
|
||||
'ReadTimeout:uinteger' \
|
||||
'OnClean:string' \
|
||||
'OnInfected:string' \
|
||||
'OnFail:string' \
|
||||
'AddHeader:string' \
|
||||
'LogVerbose:string' \
|
||||
'LogTime:string' \
|
||||
'LogSyslog:string' \
|
||||
'LogFacility:string' \
|
||||
'LogInfected:string' \
|
||||
'LogClean:string' \
|
||||
'MaxFileSize:string' \
|
||||
'SupportMultipleRecipients:string' \
|
||||
'RejectMsg:string' \
|
||||
'TemporaryDirectory:string' \
|
||||
'MilterSocket:string' \
|
||||
'MilterSocketMode:uinteger' \
|
||||
'ClamdSocket:string' \
|
||||
'FixStaleSocket:string'
|
||||
}
|
||||
|
||||
start_clamav_milter_instance() {
|
||||
[ "$2" = 0 ] || {
|
||||
echo "validation failed"
|
||||
return 1
|
||||
}
|
||||
|
||||
mkdir -p /etc/clamav/
|
||||
mkdir -p /var/run/clamav/
|
||||
chmod a+rw /var/run/clamav
|
||||
|
||||
mkdir -p "$(dirname $CLAMAV_MILTER_CONFIGFILE)"
|
||||
ln -sf "$clamav_milter_config_file" "$CLAMAV_MILTER_CONFIGFILE"
|
||||
|
||||
{
|
||||
echo "Foreground " "$Foreground"
|
||||
echo "PidFile " "$PidFile"
|
||||
echo "User " "$User"
|
||||
echo "MilterSocketGroup " "$MilterSocketGroup"
|
||||
echo "AllowSupplementaryGroups " "$AllowSupplementaryGroups"
|
||||
echo "ReadTimeout " "$ReadTimeout"
|
||||
echo "OnClean " "$OnClean"
|
||||
echo "OnInfected " "$OnInfected"
|
||||
echo "OnFail " "$OnFail"
|
||||
echo "AddHeader " "$AddHeader"
|
||||
echo "LogVerbose " "$LogVerbose"
|
||||
echo "LogTime " "$LogTime"
|
||||
echo "LogSyslog " "$LogSyslog"
|
||||
echo "LogFacility " "$LogFacility"
|
||||
echo "LogInfected " "$LogInfected"
|
||||
echo "LogClean " "$LogClean"
|
||||
echo "MaxFileSize " "$MaxFileSize"
|
||||
echo "SupportMultipleRecipients " "$SupportMultipleRecipients"
|
||||
echo "RejectMsg " "$RejectMsg"
|
||||
echo "TemporaryDirectory " "$TemporaryDirectory"
|
||||
echo "MilterSocket " "$MilterSocket"
|
||||
echo "MilterSocketMode " "$MilterSocketMode"
|
||||
echo "ClamdSocket " "$ClamdSocket"
|
||||
echo "FixStaleSocket " "$FixStaleSocket"
|
||||
} > "$CLAMAV_MILTER_CONFIGFILE"
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG -c $CLAMAV_MILTER_CONFIGFILE
|
||||
procd_set_param file $CLAMAV_MILTER_CONFIGFILE
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
start_service()
|
||||
{
|
||||
validate_clamav_milter_section clamav_milter start_clamav_milter_instance
|
||||
}
|
||||
|
||||
stop_service()
|
||||
{
|
||||
service_stop $PROG
|
||||
}
|
||||
|
||||
service_triggers()
|
||||
{
|
||||
procd_add_reload_trigger "clamav-milter"
|
||||
procd_add_validation validate_clamav_milter_section
|
||||
}
|
||||
|
|
@ -29,7 +29,9 @@ config clamav 'clamav'
|
|||
option AlertEncrypted 'yes'
|
||||
option MaxFileSize '10M'
|
||||
option TemporaryDirectory '/tmp'
|
||||
option LocalSocket '/var/run/clamav/clamd.sock'
|
||||
# option LocalSocket '/var/run/clamav/clamd.sock'
|
||||
option TCPAddr '127.0.0.1'
|
||||
option TCPSocket '3310'
|
||||
option User 'nobody'
|
||||
option ExitOnOOM 'yes'
|
||||
option DatabaseDirectory '/usr/share/clamav'
|
||||
|
|
|
|||
|
|
@ -41,6 +41,8 @@ validate_clamav_section() {
|
|||
'AlertEncrypted:string' \
|
||||
'MaxFileSize:string' \
|
||||
'LocalSocket:string' \
|
||||
'TCPSocket:port' \
|
||||
'TCPAddr:ipaddr' \
|
||||
'User:string' \
|
||||
'ExitOnOOM:string' \
|
||||
'DatabaseDirectory:string'
|
||||
|
|
@ -90,12 +92,20 @@ start_clamav_instance() {
|
|||
echo "TemporaryDirectory " "$TemporaryDirectory"
|
||||
echo "AlertEncrypted " "$AlertEncrypted"
|
||||
echo "MaxFileSize " "$MaxFileSize"
|
||||
echo "LocalSocket " "$LocalSocket"
|
||||
echo "User " "$User"
|
||||
echo "ExitOnOOM " "$ExitOnOOM"
|
||||
echo "DatabaseDirectory " "$DatabaseDirectory"
|
||||
} > "$CLAMD_CONFIGFILE"
|
||||
|
||||
if [ -n "$LocalSocket" ]; then
|
||||
echo "LocalSocket " "$LocalSocket" >>"$CLAMD_CONFIGFILE"
|
||||
fi
|
||||
|
||||
if [ -n "$TCPSocket" ]; then
|
||||
echo "TCPAddr" "$TCPAddr" >>"$CLAMD_CONFIGFILE"
|
||||
echo "TCPSocket " "$TCPSocket" >>"$CLAMD_CONFIGFILE"
|
||||
fi
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG -c $CLAMD_CONFIGFILE
|
||||
procd_set_param file $CLAMD_CONFIGFILE
|
||||
|
|
|
|||
Loading…
Reference in a new issue