For many years now (well before Cisco's involvement) I have been scanning email just before delivery by Postfix using procmail (not a Milter). Up until now, I have been running ClamAV on the same computer as Postfix, and scanning using clamdscan to stream (not fdpass) the mail contents to clamd. (I do this using clamscan-procfilter.pl, originally developed by A G Basile in 2004 and modified by me in 2007 and 2017.)
Unfortunately, ClamAV has changed so much from 0.103.x to 1.0.9 (not to mention 1.4.3 and 1.5.0) that I can't currently run ClamAV in the same OS environment as Postfix. But I can't afford to have no email during the time that would be needed to upgrade the OS, Dovecot, Postfix, Samba, etc. and test everything on my current server. Nor can I afford to buy another computer with similar power and storage (including software RAID0 and redundant backup disks), set it up with new software versions, fully test everything and then cut over almost atomically (as if that would immediately work without problems). So, what I am doing is setting up ClamAV on a small (but powerful) computer and running clamd on it so as to receive the mail contents to be scanned via a TCP port. (This might not be practical for a commercial email service, but the email volume associated with home use is pretty small.) The problem I run into is that, although clamd.conf allows one to specify a port number and even an an IP address for clamd to bind to, there seems to be no way -- such as a command-line option -- to specify what IP address clamdscan should talk to. (This makes the clamd binding address almost irrelevant, I think.) The only thing I can think of, other than modifying clamdscan's internals (a possibly risky business), is to replace the regular clamd on the Postfix computer by a trivial mechanism that simply listens on localhost:3310 (for example) and forwards the TCP (via netcat or xinetd) to the ClamAV computer running the real clamd which listens on 10.23.45.67:3310 (for example). Might there be a better way to do this? (I briefly thought of setting up a VM or a "container" on the current server running Postfix et al, and running the latest ClamAV therein, but that would still require a quite disruptive upgrade of the software environment.) Thanks Paul Kosinski _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
