Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[Micah Snyder (micasnyd)]

Very interesting Kris!


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 5, 2018, at 12:37 PM, Kris Deugau 
mailto:kdeu...@vianet.ca>> wrote:

Brent Clark wrote:
Good day Guys
I have setup two clamd servers.
On my Webservers, I need to stream a file to the clamd for scanning.
I would like to ask, how would I specify two TCPAddr.
If I specify just one, server, everything works ok.
Ive tried various options and google does not appears to be of assists.
How does one specify more than one server for scanning?
I would like to use this a poor mans "fail over", so that if one server is 
down, clamscan will move on to the next server.

We use Linux LVM load balancing to group "many" processing nodes (currently 
two, although we've had more on older hardware in the past) into one logical 
service.  You can then point your clamdscan (or clamav-milter) callers to the 
load-balanced IP.

-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[Brent Clark]

Good day

Thanks all for the the replies.
Much appreciated.

Regards
Brent

On 2018/11/05 17:19, Micah Snyder (micasnyd) wrote:

Hi Brent,

clamdscan and clamd share the same config file.  clamd uses it to set up 
the TCP socket to listen, and clamdscan uses it to know how to talk to 
clamd.  As a consequence, setting multiple TCPAddr's would make no sense 
to clamd as it will only open 1 socket to listen for connections.


I'd be interested to know if someone has come up with a hack for how to 
have clamdscan fail over to a secondary clamd instance - but I'm not 
aware of a way to do that.


I would bare in mind that if your'e using clamd on a machine remote from 
the clamdscan machine, the TCP connection is not encrypted at this time 
- meaning your file contents may be streamed in plaintext across your 
network.  If you need to do this, consider setting up a SSH tunnel to 
facilitate an encrypted connection.


Regards,
Micah


On Nov 5, 2018, at 7:48 AM, Brent Clark > wrote:


Good day Guys

I have setup two clamd servers.

On my Webservers, I need to stream a file to the clamd for scanning.

I would like to ask, how would I specify two TCPAddr.

If I specify just one, server, everything works ok.
Ive tried various options and google does not appears to be of assists.

How does one specify more than one server for scanning?

I would like to use this a poor mans "fail over", so that if one 
server is down, clamscan will move on to the next server.


Thanks in advance.

Regards
Brent






___
clamav-users mailing list
clamav-users@lists.clamav.net 
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[Henrik K]

On Mon, Nov 05, 2018 at 03:19:44PM +, Micah Snyder (micasnyd) wrote:
>
> I'd be interested to know if someone has come up with a hack for how to have
> clamdscan fail over to a secondary clamd instance - but I'm not aware of a way
> to do that.  

It's called "writing your own clamdscan".  Connect socket and stream, not
rocket science.  No different than needing to write our own custom clamd,
since after all these years official STILL can't do a basic job of reloading
signatures without hanging the process.  :-D

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[Kris Deugau]

Brent Clark wrote:

Good day Guys

I have setup two clamd servers.

On my Webservers, I need to stream a file to the clamd for scanning.

I would like to ask, how would I specify two TCPAddr.

If I specify just one, server, everything works ok.
Ive tried various options and google does not appears to be of assists.

How does one specify more than one server for scanning?

I would like to use this a poor mans "fail over", so that if one server 
is down, clamscan will move on to the next server.


We use Linux LVM load balancing to group "many" processing nodes 
(currently two, although we've had more on older hardware in the past) 
into one logical service.  You can then point your clamdscan (or 
clamav-milter) callers to the load-balanced IP.


-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[G.W. Haywood]

Hi there,

On Mon, 5 Nov 2018, Micah Snyder wrote:
On Nov 5, 2018, at 7:48 AM, Brent Clark wrote:


> How does one specify more than one server for scanning?

I'd be interested to know if someone has come up with a hack for how
to have clamdscan fail over to a secondary clamd instance - but I'm
not aware of a way to do that.


You'd need to modify the existing clamav-milter, which might be quite
an undertaking if you're not familiar with milters, or perhaps write a
separate milter.  I've written a milter which could easily be modified
to do this.  I call it 'eXtensible-Milter', XM.  At present it doesn't
call clamd at all - clamav-milter does that here.  Until now I've had
no particular reason to replace clamav-milter although XM has replaced
half a dozen other milters which were giving me assorted troubles, and
now I use only the two.

The idea of the possibility of a 'clamd farm' is intriguing.  If you'd
be interested I can think about adding such functionality to XM.

Hmmm.  On reflection, 'easily' might have been an overstatement but at
worst in principle it's easy and it's very doable. :)

XM is written in pure Perl, and at the moment it has only ever been
used with Sendmail.  It hasn't been published.

--

73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Specify more servers for clamdscan to pass for scanning

[Micah Snyder (micasnyd)]

Hi Brent,

clamdscan and clamd share the same config file.  clamd uses it to set up the 
TCP socket to listen, and clamdscan uses it to know how to talk to clamd.  As a 
consequence, setting multiple TCPAddr's would make no sense to clamd as it will 
only open 1 socket to listen for connections.

I'd be interested to know if someone has come up with a hack for how to have 
clamdscan fail over to a secondary clamd instance - but I'm not aware of a way 
to do that.

I would bare in mind that if your'e using clamd on a machine remote from the 
clamdscan machine, the TCP connection is not encrypted at this time - meaning 
your file contents may be streamed in plaintext across your network.  If you 
need to do this, consider setting up a SSH tunnel to facilitate an encrypted 
connection.

Regards,
Micah


On Nov 5, 2018, at 7:48 AM, Brent Clark 
mailto:brentgclarkl...@gmail.com>> wrote:

Good day Guys

I have setup two clamd servers.

On my Webservers, I need to stream a file to the clamd for scanning.

I would like to ask, how would I specify two TCPAddr.

If I specify just one, server, everything works ok.
Ive tried various options and google does not appears to be of assists.

How does one specify more than one server for scanning?

I would like to use this a poor mans "fail over", so that if one server is 
down, clamscan will move on to the next server.

Thanks in advance.

Regards
Brent






___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Specify more servers for clamdscan to pass for scanning

[Brent Clark]

Good day Guys

I have setup two clamd servers.

On my Webservers, I need to stream a file to the clamd for scanning.

I would like to ask, how would I specify two TCPAddr.

If I specify just one, server, everything works ok.
Ive tried various options and google does not appears to be of assists.

How does one specify more than one server for scanning?

I would like to use this a poor mans "fail over", so that if one server 
is down, clamscan will move on to the next server.


Thanks in advance.

Regards
Brent






___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml