projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f95f280)
clamav: allow configuration to use TCP socket
authorW. Michael Petullo <mike@flyn.org>
Fri, 8 Jan 2021 19:33:34 +0000 (13:33 -0600)
committerW. Michael Petullo <mike@flyn.org>
Sun, 10 Jan 2021 00:29:46 +0000 (18:29 -0600)
Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."

Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.

I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.

This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
net/clamav/Makefile patch | blob | history
net/clamav/files/clamav-milter.config [new file with mode: 0644] patch | blob
net/clamav/files/clamav-milter.init [new file with mode: 0644] patch | blob
net/clamav/files/clamav.config patch | blob | history
net/clamav/files/clamav.init patch | blob | history

diff --git a/net/clamav/Makefile b/net/clamav/Makefile
index 3fb870d06f2c664e4df1fb70b35240e4098db8be..abbb9d374580c7934d299180e1c31e491eccf317 100644 (file)
--- a/net/clamav/Makefile
+++ b/net/clamav/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=clamav
 PKG_VERSION:=0.102.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
@@ -88,6 +88,7 @@ TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed $(if $(CONFIG_USE_MUSL),-lfts)
 
 define Package/clamav/conffiles
 /etc/config/clamav
+/etc/config/clamav-milter
 endef
 
 define Package/clamav/install
@@ -106,9 +107,11 @@ define Package/clamav/install
 
        $(INSTALL_DIR) $(1)/etc/config
        $(INSTALL_CONF) ./files/clamav.config $(1)/etc/config/clamav
+       $(INSTALL_CONF) ./files/clamav-milter.config $(1)/etc/config/clamav-milter
 
        $(INSTALL_DIR) $(1)/etc/init.d/
        $(INSTALL_BIN) ./files/clamav.init $(1)/etc/init.d/clamav
+       $(INSTALL_BIN) ./files/clamav-milter.init $(1)/etc/init.d/clamav-milter
 
        $(INSTALL_DIR) $(1)/usr/share/clamav
        $(CP) ./files/bytecode.cvd $(1)/usr/share/clamav/
diff --git a/net/clamav/files/clamav-milter.config b/net/clamav/files/clamav-milter.config
new file mode 100644 (file)
index 0000000..2598f26
--- /dev/null
+++ b/net/clamav/files/clamav-milter.config
@@ -0,0 +1,26 @@
+config clamav-milter 'clamav-milter'
+       option clamav_milter_config_file '/etc/clamav/clamav-milter.conf'
+       option Foreground 'true'
+       option PidFile '/var/run/clamav/clamav-milter.pid'
+       option User 'nobody'
+       option MilterSocketGroup 'nogroup'
+       option AllowSupplementaryGroups 'true'
+       option ReadTimeout '120'
+       option OnClean 'Accept'
+       option OnInfected 'Quarantine'
+       option OnFail 'Defer'
+       option AddHeader 'Replace'
+       option LogVerbose 'true'
+       option LogTime 'true'
+       option LogSyslog 'true'
+       option LogFacility 'LOG_LOCAL6'
+       option LogInfected 'Full'
+       option LogClean 'Basic'
+       option MaxFileSize '25M'
+       option SupportMultipleRecipients 'true'
+       option RejectMsg 'Rejecting Harmful Email: %v found.'
+       option TemporaryDirectory '/tmp'
+       option MilterSocket 'unix:/var/run/clamav/clamav-milter.sock'
+       option MilterSocketMode '666'
+       option ClamdSocket 'tcp:127.0.0.1:3310'
+       option FixStaleSocket 'true'
diff --git a/net/clamav/files/clamav-milter.init b/net/clamav/files/clamav-milter.init
new file mode 100644 (file)
index 0000000..a4a0fde
--- /dev/null
+++ b/net/clamav/files/clamav-milter.init
@@ -0,0 +1,100 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/clamav-milter
+CLAMAV_MILTER_CONFIGFILE="/tmp/clamav/clamav-milter.conf"
+
+validate_clamav_milter_section() {
+       uci_load_validate clamav-milter clamav_milter "$1" "$2" \
+               'clamav_milter_config_file:string' \
+               'Foreground:string' \
+               'PidFile:string' \
+               'User:string' \
+               'MilterSocketGroup:string' \
+               'AllowSupplementaryGroups:string' \
+               'ReadTimeout:uinteger' \
+               'OnClean:string' \
+               'OnInfected:string' \
+               'OnFail:string' \
+               'AddHeader:string' \
+               'LogVerbose:string' \
+               'LogTime:string' \
+               'LogSyslog:string' \
+               'LogFacility:string' \
+               'LogInfected:string' \
+               'LogClean:string' \
+               'MaxFileSize:string' \
+               'SupportMultipleRecipients:string' \
+               'RejectMsg:string' \
+               'TemporaryDirectory:string' \
+               'MilterSocket:string' \
+               'MilterSocketMode:uinteger' \
+               'ClamdSocket:string' \
+               'FixStaleSocket:string'
+}
+
+start_clamav_milter_instance() {
+       [ "$2" = 0 ] || {
+               echo "validation failed"
+               return 1
+       }
+
+       mkdir -p /etc/clamav/
+       mkdir -p /var/run/clamav/
+       chmod a+rw /var/run/clamav
+
+       mkdir -p "$(dirname $CLAMAV_MILTER_CONFIGFILE)"
+       ln -sf "$clamav_milter_config_file" "$CLAMAV_MILTER_CONFIGFILE"
+
+       {
+       echo "Foreground " "$Foreground"
+       echo "PidFile " "$PidFile"
+       echo "User " "$User"
+       echo "MilterSocketGroup " "$MilterSocketGroup"
+       echo "AllowSupplementaryGroups " "$AllowSupplementaryGroups"
+       echo "ReadTimeout " "$ReadTimeout"
+       echo "OnClean " "$OnClean"
+       echo "OnInfected " "$OnInfected"
+       echo "OnFail " "$OnFail"
+       echo "AddHeader " "$AddHeader"
+       echo "LogVerbose " "$LogVerbose"
+       echo "LogTime " "$LogTime"
+       echo "LogSyslog " "$LogSyslog"
+       echo "LogFacility " "$LogFacility"
+       echo "LogInfected " "$LogInfected"
+       echo "LogClean " "$LogClean"
+       echo "MaxFileSize " "$MaxFileSize"
+       echo "SupportMultipleRecipients " "$SupportMultipleRecipients"
+       echo "RejectMsg " "$RejectMsg"
+       echo "TemporaryDirectory " "$TemporaryDirectory"
+       echo "MilterSocket " "$MilterSocket"
+       echo "MilterSocketMode " "$MilterSocketMode"
+       echo "ClamdSocket " "$ClamdSocket"
+       echo "FixStaleSocket " "$FixStaleSocket"
+       } > "$CLAMAV_MILTER_CONFIGFILE"
+
+       procd_open_instance
+       procd_set_param command $PROG -c $CLAMAV_MILTER_CONFIGFILE
+       procd_set_param file $CLAMAV_MILTER_CONFIGFILE
+       procd_close_instance
+}
+
+start_service()
+{
+       validate_clamav_milter_section clamav_milter start_clamav_milter_instance
+}
+
+stop_service()
+{
+       service_stop $PROG
+}
+
+service_triggers()
+{
+       procd_add_reload_trigger "clamav-milter"
+       procd_add_validation validate_clamav_milter_section
+}
diff --git a/net/clamav/files/clamav.config b/net/clamav/files/clamav.config
index 9f945e3b90127bb47cc51b745094ef5d95617f6d..bdd5550336c6e2856b38fc798b7434d824d6dcf2 100644 (file)
--- a/net/clamav/files/clamav.config
+++ b/net/clamav/files/clamav.config
@@ -29,7 +29,9 @@ config clamav 'clamav'
        option AlertEncrypted 'yes'
        option MaxFileSize '10M'
        option TemporaryDirectory '/tmp'
-       option LocalSocket '/var/run/clamav/clamd.sock'
+       # option LocalSocket '/var/run/clamav/clamd.sock'
+       option TCPAddr '127.0.0.1'
+       option TCPSocket '3310'
        option User 'nobody'
        option ExitOnOOM 'yes'
        option DatabaseDirectory '/usr/share/clamav'
diff --git a/net/clamav/files/clamav.init b/net/clamav/files/clamav.init
index e06dfa60c82aad68658ce2d8905f6534e2d27131..ca093cdff08260998df9d584769a934e1d16a856 100644 (file)
--- a/net/clamav/files/clamav.init
+++ b/net/clamav/files/clamav.init
@@ -41,6 +41,8 @@ validate_clamav_section() {
                'AlertEncrypted:string' \
                'MaxFileSize:string' \
                'LocalSocket:string' \
+               'TCPSocket:port' \
+               'TCPAddr:ipaddr' \
                'User:string' \
                'ExitOnOOM:string' \
                'DatabaseDirectory:string'
@@ -90,12 +92,20 @@ start_clamav_instance() {
        echo "TemporaryDirectory " "$TemporaryDirectory"
        echo "AlertEncrypted " "$AlertEncrypted"
        echo "MaxFileSize " "$MaxFileSize"
-       echo "LocalSocket " "$LocalSocket"
        echo "User " "$User"
        echo "ExitOnOOM " "$ExitOnOOM"
        echo "DatabaseDirectory " "$DatabaseDirectory"
        } > "$CLAMD_CONFIGFILE"
 
+       if [ -n "$LocalSocket" ]; then
+               echo "LocalSocket " "$LocalSocket" >>"$CLAMD_CONFIGFILE"
+       fi
+
+       if [ -n "$TCPSocket" ]; then
+               echo "TCPAddr" "$TCPAddr" >>"$CLAMD_CONFIGFILE"
+               echo "TCPSocket " "$TCPSocket" >>"$CLAMD_CONFIGFILE"
+       fi
+
        procd_open_instance
        procd_set_param command $PROG -c $CLAMD_CONFIGFILE
        procd_set_param file $CLAMD_CONFIGFILE
Mirror of packages feed