Browse Source

clamav: allow configuration to use TCP socket

Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."

Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.

I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.

This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
lilik-openwrt-22.03
W. Michael Petullo 4 years ago
parent
commit
54016ddaf4
5 changed files with 144 additions and 3 deletions
  1. +4
    -1
      net/clamav/Makefile
  2. +26
    -0
      net/clamav/files/clamav-milter.config
  3. +100
    -0
      net/clamav/files/clamav-milter.init
  4. +3
    -1
      net/clamav/files/clamav.config
  5. +11
    -1
      net/clamav/files/clamav.init

+ 4
- 1
net/clamav/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=clamav
PKG_VERSION:=0.102.4
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
@ -88,6 +88,7 @@ TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed $(if $(CONFIG_USE_MUSL),-lfts)
define Package/clamav/conffiles
/etc/config/clamav
/etc/config/clamav-milter
endef
define Package/clamav/install
@ -106,9 +107,11 @@ define Package/clamav/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/clamav.config $(1)/etc/config/clamav
$(INSTALL_CONF) ./files/clamav-milter.config $(1)/etc/config/clamav-milter
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/clamav.init $(1)/etc/init.d/clamav
$(INSTALL_BIN) ./files/clamav-milter.init $(1)/etc/init.d/clamav-milter
$(INSTALL_DIR) $(1)/usr/share/clamav
$(CP) ./files/bytecode.cvd $(1)/usr/share/clamav/


+ 26
- 0
net/clamav/files/clamav-milter.config View File

@ -0,0 +1,26 @@
config clamav-milter 'clamav-milter'
option clamav_milter_config_file '/etc/clamav/clamav-milter.conf'
option Foreground 'true'
option PidFile '/var/run/clamav/clamav-milter.pid'
option User 'nobody'
option MilterSocketGroup 'nogroup'
option AllowSupplementaryGroups 'true'
option ReadTimeout '120'
option OnClean 'Accept'
option OnInfected 'Quarantine'
option OnFail 'Defer'
option AddHeader 'Replace'
option LogVerbose 'true'
option LogTime 'true'
option LogSyslog 'true'
option LogFacility 'LOG_LOCAL6'
option LogInfected 'Full'
option LogClean 'Basic'
option MaxFileSize '25M'
option SupportMultipleRecipients 'true'
option RejectMsg 'Rejecting Harmful Email: %v found.'
option TemporaryDirectory '/tmp'
option MilterSocket 'unix:/var/run/clamav/clamav-milter.sock'
option MilterSocketMode '666'
option ClamdSocket 'tcp:127.0.0.1:3310'
option FixStaleSocket 'true'

+ 100
- 0
net/clamav/files/clamav-milter.init View File

@ -0,0 +1,100 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org
START=90
STOP=10
USE_PROCD=1
PROG=/usr/sbin/clamav-milter
CLAMAV_MILTER_CONFIGFILE="/tmp/clamav/clamav-milter.conf"
validate_clamav_milter_section() {
uci_load_validate clamav-milter clamav_milter "$1" "$2" \
'clamav_milter_config_file:string' \
'Foreground:string' \
'PidFile:string' \
'User:string' \
'MilterSocketGroup:string' \
'AllowSupplementaryGroups:string' \
'ReadTimeout:uinteger' \
'OnClean:string' \
'OnInfected:string' \
'OnFail:string' \
'AddHeader:string' \
'LogVerbose:string' \
'LogTime:string' \
'LogSyslog:string' \
'LogFacility:string' \
'LogInfected:string' \
'LogClean:string' \
'MaxFileSize:string' \
'SupportMultipleRecipients:string' \
'RejectMsg:string' \
'TemporaryDirectory:string' \
'MilterSocket:string' \
'MilterSocketMode:uinteger' \
'ClamdSocket:string' \
'FixStaleSocket:string'
}
start_clamav_milter_instance() {
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
mkdir -p /etc/clamav/
mkdir -p /var/run/clamav/
chmod a+rw /var/run/clamav
mkdir -p "$(dirname $CLAMAV_MILTER_CONFIGFILE)"
ln -sf "$clamav_milter_config_file" "$CLAMAV_MILTER_CONFIGFILE"
{
echo "Foreground " "$Foreground"
echo "PidFile " "$PidFile"
echo "User " "$User"
echo "MilterSocketGroup " "$MilterSocketGroup"
echo "AllowSupplementaryGroups " "$AllowSupplementaryGroups"
echo "ReadTimeout " "$ReadTimeout"
echo "OnClean " "$OnClean"
echo "OnInfected " "$OnInfected"
echo "OnFail " "$OnFail"
echo "AddHeader " "$AddHeader"
echo "LogVerbose " "$LogVerbose"
echo "LogTime " "$LogTime"
echo "LogSyslog " "$LogSyslog"
echo "LogFacility " "$LogFacility"
echo "LogInfected " "$LogInfected"
echo "LogClean " "$LogClean"
echo "MaxFileSize " "$MaxFileSize"
echo "SupportMultipleRecipients " "$SupportMultipleRecipients"
echo "RejectMsg " "$RejectMsg"
echo "TemporaryDirectory " "$TemporaryDirectory"
echo "MilterSocket " "$MilterSocket"
echo "MilterSocketMode " "$MilterSocketMode"
echo "ClamdSocket " "$ClamdSocket"
echo "FixStaleSocket " "$FixStaleSocket"
} > "$CLAMAV_MILTER_CONFIGFILE"
procd_open_instance
procd_set_param command $PROG -c $CLAMAV_MILTER_CONFIGFILE
procd_set_param file $CLAMAV_MILTER_CONFIGFILE
procd_close_instance
}
start_service()
{
validate_clamav_milter_section clamav_milter start_clamav_milter_instance
}
stop_service()
{
service_stop $PROG
}
service_triggers()
{
procd_add_reload_trigger "clamav-milter"
procd_add_validation validate_clamav_milter_section
}

+ 3
- 1
net/clamav/files/clamav.config View File

@ -29,7 +29,9 @@ config clamav 'clamav'
option AlertEncrypted 'yes'
option MaxFileSize '10M'
option TemporaryDirectory '/tmp'
option LocalSocket '/var/run/clamav/clamd.sock'
# option LocalSocket '/var/run/clamav/clamd.sock'
option TCPAddr '127.0.0.1'
option TCPSocket '3310'
option User 'nobody'
option ExitOnOOM 'yes'
option DatabaseDirectory '/usr/share/clamav'

+ 11
- 1
net/clamav/files/clamav.init View File

@ -41,6 +41,8 @@ validate_clamav_section() {
'AlertEncrypted:string' \
'MaxFileSize:string' \
'LocalSocket:string' \
'TCPSocket:port' \
'TCPAddr:ipaddr' \
'User:string' \
'ExitOnOOM:string' \
'DatabaseDirectory:string'
@ -90,12 +92,20 @@ start_clamav_instance() {
echo "TemporaryDirectory " "$TemporaryDirectory"
echo "AlertEncrypted " "$AlertEncrypted"
echo "MaxFileSize " "$MaxFileSize"
echo "LocalSocket " "$LocalSocket"
echo "User " "$User"
echo "ExitOnOOM " "$ExitOnOOM"
echo "DatabaseDirectory " "$DatabaseDirectory"
} > "$CLAMD_CONFIGFILE"
if [ -n "$LocalSocket" ]; then
echo "LocalSocket " "$LocalSocket" >>"$CLAMD_CONFIGFILE"
fi
if [ -n "$TCPSocket" ]; then
echo "TCPAddr" "$TCPAddr" >>"$CLAMD_CONFIGFILE"
echo "TCPSocket " "$TCPSocket" >>"$CLAMD_CONFIGFILE"
fi
procd_open_instance
procd_set_param command $PROG -c $CLAMD_CONFIGFILE
procd_set_param file $CLAMD_CONFIGFILE


Loading…
Cancel
Save