You are viewing a plain text version of this content. The canonical link for it is here.
Posted to site-dev@james.apache.org by si...@james.apache.org on 2005/02/24 19:11:05 UTC
[Apache James Wiki] New: ClamAVScan
Date: 2005-02-24T10:11:04
Editor: VincenzoGianferrari
Wiki: Apache James Wiki
Page: ClamAVScan
URL: http://wiki.apache.org/james/ClamAVScan
no comment
New Page:
= ClamAVScan - antivirus scan mailet using ClamAV's CLAMD daemon =
'''''ClamAVScan''''' does an antivirus scan check using the '''ClamAV''' daemon '''CLAMD''' (see http://www.clamav.net/).
It interacts directly with the daemon using the "stream" method, which should have the lowest possible overhead. I've done tests getting less than 2.5 seconds of CPU per megabyte scanned on a 1.5 GHz CPU.
The CLAMD daemon will typically reside on ''localhost'', but could reside on a different host.
It may also consist on a set of multiple daemons, each residing on a different server and on different IP number. In such case a DNS host name with multiple IP adresses (round-robin load sharing) is supported by the mailet (but on the same port number).
ClamAV runs on Linux, but there are ports to other OS too. I have ClamAVScan working on Windows XP and 2k using ''ClamAV For Windows'' (see http://www.sosdg.org/clamav-win32)
= Initialization parameters =
The init parameters are as follows:
* '''<debug>'''.
* '''<host>''': the host name of the server where CLAMD runs. It can either be a machine name, such as "java.sun.com", or a textual representation of its IP address. If a literal IP address is supplied, only the validity of the address format is checked. If the machine name resolves to multiple IP addresses, ''round-robin load sharing'' will be used. The default is ''localhost''.
* '''<port>''': the port on which CLAMD listens. The default is ''3310''.
* '''<maxPings>''': the maximum number of connection retries during startup. If the value is ''0'' no startup test will be done. The default is ''6''.
* '''<pingIntervalMilli>''': the interval between each connection retry during startup. The default is ''30000'' (30 seconds).
* '''<streamBufferSize>''': the BufferedOutputStream buffer size to use when writing to the ''stream connection''. The default is ''8192''.
= Behaviour =
The actions performed are as follows:
* During initialization:
1. Gets all config.xml parameters, handling the defaults;
1. resolves the <host> parameter, creating the round-robin IP list;
1. connects to CLAMD at the first IP in the round-robin list, on the specified <port>;
1. if unsuccessful, retries every <pingIntervalMilli> milliseconds up to maxPings> times;
1. sends a "PING" request;
1. waits for a "PONG" answer;
1. repeats steps 3-6 for every other IP resolved.
* For every mail
1. connects to CLAMD at the "next" IP in the round-robin list, on the specified <port>, and increments the "next" index; if the connection request is not accepted, tries with the next one in the list unless all of them have failed;
1. sends a "STREAM" request;
1. parses the "PORT ''streamPort''" answer obtaining the port number;
1. makes a second connection (the ''stream connection'') to CLAMD at the same host (or IP) on the ''streamPort'' just obtained;
1. sends the MimeMessage to CLAMD (using MimeMessage#writeTo(OutputStream)) through the ''stream connection'';
1. closes the ''stream connection'';
1. gets the "OK" or "... FOUND" answer from the main connection;
1. closes the main connection;
1. sets the "org.apache.james.infected" ''mail attribute'' to either "true" or "false";
1. adds the "X-MessageIsInfected" ''header'' to either "true" or "false", depending on the results of the scan.
= ClamAV configuration notes =
The following parameters are required in '''clamav.conf''':
* '''LocalSocket''' must be commented out
* '''TCPSocket''' must be set to a port# (typically 3310)
* '''StreamMaxLength''' must be >= the James config.xml parameter <maxmessagesize> in SMTP <handler>
* '''MaxThreads''' should? be >= the James config.xml parameter <threads> in <spoolmanager>
* '''ScanMail''' must be uncommented
= A James config.xml example =
Here follows an example of '''config.xml''' definitions deploying CLAMD on localhost, and handling the infected messages:
{{{
...
<mailet match="All" class="ClamAVScan" onMailetException="ignore"/>
<!-- If infected go to virus processor -->
<mailet match="HasMailAttributeWithValue=org.apache.james.infected, true" class="ToProcessor">
<processor> virus </processor>
</mailet>
...
<!-- Messages containing viruses -->
<processor name="virus">
<!-- To avoid a loop while bouncing -->
<mailet match="All" class="SetMailAttribute">
<org.apache.james.infected>true, bouncing</org.apache.james.infected>
</mailet>
<mailet match="SMTPAuthSuccessful" class="Bounce">
<sender>bounce-admin@xxx.com</sender>
<inline>heads</inline>
<attachment>none</attachment>
<notice>Warning: We were unable to deliver the message below because it was found infected by virus(es).</notice>
</mailet>
<!--
<mailet match="All" class="ToRepository">
<repositoryPath>file://var/mail/infected/</repositoryPath>
</mailet>
-->
<mailet match="All" class="Null"/>
</processor>
...
}}}