[Mimedefang] Setting clamd timeouts.

Jan-Pieter Cornet johnpc at xs4all.nl
Wed Sep 26 18:05:55 EDT 2007 

On Wed, Sep 26, 2007 at 04:58:36PM -0400, David F. Skoll wrote:
> > That is really interesting that you say that, I just got done explaining
> > to another staff member that making mimedefang robust enough to handle
> > clamd brown outs without timing out every process would be the better
> > solution than kicking clamd because one makes mimedefang more robust and
> > the other is a hack to fix clamd.
> 
> Well, here's the thing.  Suppose MIMEDefang has a clamd timeout.
> What do you do in that case?
> 
> 1) Tempfail the mail?  Then what's the advantage over just using the
> normal MIMEDefang overall timeout (apart, possibly, from better logging)?

Freeing the slave sooner than the slave timeout.

> 2) Allow the mail through?  Ehmm... nope.

3) allow one of the other installed virus scanners to deal with it
   (that's what we do now anyway. Sans time-out, though).

4) quarantine the mail

5) reject or tempfail the mail based on, eg, reputation score of the IP

6) pass the mail with an "X-Virus-Scan: failed" header, provided the
   recipient is (eg) abuse@ or postmaster@

7) remove the offending attachment and replace it with a warning
   (I wouldn't recommend this one, but some AV producers love ripping
   apart suspicious email into harmless but annoying fragments).

8) whatever else anyone thinks of doing.

In short, I don't think MIMEDefang should choose for you. It's a
framework, allowing you to do anything you can code up during the
SMTP delivery. It shouldn't be artificially limited in how it deals
with misbehaving virus scanners.

Oh, by the way. Anyone can of course easily utilize that offered
flexibility and code the timeout themselves.

Instead of calling message_contains_virus(), you'd do something
like this (UNTESTED!)

  my($code, $category, $action);

  local $SIG{HUP} = sub { die "Timeout" };

  alarm($virus_scanning_timeout);
  eval {
      ($code, $category, $action) = message_contains_virus();
  };
  alarm(0);

  if ( $@ ) {
      if ( $@ =~ /Timeout/ ) {
          $category = "interrupted";
          $action   = "tempfail";
      }
      else {
          die;
      }
  }

(And, given this solution, I'd wait for the new and improved AV
interface that is supposed to appear in MD anytime soon :)

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!

More information about the MIMEDefang mailing list