[Mimedefang] Timeouts and message_contains_virus

Jan-Pieter Cornet johnpc at xs4all.net
Tue Jan 26 09:08:16 EST 2010


Op 26 jan 2010, om 10:47 heeft Petra Humann het volgende geschreven:
> I'm using message_contains_virus_sophie for virus checking.
> Sometimes (rarely) the sophie daemon dies, but the socket file  
> persists.
> Because of this mimedefang-filter can't get results from the  
> subroutine
> and the mail server is temp failing any mail.
>
>> ... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): timeout  
>> before data read, where=body
>> ... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): to error  
>> state
>> ... sm-mta[15124]: o0PFjX0p015124: Milter: data, reject=451 4.3.2  
>> Please try again later
>
> Is it possible to set a timeout value for getting the result
> of virus scanning in message_contains_virus_sophie?


On a .pdf attachment maybe? We had the same issue over a year ago,  
reported to sophos, never really heard back that it's fixed, but newer  
versions of the engine could suddenly process the sample file I  
collected.

We quick-fixed it by skipping sohos scanning entirely for certain  
senders (based on a hardcoded "%skip_sophos = ..." in the code, even.  
It was quite rare.) Since that still scanned the message on the two  
other scanners, I wasn't too worried about viruses getting through.

It is possible to use a timeout, but it requires patching  
mimedefang.pl. In "sub entity_contains_virus_sophie" and "sub  
message_contains_virus_sophie" there is a call:
	$sock->sysread($output,256)

That blocks until something is received. If you replace that with a  
function that reads a socket with a timeout, you're done. Eg:
         read_with_timeout($sock, $output, 256, timeout => 60);

Then you still have to implement read_with_timeout:

# note: completely untested. Debugging is left as an excersize for the  
reader...
sub read_with_timeout {
     my ($sock, $buf, $len, %opts) = @_;
     IO::Select->new($sock)->can_read( $opts{timeout} || 0)
         or return undef;
     return $sock->sysread($buf, $len);
}

That should do it. No guarantees, if it breaks, you get to keep both  
pieces, YMMV, etc.

-- 
Jan-Pieter Cornet <johnpc at xs4all.net>
Systeembeheer XS4ALL Internet bv
Internet: www.xs4all.nl
Contact: www.xs4all.nl/contact




More information about the MIMEDefang mailing list