[Mimedefang] Timeouts and message_contains_virus
Jan-Pieter Cornet
johnpc at xs4all.net
Tue Jan 26 09:08:16 EST 2010
Op 26 jan 2010, om 10:47 heeft Petra Humann het volgende geschreven:
> I'm using message_contains_virus_sophie for virus checking.
> Sometimes (rarely) the sophie daemon dies, but the socket file
> persists.
> Because of this mimedefang-filter can't get results from the
> subroutine
> and the mail server is temp failing any mail.
>
>> ... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): timeout
>> before data read, where=body
>> ... sm-mta[15124]: o0PFjX0p015124: Milter (mimedefang): to error
>> state
>> ... sm-mta[15124]: o0PFjX0p015124: Milter: data, reject=451 4.3.2
>> Please try again later
>
> Is it possible to set a timeout value for getting the result
> of virus scanning in message_contains_virus_sophie?
On a .pdf attachment maybe? We had the same issue over a year ago,
reported to sophos, never really heard back that it's fixed, but newer
versions of the engine could suddenly process the sample file I
collected.
We quick-fixed it by skipping sohos scanning entirely for certain
senders (based on a hardcoded "%skip_sophos = ..." in the code, even.
It was quite rare.) Since that still scanned the message on the two
other scanners, I wasn't too worried about viruses getting through.
It is possible to use a timeout, but it requires patching
mimedefang.pl. In "sub entity_contains_virus_sophie" and "sub
message_contains_virus_sophie" there is a call:
$sock->sysread($output,256)
That blocks until something is received. If you replace that with a
function that reads a socket with a timeout, you're done. Eg:
read_with_timeout($sock, $output, 256, timeout => 60);
Then you still have to implement read_with_timeout:
# note: completely untested. Debugging is left as an excersize for the
reader...
sub read_with_timeout {
my ($sock, $buf, $len, %opts) = @_;
IO::Select->new($sock)->can_read( $opts{timeout} || 0)
or return undef;
return $sock->sysread($buf, $len);
}
That should do it. No guarantees, if it breaks, you get to keep both
pieces, YMMV, etc.
--
Jan-Pieter Cornet <johnpc at xs4all.net>
Systeembeheer XS4ALL Internet bv
Internet: www.xs4all.nl
Contact: www.xs4all.nl/contact
More information about the MIMEDefang
mailing list