[Mimedefang] Connecting Clamd via inet socket?
Bill Cole
mdlist-20140424 at billmail.scconsult.com
Fri Dec 2 13:22:09 EST 2016
On 2 Dec 2016, at 12:01, Dianne Skoll wrote:
> On Fri, 2 Dec 2016 16:57:32 +0100
> Benoit Panizzon <benoit.panizzon at imp.ch> wrote:
>
>> Does anyone know, if it's possible to use
>> ClamdSock = "host:port";
>> in MIMEDefang?
>
> No; the built-in code uses IO::Socket::UNIX and can only scan local
> files. You need to write your own wrapper code if you want to
> stream files to another host.
Note that this is pretty easy if you have the 'socat' software
installed. You could run something like this out of init (or whatever
replacement for init your system uses):
socat UNIX-LISTEN:/var/run/fakeclamd.sock,mode=777,fork
TCP:<clamdhost>:<clamdport>
Note that this provides no on-the-wire security but in its favor, only
needs a persistent socat process on the client side. By using an OPENSSL
socket type instead of TCP and a mirror image socat process on the
server side (i.e. have socat instead of clamd listening on the network
interface, talking to the clamd socket) you could secure the conversion.
See the socat man page for more information.
More information about the MIMEDefang
mailing list