Stephen Gran wrote:
Hello all,
I'm working on restructuring an ISP's mail servers, and as part of it,
we're setting up some load sharing measures. One of them is shifting
clamav off of the actual mail servers, and running clamav-milter with
the --server option to connect to a remote clamd. The problem we found
was that the actual data processing doesn't happen on the origial
connection port (3310 in this case).
You're right, clamd's TCP protocol behaves like ftp when it comes to
file transfers.
A little poking around showed that clamd is sending back a port number
for the actual data exchange to happen on, and then shifting over to the
new port. At least that's what it looks like from a quick read of
scanner.c. So this breaks simple iptables rules, and I'm looking for
something better.
There was some rumor last year that a new network protocol should/would
be implemented, but it's not ready yet (I guess due to lack of time).
I'm assuming this is much like the model of ftp transfers, where it
resumes the connection on a different port, and since somebody has
managed to work out how to track ftp connections in iptables, I'm hoping
there must be some firewall model for this as well. Anybody have any
pointers?
From a user's pov: no. As a developer I can say that it _should_ be a
not too difficult task to build an iptables protocol helper module
(taking the ftp module as starting base).
Sorry,
Thomas
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
