On Tue, 25 Oct 2022, Jeremy Harris via Exim-users wrote:
On 25/10/2022 09:10, Cyborg via Exim-users wrote:
2022-10-25 07:36:45 1onCcF-002IAu-0b malware acl condition: clamd :
unable to send file body to socket (83.x.x.x): Broken pipe
That "broken pipe" is from the "malware" ACL condition code sending
the mail message data to clamd via a TCP connection. Clamd closed
the connection.
If your clamd is on the same system as your exim, you could use
a Unix-domain connection, or annotate the TCP conn spec as being local;
then only the filename for the message need be passed
Assuming that the clam daemon has permission to read the file.
If not perhaps passing the file-handle (as in "clamdscan --fdpass"
- which requires a unix socket), rather than the file-name,
may be an option.
rather than
the whole content, which might be more efficient. Of course, that
won't stop clamd failing in interesting ways on massive messages.
You might prefer to only virus-scan smaller messages, by
checking $message_size.
2022-10-25 07:36:45 1onCcF-002IAu-0b H=X [x.x.x.x]
X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<YYY@YYY> temporarily
rejected after DATA: MYSQL: no data found
The word "MYSQL" is not in this part of the sourcecode.
I suspect that "MYSQL: no data found" error comes from a different part
of your configuration-defined processing, even if the lack
of virus-scan result is the cause.
the mysql modul also looses it's connection to the database
Not proven. Check using Exim's debug facilities.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
