Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AV check skipped during clamd DB reloads #5755

Closed
stephdl opened this issue May 9, 2019 · 10 comments

Comments

3 participants
@stephdl
Copy link

commented May 9, 2019

Steps to reproduce

  • in maillog we can see a lot of CLAM_VIRUS_FAIL in the rspamd transaction

CLAM_VIRUS_FAIL(0.00){failed to scan and retransmits exceed;},

Expected behavior

I expect to do not see this warnings because it means that rspamd failed to contact the clamd socket and the email/attachment has not been checked against clamav

Actual behavior

In fact I suppose that clamd has detected a new database to load, after the download when it is reloading the database, clamd is not available between 15 to 30s on my server, if an email comes at this moment, rspamd tries to contact the clamd socket during 5 seconds with two attempts

 timeout = 5.0,
detection_category = "virus",
retransmits = 2,

this is an example of the log transaction : https://gist.github.com/stephdl/050c6abe14f939a9e9c767ea0f6d609a

Components

nethserver-mail-p3scan-2.5.0-1.ns7.noarch
nethserver-mail-smarthost-2.5.0-1.ns7.noarch
nethserver-mail-getmail-2.5.0-1.ns7.noarch
nethserver-mail-server-2.5.0-1.ns7.noarch
nethserver-mail-disclaimer-2.5.0-1.ns7.noarch
rspamd-1.9.2-1.x86_64
nethserver-mail-common-2.5.0-1.ns7.noarch
nethserver-mail-filter-2.5.0-1.ns7.noarch

See also

https://community.nethserver.org/t/clamav-failed-to-scan-email-with-an-attachment-in-email/12630


thank xcod

@stephdl stephdl self-assigned this May 9, 2019

@stephdl

This comment has been minimized.

Copy link
Author

commented May 9, 2019

in order to test the database reload :

kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`

@DavidePrincipi DavidePrincipi added the bug label May 10, 2019

stephdl added a commit to NethServer/nethserver-mail that referenced this issue May 10, 2019

Merge pull request #125 from stephdl/GH5755
Soft reject if CLAM_VIRUS_FAIL

NethServer/dev#5755
@nethbot

This comment has been minimized.

Copy link
Member

commented May 10, 2019

in 7.6.1810/testing:

@DavidePrincipi

This comment has been minimized.

Copy link
Member

commented May 10, 2019

Please add the test case too!

@stephdl

This comment has been minimized.

Copy link
Author

commented May 10, 2019

QA

  • Install the rpm nethserver-mail-filter from testing
  • you can simulate the DB reloading by
kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`

so during your are receiving your emails, you can launch this command each 5 seconds to be sure clamav is reloading its DB

  • check in email logs you must find this : default: F (soft reject): [-0.76/19.90] [FORCE_ACTION_CLAM_VIRUS_FAIL(1.00){soft reject;}

and the answer of our smtp

May 10 11:50:30 prometheus postfix/cleanup[2848]: 1D10E18035212: milter-reject: END-OF-MESSAGE from mout.kundenserver.de[217.72.192.75]: 4.7.1 Cannot validate the message now. Try again later; from=<no-reply@NS7
.stephdl.dynu.net> to=<admin@de-labrusse.fr> proto=ESMTP helo=<mout.kundenserver.de>

@stephdl stephdl removed their assignment May 10, 2019

@stephdl stephdl added testing and removed bug labels May 10, 2019

@DavidePrincipi DavidePrincipi added this to ✋ Needs review in NethServer 7 via automation May 10, 2019

@gsanchietti gsanchietti moved this from ✋ Needs review to ⚙ Developing in NethServer 7 May 13, 2019

@nethbot

This comment has been minimized.

Copy link
Member

commented May 14, 2019

in 7.6.1810/testing:

@DavidePrincipi DavidePrincipi self-assigned this May 14, 2019

@DavidePrincipi

This comment has been minimized.

Copy link
Member

commented May 15, 2019

VERIFIED

With old package the message was sent as reported.
With nethserver-mail-filter-2.6.0-1.4.gfd4a2c1.ns7.noarch the SMTP client gets a temporary error:
451 4.7.1 Cannot validate the message now. Try again later

Full test:

[root@vm5 ~]# tail -f /var/log/messages &
[root@vm5 ~]# kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid` ; sleep 5; curl -v smtp://$(hostname)/$(hostname) --mail-from davidep@neth.it --mail-rcpt admin@$(hostname -d) <<EOF
Subject: test
Date: $(date -R)
From: davidep@neth.it
To: admin@$(hostname -d)
Message-Id: <msg-$(date +%s)@$(hostname)>

Test

EOF

* About to connect() to vm5.dpnet.nethesis.it port 25 (#0)
*   Trying 192.168.122.5...
* Connected to vm5.dpnet.nethesis.it (192.168.122.5) port 25 (#0)
< 220 vm5.dpnet.nethesis.it ESMTP Postfix
> EHLO vm5.dpnet.nethesis.it
< 250-vm5.dpnet.nethesis.it
< 250-PIPELINING
< 250-SIZE 20000000
< 250-VRFY
< 250-ETRN
< 250-STARTTLS
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250 DSN
> MAIL FROM:<davidep@neth.it>
< 250 2.1.0 Ok
> RCPT TO:<admin@dpnet.nethesis.it>
< 250 2.1.5 Ok
> DATA
< 354 End data with <CR><LF>.<CR><LF>
May 15 09:48:23 vm5.dpnet.nethesis.it clamd[28149]: Reading databases from /var/lib/clamav
< 451 4.7.1 Cannot validate the message now. Try again later
* Connection #0 to host vm5.dpnet.nethesis.it left intact
curl: (56) Failure when receiving data from the peer
[root@vm5 ~]# 
[root@vm5 ~]# May 15 09:48:49 vm5.dpnet.nethesis.it clamd[28149]: Database correctly reloaded (6126873 signatures)

@DavidePrincipi DavidePrincipi removed their assignment May 15, 2019

@DavidePrincipi DavidePrincipi added bug verified and removed testing labels May 15, 2019

@DavidePrincipi DavidePrincipi changed the title Rspamd timeout when Clamd reload the database AV check skipped during clamd DB reloads May 15, 2019

@nethbot

This comment has been minimized.

Copy link
Member

commented May 15, 2019

in 7.6.1810/testing:

@nethbot

This comment has been minimized.

Copy link
Member

commented May 15, 2019

in 7.6.1810/testing:

@nethbot

This comment has been minimized.

Copy link
Member

commented May 15, 2019

in 7.6.1810/updates:

@stephdl

This comment has been minimized.

Copy link
Author

commented May 15, 2019

set closed, released as 2.6.1 version

@stephdl stephdl closed this May 15, 2019

NethServer 7 automation moved this from ⚙ Developing to 🗑 Done May 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.