Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
antivirus module uses wrong ClamAV defaults on Debian #1832
Classification (Please choose one option):
Reproducibility (Please choose one option):
Operation system, CPU, memory and environment:
Description (Please provide a descriptive summary of the issue):
The documentation on how to use ClamAV as a malware scanner should be improved.
A working configuration would be (/etc/rspam.d/local.d/antivirus.conf):
That also requires that the _rspamd user is part of the clamav group to be able to access the control socket. I suggest that this is made clearer.
I would also like to suggest that an error is logged if the antivirus backend could not be reached. Such an error should not go unnoticed. Thanks.
Steps to reproduce:
Install rspamd on Debian Stretch. Send a test virus (e.g. eicar.com). See in the logs that the antivirus module does nothing.
That's not Rspamd issue. We cannot fit all 100500 Linux distros in the world. Using of Unix sockets is extremely inconvenient because of the mess with permissions/groups and inability to dump traffic. I personally think that using of the unix socket is a very poor default. However, the default documentation clearly says that unix sockets usage is also possible. The errors are also logged properly, you are likely using the default
Let's just say that the documentation of the antivirus module is very unspecific about what the defaults are. Quote:
Without looking at the source code it's unclear what the default may be. Would be nice to put that into the configuration file as a comment for example.
IMHO using sockets has pros and cons. The pro is that you don't open up a service for everyone on a host but just for those who you grant access. The con is that it may be harder to use if you get the permissions wrong and that tcpdump isn't working. I don't want to judge the respective distros' approaches. I'm just a stupid ignorant sysadmin who tried hard to get AV scanning working. :) And good documentation and clear error messages help with that.
On Debian 9....
Should work without issue.
It is documented in both rspamd and clamav how to set the port/socket.
Your answer doesn't make any sense. You documentation is wrong. It does not work. I don't understand the mindset.
If you have no time for correcting the dox ( and I understood that you are too busy), is there somebody else who could help you?