[Rspamd-Users] antivirus questions

A. Schulze sca at andreasschulze.de
Sun Nov 4 20:22:15 UTC 2018


I like to use savapi as antivirus engine and use this "/etc/rspamd/local.d/antivirus.conf":
savapi {
    prefix = "rc_savapi_";
    servers = "savapi.example";
    symbol = "SAVAPI_VIRUS";
    type = "savapi";
    log_clean = true;
    action = reject;
    product_id = 4711;

-> rspamd and savapi run on different hosts.
Is that setup supportet at all?

While I do see tcp traffic to "savapi.example" port 4444, I do not get an EICAR file detected as virus but also get no logs at all.
tcpdump show me rspamd issue a command "SCAN /tmp/rmsg-XXXXiQiJXn"

-> rspamd assume savapi is running on localhost and share a common filesystem.

Question: is it possible to tell rspamd "where to save files, savapi should scan"
I may share /tmp/ between rspamd and savapi but that my introduce other problems.
So it would be cool if rspamd could handover files to savapi via a special directory:

savapi {
    directory = "/rspamd_place_tmp_files_to_be_scanned_by_savapi_here/";

Or are there other possibilities to run rspamd and savapi on different hosts (docker containers)


More information about the Users mailing list