[Rspamd-Users] antivirus questions

Mon Nov 5 08:08:46 UTC 2018

Hey,

The savapi implementation currently only supports writing to a temp
file. With a little patch it would be possible to write into a
configured directory.

But, I would bet, savapi also supports piping the mail directly to the
socket. Maybe you have access to the full savapi protocol docs.

Then savapi could also use (multiple) different hosts - like it's
implemented in the clamav or sophos sections.

--

Carsten

On 04.11.18 21:22, A. Schulze wrote:
> Hello,
> 
> I like to use savapi as antivirus engine and use this "/etc/rspamd/local.d/antivirus.conf":
> savapi {
>     prefix = "rc_savapi_";
>     servers = "savapi.example";
>     symbol = "SAVAPI_VIRUS";
>     type = "savapi";
>     log_clean = true;
>     action = reject;
>     product_id = 4711;
> }
> 
> -> rspamd and savapi run on different hosts.
> Is that setup supportet at all?
> 
> While I do see tcp traffic to "savapi.example" port 4444, I do not get an EICAR file detected as virus but also get no logs at all.
> tcpdump show me rspamd issue a command "SCAN /tmp/rmsg-XXXXiQiJXn"
> 
> -> rspamd assume savapi is running on localhost and share a common filesystem.
> 
> Question: is it possible to tell rspamd "where to save files, savapi should scan"
> I may share /tmp/ between rspamd and savapi but that my introduce other problems.
> So it would be cool if rspamd could handover files to savapi via a special directory:
> 
> savapi {
>     directory = "/rspamd_place_tmp_files_to_be_scanned_by_savapi_here/";
> }
> 
> Or are there other possibilities to run rspamd and savapi on different hosts (docker containers)
> 
> Andreas
> 