[Rspamd-Users] Trouble with sockets to ClamAV and Spamd

Wed Nov 15 18:49:46 UTC 2023

Hi there,

On Wed, 15 Nov 2023, usenet--- via Users wrote:

> I just have the problem that my Rspamd 3.7.4 on debian 12 does not create 
> socket connections.

How do you know that this is the problem?

> I use ClamAV and at local.d/antivirus.conf:
>
> ClamAV {
>     symbol = "CLAM_VIRUS";
>     type = "clamav";
>     action = "rewrite subject";
>     servers = "/var/run/clamav/clamd.ctl";
>     max_size = 200000000;
>     scan_mime_parts = false;
>     log_clean = true;
>     timeout = 10;
>     retransmits = 2;
> }

Unrelated to your problem, but...

1. Do you really intend to scan (or even receive) 200 megabyte emails?

2. Why do you not want to scan MIME parts?

3. Do you think ten seconds is going to be enough for ClamAV to scan
200 megabytes of data?  My Pi4B can't reliably scan 200 kilobytes in
ten seconds - and that's all it's doing.

> The error message I get in rspamd.log is:
> 2023-11-15 18:22:10 #7289(rspamd_proxy) <dc0ec5>; lua; clamav.lua:117: 
> ClamAV: failed to scan, maximum retransmits exceed

Do you know ClamAV is actually listening for the data which rspamd is
sending?  Do you have a clamd log?  Anything interesting in it?

> The file sizes in clamav.conf are 25MB and to test I send a 2MB PDF.
>
> Even in Spamd, i.e. Spamassassin, I get the error message:
> SPAMD_FAIL (0) [failed to scan and retransmits exceed: Socket error detected: 
> connection establishment refused]
>
> Is there something fundamentally wrong with my setup?

Possibly. :/

> What could be the reason?

Either you haven't told rspamd and clamd the same things about what
resources they are to use to send and receive, or one of them isn't
actually doing what you think you've told it to do.

In my experience the latter would most likely mean that you simply
haven't started (or restarted) the clamd daemon after making changes
to the configuration.

Have you ever had this working?

May we see your clamd configuration?

Can you send commands to the clamd daemon from the command line?  This
is me sending a PING command from my mail server to the (remote) clamd
server on the LAN.

8<----------------------------------------------------------------------
$ telnet 192.168.0.7 3310
Trying 192.168.0.7...
Connected to 192.168.0.7.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.
8<----------------------------------------------------------------------

Obviously you woudn't use TCP for the communication if you're using a
socket in the filesystem, but the idea is the same.  Oh, and the IP
address and the socket are fictitious in my example but that doesn't
matter either.  I did run the command, but I changed those numbers. :)

-- 

73,
Ged.