[clamav-users] Cannot skip OLE2 checking
Kris Deugau
kdeugau at vianet.ca
Thu Dec 22 15:10:58 UTC 2016
Mark Foley wrote:
> Kees - thanks for that info. So, basically I'd have to start a new clamd with a
> different socket and therefore pointing to a different config file. Not sure
> then what the point of the --config-file parameter to clamdscan is ...
It allows you to call a different clamd than the "system default" - we
used this for a time to hack in crude load balancing on our mail
infrastructure. (We have a couple of servers running clamd and
SpamAssassin's spamd, and both the incoming and outgoing mail-handling
servers call the daemons on the dedicated scanner servers, rather than
running clamd and SpamAssassin on each mail server.)
A set of configuration files with the minimal host and port settings,
each directed to a specific scanning host, and chosen at random when
assembling the clamdscan call, held up fairly well for several years.
I don't recall what the issue was (if we ever even found anything other
than "doesn't work"), but some time ago clamd did not play nice with
Linux LVM load balancing. More recently we tried again and it's
working, so we don't need multiple clamdscan configurations any more.
> So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter for
> quarantining such incoming messages (I can manually release legitimate ones
> later), but I'll use clamscan (not clamdscan) with the settings shown below for
> semi-daily scanning of the Maildir folder without the --block-macros=yes
> parameter. This seems to give me the results I want.
>
> clamscan -a --no-summary --stdout --infected --recursive --allmatch \
> --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/
*nod* For occasional bulk scanning there's little advantage to using
clamd/clamdscan anyway (aside from assembling all the arguments for
clamscan) since you only pay the startup time of parsing the signature
databases once for each run. For scanning mail, you're making one call
for each message, so you don't want to be paying that startup cost on
each message.
-kgd
More information about the clamav-users
mailing list