--- mailfront-1.16/plugin-clamav.c.original 2010-04-07 20:25:03.000000000 +0800 +++ mailfront-1.16/plugin-clamav.c 2010-04-07 20:26:19.000000000 +0800 @@ -13,6 +13,8 @@ static RESPONSE(no_scan,451,"4.3.0 Could not virus scan message"); static response resp_virus = { 554, 0 }; +static unsigned long failsafe; + #define MAX_IPS 16 static str line; @@ -29,6 +31,12 @@ return -1; } +static const response *warn_sys(const char *s1) +{ + warn2sys("clamav skipped: ", s1); + return failsafe ? 0 : &resp_internal; +} + static const response* message_end(int fd) { const char* hostname; @@ -48,6 +56,9 @@ ibuf netin; obuf netout; struct stat st; + + if ((tmp = getenv("CLAMAV_FAILSAFE")) && *tmp) + failsafe = strtoul(tmp, 0, 10); if ((hostname = session_getenv("CLAMAV_HOST")) != 0 || (hostname = session_getenv("CLAMD_HOST")) != 0) { @@ -56,7 +67,7 @@ && (maxsize = strtoul(tmp, (char**)&tmp, 10)) != 0 && *tmp == 0) { if (fstat(fd, &st) != 0) - return &resp_internal; + return warn_sys("fstat(fd, &st) != 0"); if (st.st_size > (ssize_t)maxsize){ warn1("ClamAV scanning skipped: message larger than maximum"); return 0; @@ -81,15 +92,19 @@ || (send_timeout = strtoul(tmp, (char**)&tmp, 10)) == 0 || *tmp != 0) send_timeout = timeout; - if ((ip_count = resolve_ipv4name_n(hostname, ips, MAX_IPS)) <= 0) - return &resp_no_hostname; + if ((ip_count = resolve_ipv4name_n(hostname, ips, MAX_IPS)) <= 0) { + if (failsafe > 0) + return warn_sys("Could not resolve virus scanner hostname"); + else + return &resp_no_hostname; + } gettimeofday(&tv, 0); offset = (tv.tv_sec ^ tv.tv_usec) % ip_count; for (i = 0; i < ip_count; ++i) { const ipv4addr* addr = &ips[(i + offset) % ip_count]; if (lseek(fd, 0, SEEK_SET) != 0) - return &resp_internal; + return warn_sys("lseek(fd, 0, SEEK_SET) != 0"); if ((sock = try_connect(addr, cmdport, connect_timeout)) < 0) continue; @@ -128,7 +143,10 @@ close(sock); } } - return &resp_no_scan; + if (failsafe > 0) + return warn_sys("Could not virus scan message"); + else + return &resp_no_scan; } struct plugin plugin = { --- mailfront-1.16/plugin-clamav.html.original 2010-04-07 20:25:16.000000000 +0800 +++ mailfront-1.16/plugin-clamav.html 2010-04-07 20:26:25.000000000 +0800 @@ -20,6 +20,12 @@
+
$CLAMAV_FAILSAFE
+
The default behaviour of the plugin is to defer any SMTP delivery if the +ClamAV scanner is not available, at the risk of emails being finally rejected if +the problem is not fixed. To let any mail pass in such a case set this variable +to a numerical value greater than 0.
+
$CLAMAV_CONNECT_TIMEOUT
The maximum amount of time to wait for a response when connecting to a ClamAV scanner, in milliseconds. (defaults to $CLAMAV_TIMEOUT below)