[Avcheck] what if avp hangs

Piotr Klaban makler+avcheck@man.torun.pl
Tue, 28 Aug 2001 11:51:56 +0200


On Tue, Aug 28, 2001 at 01:26:35PM +0400, Michael Tokarev wrote:
> to be written... ;)  Btw, look to avcheck archives,
I'd look, thanks.
 
> Do you by any chance have soft_bounce=yes set in main.cf?
I add this when the avcheck was running.

> >  unable to connect to antivirus daemon: No such file or directory )
> 
> Wow, that's something new:  i never saw *main* avpdaemon crashed,
> only it's childs.
Hm... maybe it was caused by me -killing avpdaemon, because
I can not reproduce it now.

> In theory, it is relatively simple to "know" that something
> is wrong with avdaemon.  A disconnect (that will not happen
> in case of avp, thanks to "clever" things it does), some
> set of return codes (not any unexpected one, but a limited

Yes, avpdaemon does not close the descriptor when the child
is killed with SIGBUS. It just accepts next connections with higher
descriptor numbers.

> exceeded").  Currently, avcheck turns this timeout into
> EX_TEMPFAIL (unlike postfix's limit that causes mail to bounce).
> Might be this is worse than bounce, I don't know.

The timeout feature is very good. That should be treated
as if the would be no avp daemon running, IMHO; then
EX_TEMPFAIL is good - but if the avpdaemon children
crashes each time the mail would be bounced after 5 days.
If there would be another (drweb or something else) virus
checked then mail could be just checked with the other virus checker.

> About redundrand av daemon -- looking to "architecture"
> of two daemons I have here (avp and drweb), this should
> be unneeded: main parent daemon only accepts connections
> and forks for every request, in theory it should not
> crash.  After all, there is cron etc exists that can
> monitor it's presence.

Right, let's assume that avpdaemon never crashes.
The reason for another or second AV checker is that,
when there is a 'pipe avcheck' process limit in master.cf.
I have it equal to 3, because my (tested) system is not so strong
(Sun Ultra 10, 330 MHz sparc).
Then with three mails with bad attachments, avpdaemon
receives three SIGBUS signals, and three 'pipe avcheck'
processes are waiting (during the read() call) for timeout.
If there would be timeout, or 'unknown result code',
avcheck programs could connect to another daemon,
it can have drweb inside, or avpdaemon with other set
of configuration parameters. But I do not know if this is
the right way to do things.

> corresponding error code.  Currently, all those codes
> treated as EX_TEMPFAIL by avcheck.  I know this is bad,
> but I can't know what other admins will prefer to do
> with such mails...

If there would be no privacy protection, then such mails
could be queued and waiting for the admin intervention
(sort of moderation). EX_TEMPFAIL is similar - the mail
waits in the system postfix queue. The admin can delete it,
postcat it, etc.

-- 
Piotr Klaban