[Avcheck] Monitoring [was: Running kavdaemon supervised]

[Michael Tokarev]

Ralf Hildebrandt wrote:
> 
> Letting kavdaemon run supervised (using djb's daemontools) sounds like a
> good idea. Problem: kavdaemon doesn't have a "stay in foreground" option.

The whole point (monitoring an antivirus) sounds interesting to me.
But instead of just monitor the presence of a daemon, I'd try to do
more "clever" thing, that is to watch maillog for deferrals from
avcheck/avscan/whatever transport.  This approach is more general
at least, and can help with other issues as well.

Note that currently avcheck will defer mails that can't be virus-checked
for whatever reason, including a situation when daemon not running *and*
others too, like broken archive in a message, too large message, and so
on.  This question was discussed several times already, and no clean
solution for the deferals was shown.  Now I have an idea.

How about adding small daemon that will watch the logfile for avcheck
deferred patterns (similar to e.g. dracd and pop-before-smtp) or
something like that (various different ways, e.g. modifying avcheck
so it will do some actions itself in parallel to returning text
back to MTA), that will take appropriate actions based on found
conditions.  Possible actions are, for example, restarting av
daemon in case it dead, sending postmaster notifications about
unexpected deferals and so on.

Ummm...  It looks too complicated, is it?

[]
> #!/bin/sh
> sleep 2
> cd /var/spool/avp
> /usr/bin/env - HOME=/ \
> /var/spool/avp/uchroot -u avpd /var/spool/avp \
> ./kavdaemon -dl -f=/ctl /tst

Just curious -- why you use `cd' here?

Regards,
 Michael.