[Avcheck] content_inspector patch for 2.0.4
Michael Tokarev
mjt@tls.msk.ru
Thu, 06 Mar 2003 14:45:35 +0300
Serge Leschinsky wrote:
> Dear Michael.
>
> On Wednesday, the 5th of March, 2003, at 21:26 GMT +03
> (Thursday, the 6th of March, 2003, at 0:26 my local time),
> you wrote about "[Avcheck] content_inspector patch for 2.0.4", at least in part:
>
>
>>>I've patched postfix 2.0.4 successfully. The mail system works
>>>correctly except mail queue - it isn't clearing.
>
> MT> What's your setup (avcheck invocation)?
> avcheck unix - n n - 5 pipe
> -o pipe_safetodeliver_code=10
> flags=q user=avclient argv=/var/spool/avp/avcheck
> -d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
> -f ${sender} -h DrWeb-4.28 -S :1025 -- ${recipient}
Hmm... Where's -g option? Let me think... Hmm... It seems
the content-inspector patch brokes original content-filter path.
Because the above is classical content-FILTER invocation. Hmm..
Ok, I need to review the "filter" case once again. It's interesting,
since I see usual wave of viruses here (when avcheck becomes a
filter, returning 0 to postfix which means "I took responsibility
of a message"), and no stalled queue files here.
> MT> Which processes are
> MT> running when mail "sits on the queue"?
> Hm.... Are you interested in "ps -aux" output? Or the information
> about postfix (chroot jail, tls, sasl2 and mysql patch) is quite full?
ps output. I.e. whenever some processes are "delivering" that stalled
entries.
[]
> MT> and things are working just
> MT> fine. Moreover, I tested the patch with various funny combinations.
> Due to the maul queue problem I have to rebuild postfix without this
> patch but I left the rest without changes. I deleted " -o
> pipe_safetodeliver_code=10" from master.cf and I invoke avcheck as
> before. Now it looks like everything is ok.
There is no need to delete THIS parameter - unpatched postfix just
don't use it. But -g option should be deleted (you don't have it
anyway), or else mail will be bounced with "unknown error" (postfix
will not recognize that "special return code 10").
/mjt