Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

feature request for clam (STREAM mode)

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


arekm at pld-linux

Aug 17, 2003, 10:42 AM

Post #1 of 6 (530 views)
Permalink
feature request for clam (STREAM mode)
Hi,

STREAM support is long awaited feature by me. Unfortunately it seems badly
designed.

Current protocol is:
- connect with default clamav port (command connection)
- send STREAM uppercase
- clamd returns port number
- we connect with that number and send data to be scanned there (data
connection)

Problems are:
- if we want to scan few files we need to connect to reconnect to command
connection every time, too - why? Why no multiple STREAM commands allowed?
- data port is random so I need to open all ports on my firewall which is very
sad. Instead of this it would be great if I could send data over ,,command
connection'' and don't use ,,data connection'' at all.

clamscan btw. is missing STREAM mode for multiple files when scanning. With
this support clamscan would be second(? - after clamav-milter) antivirus
daemon that sould work in such scenario with multiple hosts where mail spool
is on different host than antivirus daemon.

--
Arkadiusz Mi¶kiewicz CS at FoE, Wroclaw University of Technology
arekm [at] sse AM2-6BONE, 1024/3DB19BBD, arekm(at)ircnet, PLD/Linux


tk at lodz

Aug 17, 2003, 1:33 PM

Post #2 of 6 (519 views)
Permalink
Re: feature request for clam (STREAM mode) [In reply to]
On Sun, 17 Aug 2003 19:38:10 +0200
Arkadiusz Miskiewicz <arekm [at] pld-linux> wrote:

> Hi,
>
> STREAM support is long awaited feature by me. Unfortunately it seems
> badly designed.

The idea of the protocol is based on OpenAntiVirus ScannerDaemon's POST
command, with some enhancements.

> Current protocol is:
> - connect with default clamav port (command connection)
> - send STREAM uppercase
> - clamd returns port number
> - we connect with that number and send data to be scanned there (data
> connection)

That's it.

> Problems are:
> - if we want to scan few files we need to connect to reconnect to
> command connection every time, too - why? Why no multiple STREAM
> commands allowed?

Do you mean STREAM should support an optional argument for a number of
sockets clamd should start waiting on ? No problem.

> - data port is random so I need to open all ports on my firewall which
> is very

This problem has been already reported a few days ago. The port number
range will be configurable in clamav.conf.

> sad. Instead of this it would be great if I could send data over
> ,,command connection'' and don't use ,,data connection'' at all.

Oh, I don't think this is a good idea - it will make the command socket
a bottleneck because a scan process for may be long and we can't depend
on the backlog argument of the listen() function due to portability
reasons.
> clamscan btw. is missing STREAM mode for multiple files when scanning.
> With

clamscan doesn't connect to clamd at all. clamdscan uses STREAM while
reading from a standard input, but this is not yet fully implemented.
clamdscan will support "remote scanning" (with something like
"--remote-host" option) soon.

Best regards,
Tomasz Kojm
--
oo ..... zolw [at] konarski
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl


arekm at pld-linux

Aug 17, 2003, 1:49 PM

Post #3 of 6 (517 views)
Permalink
Re: feature request for clam (STREAM mode) [In reply to]
On Sunday 17 of August 2003 22:29, Tomasz Kojm wrote:
> > - if we want to scan few files we need to connect to reconnect to
> > command connection every time, too - why? Why no multiple STREAM
> > commands allowed?
>
> Do you mean STREAM should support an optional argument for a number of
> sockets clamd should start waiting on ? No problem.
I was thinking about something other... don't disconnect after returning
stream: OK/OTHER_MESSAGE and allow to send another STREAM request. In this
way I wouldn't need to reconnect every time if I want to scan few files.

> > - data port is random so I need to open all ports on my firewall which
> > is very
>
> This problem has been already reported a few days ago. The port number
> range will be configurable in clamav.conf.
btw. does clamd checking whether data connection comes from the same IP as
command connection?

> > clamscan btw. is missing STREAM mode for multiple files when scanning.
> > With
>
> clamscan doesn't connect to clamd at all.
Unfortunately :-( Also clam libraries don't have any network support which
also would be useful. It would be really great to just specify
clamscan ---remote-host=x.y.z.q:2145 /some/directory :)

> clamdscan uses STREAM while
> reading from a standard input, but this is not yet fully implemented.
> clamdscan will support "remote scanning" (with something like
> "--remote-host" option) soon.
Great.

>
> Best regards,
> Tomasz Kojm

--
Arkadiusz Mi¶kiewicz CS at FoE, Wroclaw University of Technology
arekm [at] sse AM2-6BONE, 1024/3DB19BBD, arekm(at)ircnet, PLD/Linux


tk at lodz

Aug 17, 2003, 2:48 PM

Post #4 of 6 (521 views)
Permalink
Re: feature request for clam (STREAM mode) [In reply to]
On Sun, 17 Aug 2003 22:45:07 +0200
Arkadiusz Miskiewicz <arekm [at] pld-linux> wrote:

> On Sunday 17 of August 2003 22:29, Tomasz Kojm wrote:
> > > - if we want to scan few files we need to connect to reconnect to
> > > command connection every time, too - why? Why no multiple STREAM
> > > commands allowed?
> >
> > Do you mean STREAM should support an optional argument for a number
> > of sockets clamd should start waiting on ? No problem.
> I was thinking about something other... don't disconnect after
> returning stream: OK/OTHER_MESSAGE and allow to send another STREAM
> request. In this way I wouldn't need to reconnect every time if I want
> to scan few files.

This will cause the problem I've described in my previous mail - will
block the command socket with big files.

Best regards,
Tomasz Kojm
--
oo ..... zolw [at] konarski
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl


mm-mailinglist at madness

Aug 17, 2003, 11:47 PM

Post #5 of 6 (519 views)
Permalink
Re: feature request for clam (STREAM mode) [In reply to]
Tomasz Kojm wrote:

>On Sun, 17 Aug 2003 19:38:10 +0200
>Arkadiusz Miskiewicz <arekm [at] pld-linux> wrote:
>
>
>
>>Hi,
>>
>>STREAM support is long awaited feature by me. Unfortunately it seems
>>badly designed.
>>
>>
>
>The idea of the protocol is based on OpenAntiVirus ScannerDaemon's POST
>command, with some enhancements.
>
>
>
>>Current protocol is:
>>- connect with default clamav port (command connection)
>>- send STREAM uppercase
>>- clamd returns port number
>>- we connect with that number and send data to be scanned there (data
>>connection)
>>
>>
>
>That's it.
>
>
>
>>Problems are:
>>- if we want to scan few files we need to connect to reconnect to
>>command connection every time, too - why? Why no multiple STREAM
>>commands allowed?
>>
>>
>
>Do you mean STREAM should support an optional argument for a number of
>sockets clamd should start waiting on ? No problem.
>
>
>
>>- data port is random so I need to open all ports on my firewall which
>>is very
>>
>>
>
>This problem has been already reported a few days ago. The port number
>range will be configurable in clamav.conf.
>
>
>
>>sad. Instead of this it would be great if I could send data over
>>,,command connection'' and don't use ,,data connection'' at all.
>>
>>
>
>Oh, I don't think this is a good idea - it will make the command socket
>a bottleneck because a scan process for may be long and we can't depend
>on the backlog argument of the listen() function due to portability
>reasons.
>

I really, really dislike this solution which reminds me in some way to
the (br0ken) ftp-protocol. A solution like this make any kind of
loadbalancing(using a standard TCP balancing solution) nearly
impossible. Any chance that this design could be changed to using a
single TCP-Port. This would allow use to loadbalance/failover clamd
easily between a large number of hosts (just like it's possible with
spamd from the spamassassin package today).

Stefan


njh at bandsman

Aug 18, 2003, 12:53 AM

Post #6 of 6 (524 views)
Permalink
Re: feature request for clam (STREAM mode) [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shouldn't this be on the developers list, not here?

- -Nigel

- --
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
njh [at] bandsman http://www.bandsman.co.uk/music.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/QIPCOv/MqfDWaY8RApe1AKCfnMzUe4FmPedTfw2FiM+jB1+jtACeOSD1
sZAQrJaDTdGlBOSsHu9H6+Y=
=gQsP
-----END PGP SIGNATURE-----

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.