Bug#530963: exim4-daemon-heavy: clamd av_scanner does not use configured port

Boyd Stephen Smith Jr. bss03 at volumehost.net
Fri May 29 01:51:50 UTC 2009 

Package: exim4-daemon-heavy
Version: 4.69-9
Severity: normal


I'm getting errors in my /var/log/exim4/paniclog:
2009-05-28 20:15:17 1M9m0T-00059K-21 malware acl condition: clamd: 
connection to 172.20.2.91, port 1189 failed (Connection refused)
2009-05-28 20:18:42 1M9m3l-0005GE-PF malware acl condition: clamd: 
connection to 172.20.2.91, port 1114 failed (Connection refused)
2009-05-28 20:19:25 1M9m4T-0005GL-94 malware acl condition: clamd: 
connection to 172.20.2.91, port 1520 failed (Connection refused)
2009-05-28 20:20:09 1M9m5B-0005GQ-4V malware acl condition: clamd: 
connection to 172.20.2.91, port 1533 failed (Connection refused)
2009-05-28 20:20:37 1M9m5c-0005GV-Vu malware acl condition: clamd: 
connection to 172.20.2.91, port 1574 failed (Connection refused)
2009-05-28 20:24:40 1M9m9Y-0005Ga-L0 malware acl condition: clamd: 
connection to 172.20.2.91, port 1703 failed (Connection refused)
2009-05-28 20:26:15 1M9mB5-0005Gf-Bk malware acl condition: clamd: 
connection to 172.20.2.91, port 1426 failed (Connection refused)
2009-05-28 20:28:03 1M9mCl-0005Gk-9s malware acl condition: clamd: 
connection to 172.20.2.91, port 1221 failed (Connection refused)
2009-05-28 20:29:40 1M9mEN-0005Gp-Q4 malware acl condition: clamd: 
connection to 172.20.2.91, port 1966 failed (Connection refused)
2009-05-28 20:31:42 1M9mGJ-0005Gu-NB malware acl condition: clamd: 
connection to 172.20.2.91, port 1697 failed (Connection refused)

Notice that the port varies, for some reason.

What I think is relevant about my configuration is:
(on the exim4 server)
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs-local:
CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/conf.d/local/acl_check_data

/etc/exim4/conf.d/main/02_exim4-config_options-local:
av_scanner = clamd:ichi 3310

/etc/exim4/conf.d/acl/40_exim4-config_check_data:
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif

/etc/exim4/conf.d/local/acl_check_data:
deny
  add_header = X-Virus-Scanned: clamav at iguanasuicide.net
  message = This message was detected as possible malware ($malware_name).
  malware = */defer_ok

/etc/hosts:
172.20.2.91     ichi.iguanasuicide.net ichi

I looked at the package source, specifically malware.c and I didn't see 
anything immediately wrong.  I also didn't notice any Debian patches to the
file, so I suppose it could be an upstream issue, but I'm not sure.


Please, let me know if I can provide any assistance in resolving the bug.

- Package-specific info:
Exim version 4.69 #1 built 30-Sep-2008 18:55:37
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to replace
# the DEBCONFsomethingDEBCONF strings in the configuration template files.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='internet'
dc_other_hostnames='iguanasuicide.net;iguanasuicide.org;iguanasuicide.com'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='172.20.0.0/16'
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='dovecot_lda'
mailname:iguanasuicide.net

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (900, 'stable'), (700, 'testing'), (500, 'unstable'), (300, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-19-xen (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]  1.5.24            Debian configuration management sy
ii  exim4-base             4.69-9            support files for all Exim MTA (v4
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libdb4.6               4.6.21-11         Berkeley v4.6 Database Libraries [
ii  libgnutls26            2.4.2-6+lenny1    the GNU TLS library - runtime libr
ii  libldap-2.4-2          2.4.11-1          OpenLDAP libraries
ii  libmysqlclient15off    5.0.51a-24+lenny1 MySQL database client library
ii  libpam0g               1.0.1-5+lenny1    Pluggable Authentication Modules l
ii  libpcre3               7.6-2.1           Perl 5 Compatible Regular Expressi
ii  libperl5.10            5.10.0-19         Shared Perl library
ii  libpq5                 8.3.7-0lenny1     PostgreSQL C client library
ii  libsasl2-2             2.1.22.dfsg1-23   Cyrus SASL - authentication abstra
ii  libsqlite3-0           3.5.9-6           SQLite 3 shared library

exim4-daemon-heavy recommends no packages.

exim4-daemon-heavy suggests no packages.

-- debconf information:
  exim4-daemon-heavy/drec:

More information about the Pkg-exim4-maintainers mailing list