NAME¶
Courier::Filter::Module::ClamAVd - ClamAV clamd filter module for the
Courier::Filter framework
SYNOPSIS¶
use Courier::Filter::Module::ClamAVd;
my $module = Courier::Filter::Module::ClamAVd->new(
# See the socket options description for details.
socket_name => '/var/run/clamav/clamd.ctl',
socket_host => 'clamav.example.com',
socket_port => '3310',
max_message_size
=> $max_message_size,
max_part_size => $max_part_size,
response => $response_text,
logger => $logger,
inverse => 0,
trusting => 0,
testing => 0,
debugging => 0
);
my $filter = Courier::Filter->new(
...
modules => [ $module ],
...
);
DESCRIPTION¶
This class is a filter module class for use with Courier::Filter. It matches a
message if the configured ClamAV "clamd" daemon detects malware in
it.
Constructor¶
The following constructor is provided:
- new(%options): returns Courier::Filter::Module::ClamAVd
- Creates a new ClamAVd filter module.
%options is a list of key/value pairs representing any of the following
options:
- socket_name
- socket_host
- socket_port
- These options describe the Unix domain or TCP/IP socket that should be
used to connect to the ClamAV daemon. If no socket options are
specified, first the socket options from the local "clamd.conf"
configuration file are tried, then the Unix domain socket
/var/run/clamav/clamd.ctl is tried, then finally the TCP/IP socket
at 127.0.0.1 on port 3310 is tried. If either Unix domain or
TCP/IP socket options are explicitly specified, only these are used.
- max_message_size
- An integer value controlling the maximum size (in bytes) of the overall
message text for a message to be processed by this filter module. Messages
larger than this value will never be processed, and thus will never match.
If undef, there is no size limit. Defaults to 1024**2 (1MB).
As MIME multipart processing can be quite CPU- and memory-intensive, you
should definitely restrict the message size to some sensible value that
easily fits in your server's memory. 1024**2 (1MB) should be appropriate
for most uses of this filter module.
- max_part_size
- An integer value controlling the maximum size (in bytes) of any single
MIME part for that part to be processed by this filter module. Parts
larger than this value will never be processed, and thus will never match.
If undef, there is no size limit.
Defaults to the value of the "max_message_size" option, so you
don't really need to specify a part size limit if you are comfortable with
using the same value for both. See the "max_message_size" option
for its default.
- response
- A string that is to be returned as the match result in case of a match.
The name of the detected malware is appended to the response text.
Defaults to "Malware detected:".
All options of the
Courier::Filter::Module constructor are also supported
by the constructor of the
ClamAVd filter module. Please see
"new" in Courier::Filter::Module for their descriptions.
Instance methods¶
See "Instance methods" in Courier::Filter::Module for a description of
the provided instance methods.
SEE ALSO¶
Courier::Filter::Module, Courier::Filter::Overview.
For AVAILABILITY, SUPPORT, and LICENSE information, see
Courier::Filter::Overview.
AUTHOR¶
Julian Mehnle <julian@mehnle.net>