clamav: allow configuration to use TCP socket

Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."

Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.

I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.

This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.

Signed-off-by: W. Michael Petullo <mike@flyn.org>

5 files changed, 144 insertions, 3 deletions

diff --git a/net/clamav/Makefile b/net/clamav/Makefile
index 3fb870d06..abbb9d374 100644
--- a/net/clamav/Makefile
+++ b/net/clamav/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=clamav
 PKG_VERSION:=0.102.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.clamav.net/downloads/production/
@@ -88,6 +88,7 @@ TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed $(if $(CONFIG_USE_MUSL),-lfts)
 
 define Package/clamav/conffiles
 /etc/config/clamav
+/etc/config/clamav-milter
 endef
 
 define Package/clamav/install
@@ -106,9 +107,11 @@ define Package/clamav/install
 
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/clamav.config $(1)/etc/config/clamav
+	$(INSTALL_CONF) ./files/clamav-milter.config $(1)/etc/config/clamav-milter
 
 	$(INSTALL_DIR) $(1)/etc/init.d/
 	$(INSTALL_BIN) ./files/clamav.init $(1)/etc/init.d/clamav
+	$(INSTALL_BIN) ./files/clamav-milter.init $(1)/etc/init.d/clamav-milter
 
 	$(INSTALL_DIR) $(1)/usr/share/clamav
 	$(CP) ./files/bytecode.cvd $(1)/usr/share/clamav/
diff --git a/net/clamav/files/clamav-milter.config b/net/clamav/files/clamav-milter.config
new file mode 100644
index 000000000..2598f2604
--- /dev/null
+++ b/net/clamav/files/clamav-milter.config
@@ -0,0 +1,26 @@
+config clamav-milter 'clamav-milter'
+	option clamav_milter_config_file '/etc/clamav/clamav-milter.conf'
+	option Foreground 'true'
+	option PidFile '/var/run/clamav/clamav-milter.pid'
+	option User 'nobody'
+	option MilterSocketGroup 'nogroup'
+	option AllowSupplementaryGroups 'true'
+	option ReadTimeout '120'
+	option OnClean 'Accept'
+	option OnInfected 'Quarantine'
+	option OnFail 'Defer'
+	option AddHeader 'Replace'
+	option LogVerbose 'true'
+	option LogTime 'true'
+	option LogSyslog 'true'
+	option LogFacility 'LOG_LOCAL6'
+	option LogInfected 'Full'
+	option LogClean 'Basic'
+	option MaxFileSize '25M'
+	option SupportMultipleRecipients 'true'
+	option RejectMsg 'Rejecting Harmful Email: %v found.'
+	option TemporaryDirectory '/tmp'
+	option MilterSocket 'unix:/var/run/clamav/clamav-milter.sock'
+	option MilterSocketMode '666'
+	option ClamdSocket 'tcp:127.0.0.1:3310'
+	option FixStaleSocket 'true'
diff --git a/net/clamav/files/clamav-milter.init b/net/clamav/files/clamav-milter.init
new file mode 100644
index 000000000..a4a0fdec5
--- /dev/null
+++ b/net/clamav/files/clamav-milter.init
@@ -0,0 +1,100 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2015 OpenWrt.org
+
+START=90
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/sbin/clamav-milter
+CLAMAV_MILTER_CONFIGFILE="/tmp/clamav/clamav-milter.conf"
+
+validate_clamav_milter_section() {
+	uci_load_validate clamav-milter clamav_milter "$1" "$2" \
+		'clamav_milter_config_file:string' \
+		'Foreground:string' \
+		'PidFile:string' \
+		'User:string' \
+		'MilterSocketGroup:string' \
+		'AllowSupplementaryGroups:string' \
+		'ReadTimeout:uinteger' \
+		'OnClean:string' \
+		'OnInfected:string' \
+		'OnFail:string' \
+		'AddHeader:string' \
+		'LogVerbose:string' \
+		'LogTime:string' \
+		'LogSyslog:string' \
+		'LogFacility:string' \
+		'LogInfected:string' \
+		'LogClean:string' \
+		'MaxFileSize:string' \
+		'SupportMultipleRecipients:string' \
+		'RejectMsg:string' \
+		'TemporaryDirectory:string' \
+		'MilterSocket:string' \
+		'MilterSocketMode:uinteger' \
+		'ClamdSocket:string' \
+		'FixStaleSocket:string'
+}
+
+start_clamav_milter_instance() {
+	[ "$2" = 0 ] || {
+		echo "validation failed"
+		return 1
+	}
+
+	mkdir -p /etc/clamav/
+	mkdir -p /var/run/clamav/
+	chmod a+rw /var/run/clamav
+
+	mkdir -p "$(dirname $CLAMAV_MILTER_CONFIGFILE)"
+	ln -sf "$clamav_milter_config_file" "$CLAMAV_MILTER_CONFIGFILE"
+
+	{
+	echo "Foreground " "$Foreground"
+	echo "PidFile " "$PidFile"
+	echo "User " "$User"
+	echo "MilterSocketGroup " "$MilterSocketGroup"
+	echo "AllowSupplementaryGroups " "$AllowSupplementaryGroups"
+	echo "ReadTimeout " "$ReadTimeout"
+	echo "OnClean " "$OnClean"
+	echo "OnInfected " "$OnInfected"
+	echo "OnFail " "$OnFail"
+	echo "AddHeader " "$AddHeader"
+	echo "LogVerbose " "$LogVerbose"
+	echo "LogTime " "$LogTime"
+	echo "LogSyslog " "$LogSyslog"
+	echo "LogFacility " "$LogFacility"
+	echo "LogInfected " "$LogInfected"
+	echo "LogClean " "$LogClean"
+	echo "MaxFileSize " "$MaxFileSize"
+	echo "SupportMultipleRecipients " "$SupportMultipleRecipients"
+	echo "RejectMsg " "$RejectMsg"
+	echo "TemporaryDirectory " "$TemporaryDirectory"
+	echo "MilterSocket " "$MilterSocket"
+	echo "MilterSocketMode " "$MilterSocketMode"
+	echo "ClamdSocket " "$ClamdSocket"
+	echo "FixStaleSocket " "$FixStaleSocket"
+	} > "$CLAMAV_MILTER_CONFIGFILE"
+
+	procd_open_instance
+	procd_set_param command $PROG -c $CLAMAV_MILTER_CONFIGFILE
+	procd_set_param file $CLAMAV_MILTER_CONFIGFILE
+	procd_close_instance
+}
+
+start_service()
+{
+	validate_clamav_milter_section clamav_milter start_clamav_milter_instance
+}
+
+stop_service()
+{
+	service_stop $PROG
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "clamav-milter"
+	procd_add_validation validate_clamav_milter_section
+}
diff --git a/net/clamav/files/clamav.config b/net/clamav/files/clamav.config
index 9f945e3b9..bdd555033 100644
--- a/net/clamav/files/clamav.config
+++ b/net/clamav/files/clamav.config
@@ -29,7 +29,9 @@ config clamav 'clamav'
 	option AlertEncrypted 'yes'
 	option MaxFileSize '10M'
 	option TemporaryDirectory '/tmp'
-	option LocalSocket '/var/run/clamav/clamd.sock'
+	# option LocalSocket '/var/run/clamav/clamd.sock'
+	option TCPAddr '127.0.0.1'
+	option TCPSocket '3310'
 	option User 'nobody'
 	option ExitOnOOM 'yes'
 	option DatabaseDirectory '/usr/share/clamav'
diff --git a/net/clamav/files/clamav.init b/net/clamav/files/clamav.init
index e06dfa60c..ca093cdff 100644
--- a/net/clamav/files/clamav.init
+++ b/net/clamav/files/clamav.init
@@ -41,6 +41,8 @@ validate_clamav_section() {
 		'AlertEncrypted:string' \
 		'MaxFileSize:string' \
 		'LocalSocket:string' \
+		'TCPSocket:port' \
+		'TCPAddr:ipaddr' \
 		'User:string' \
 		'ExitOnOOM:string' \
 		'DatabaseDirectory:string'
@@ -90,12 +92,20 @@ start_clamav_instance() {
 	echo "TemporaryDirectory " "$TemporaryDirectory"
 	echo "AlertEncrypted " "$AlertEncrypted"
 	echo "MaxFileSize " "$MaxFileSize"
-	echo "LocalSocket " "$LocalSocket"
 	echo "User " "$User"
 	echo "ExitOnOOM " "$ExitOnOOM"
 	echo "DatabaseDirectory " "$DatabaseDirectory"
 	} > "$CLAMD_CONFIGFILE"
 
+	if [ -n "$LocalSocket" ]; then
+		echo "LocalSocket " "$LocalSocket" >>"$CLAMD_CONFIGFILE"
+	fi
+
+	if [ -n "$TCPSocket" ]; then
+		echo "TCPAddr" "$TCPAddr" >>"$CLAMD_CONFIGFILE"
+		echo "TCPSocket " "$TCPSocket" >>"$CLAMD_CONFIGFILE"
+	fi
+
 	procd_open_instance
 	procd_set_param command $PROG -c $CLAMD_CONFIGFILE
 	procd_set_param file $CLAMD_CONFIGFILE