# HG changeset patch # User ck # Date 1386332145 -3600 # Node ID e75bc05c279d5e4758217c64e82b42571dc28b7b # Parent b4b18827d89daeea75e211aa76219875f5c3f347 Shorter timeout for remote scan server. Limit number of connection pools to 1. Remote server is not contacted for a certain time when connection fails. diff -r b4b18827d89d -r e75bc05c279d config/OsecFS.cfg --- a/config/OsecFS.cfg Wed Dec 04 15:36:45 2013 +0100 +++ b/config/OsecFS.cfg Fri Dec 06 13:15:45 2013 +0100 @@ -9,7 +9,10 @@ MaxFileSize: 50 # the URL of the local scan server -LocalScanserverURL: http://192.168.63.129/virusscan +LocalScanserverURL: http://localhost/virusscan # the URL of the remote scan server RemoteScanserverURL: http://192.168.63.129/virusscan + +# wait time in seconds until a new connection attempt to remote server is made +RetryTimeout: 600 diff -r b4b18827d89d -r e75bc05c279d src/OsecFS.py --- a/src/OsecFS.py Wed Dec 04 15:36:45 2013 +0100 +++ b/src/OsecFS.py Fri Dec 06 13:15:45 2013 +0100 @@ -10,6 +10,7 @@ import logging import os import errno +import time # ToDo replace with ikarus #import pyclamav @@ -30,12 +31,15 @@ STATUS_CODE_INFECTED = 210 STATUS_CODE_NOT_FOUND = 404 -MAX_SCAN_FILE_SIZE = 50 * 0x100000 - SYSTEM_FILE_COMMAND = "file" +MAX_SCAN_FILE_SIZE = 50 * 0x100000 +SCANSERVER_RETRY_TIMEOUT = 60 + # Global http pool manager used to connect to the scan server -httpPool = urllib3.PoolManager() +remoteScanserverReachable = True +scanserverTimestamp = 0 +httpPool = urllib3.PoolManager(num_pools = 1, timeout = 3) def checkMinimumOptions (config): for section, options in MINOPTS.iteritems (): @@ -110,8 +114,15 @@ m = m.replace('w', 'a', 1) return m + +def contactScanserver(url, fields): + return httpPool.request_encode_body('POST', url, fields = fields, retries = 0) + def scanFileIkarus (path, fileobject): + global remoteScanserverReachable + global scanserverTimestamp + infected = False LOG.debug ("Scan File: %s" % (path)) @@ -121,18 +132,34 @@ fields = { 'up_file' : fileobject.read() } - try: - response = httpPool.request_encode_body('POST', REMOTE_SCANSERVER_URL, fields = fields) - # We should catch socket.error here, but this does not work. Needs checking. - except: - LOG.info("Remote scan server unreachable, using local scan server.") + if (remoteScanserverReachable == False) and ((scanserverTimestamp + SCANSERVER_RETRY_TIMEOUT) < time.time()): + remoteScanserverReachable = True + if remoteScanserverReachable: try: - response = httpPool.request_encode_body('POST', LOCAL_SCANSERVER_URL, fields = fields) + response = contactScanserver(REMOTE_SCANSERVER_URL, fields) + # We should catch socket.error here, but this does not work. Needs checking. + except: + LOG.info("Remote scan server unreachable, using local scan server.") + LOG.info("Next check for remote server in %s seconds." % (SCANSERVER_RETRY_TIMEOUT)) + + remoteScanserverReachable = False + scanserverTimestamp = time.time() + + try: + response = contactScanserver(LOCAL_SCANSERVER_URL, fields) + except: + LOG.error ("Connection to local scan server could not be established.") + LOG.error ("Exception: %s" %(sys.exc_info()[0])) + return False + else: + try: + response = contactScanserver(LOCAL_SCANSERVER_URL, fields) except: LOG.error ("Connection to local scan server could not be established.") LOG.error ("Exception: %s" %(sys.exc_info()[0])) return False + if response.status == STATUS_CODE_OK: infected = False @@ -157,7 +184,6 @@ LOG.debug ("Scan File: %s" % (path)) - # ToDo implement ikarus result = pyclamav.scanfile (path) LOG.debug ("Result of file \"%s\": %s" % (path, result)) if (result[0] != 0): @@ -343,12 +369,15 @@ config = loadConfig () initLog (config) + scanserverTimestamp = time.time() + LOCAL_SCANSERVER_URL = config.get("Main", "LocalScanserverURL") REMOTE_SCANSERVER_URL = config.get("Main", "RemoteScanserverURL") + SCANSERVER_RETRY_TIMEOUT = int(config.get("Main", "RetryTimeout")) # Convert file size from MB to byte MAX_SCAN_FILE_SIZE = int(config.get("Main", "MaxFileSize")) * 0x100000 - + osecfs = OsecFS (config.get ("Main", "Rootpath")) osecfs.flags = 0 osecfs.multithreaded = 0