clamav_milter only resolves clamd remote host IPs on startup, not on re-connection

[f1-outsourcing]

trafficstars

If the clamd is getting a new ip address (after failover or so) clamav-milter does not update to the new ip address

clamav-lib-1.0.5-3.el9.x86_64 clamav-filesystem-1.0.5-3.el9.noarch clamav-milter-1.0.5-3.el9.x86_64

[tj-cisco]

Can you please provide more details of your deployment and the steps taken to reproduce this issue.

[f1-outsourcing]

run clamav-milter on host a, run clamd on host b, now restart host b so it gets a new ip address. The clamav-milter on host a does not update to the new host b ip address.

[tj-cisco]

Ok I think we have found the reason here, the name is only resolved when the milter is started here:

https://github.com/Cisco-Talos/clamav/blob/main/clamav-milter/connpool.c#L110

We should move resolution to the nc_socket function so that it is resolved every time a connection is made: https://github.com/Cisco-Talos/clamav/blob/main/clamav-milter/netcode.c#L82

[f1-outsourcing]

Oh cool, nice this can be fixed :)

[f1-outsourcing]

Shit everything was down again. I am not really sure why this clamd container is getting OOM recently. How long does this type of fix normally take before it finds it's way into el9 repo's?

[f1-outsourcing]

I guess this solution also would detect multiple ip addresses?