I've just installed Sophos + SAVDI using the following configuration (based on the clamav configuration):
# cat local.d/antivirus.conf
sophos {
attachments_only = true;
servers = "127.0.0.1:4010";
symbol = "SOPHOS_VIRUS";
type = "sophos";
whitelist = "/etc/rspamd/antivirus.wl";
# If `max_size` is set, messages > n bytes in size are not scanned
max_size = 50000000;
}
And the corresponding savdid.conf
pidfile: /var/run/savdid.pid
user: savdid
threadcount: 3
maxqueuedsessions: 2
virusdatadir: /opt/sophos-av/lib/sav
idedir: /opt/sophos-av/lib/sav
onexception: REQUEST
onrequest: REQUEST
log {
type: SYSLOG
# omit 'logdir
' when using SYSLOG
loglevel: 2
}
channel {
commprotocol {
type: IP
address: 127.0.0.1
port: 4010
requesttimeout: 120
sendtimeout: 2
recvtimeout: 5
}
scanprotocol {
type: SSSP
allowscanfile: SUBDIR
allowscandata: YES
# If SCANDATA is allowed:-
# maximum amount of data, in bytes, the client can send
maxscandata: 50000000
# maximum amount, in bytes, to held in memory before using a temp file
maxmemorysize: 250000
# path name and stub for generating temp file names.
tmpfilestub: /tmp/savid_tmp
logrequests: YES
}
scanner {
type: SAVI
inprocess: YES
maxscantime: 3
maxrequesttime: 10
deny: /dev
deny: /home
savigrp: GrpArchiveUnpack 0
savigrp: GrpInternet 1
savists: Xml 1
}
}
Worth to mention: the 'max_size' (rspamd) and 'maxscandata' (savdid) parameter should match. The default for SAVDI was 500.000 and SAVDI was complaining with "Invalid data parameters have been given (REJ 4)".
Maybe that helps or someone has additional information?
Ralf