enhancement: enable icap preview mode and fix client according to the spec #8062
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
fschade
force-pushed
the
evolve-antivirus
branch
from
0a32e6f
to
f46edf3
Compare
|
i updated the client lib, can be found here: fschade/icap-client#1 |
…ich fixes tcp socket keepalive
fschade
force-pushed
the
evolve-antivirus
branch
from
1521070
to
27048e7
Compare
|
@mmattel, please see the message from jfd regarding the deprecation. |
|
the client lib is in a good shape now, still, we could (and should) invest more time integrating a protocol layer or similar. Can be done later! we have to decide if we backport it or not, my personal opinion, 4.0, master and 5.0 should contain the change. i tested (locally) every known case, works for me! cc.: @wkloucek. please confirm if it solves your icap problems. |
|
Adding @ScharfViktor as this is testing relevant |
|
thanks martin for taking care :) |
|
@fschade we need a changelog! |
fschade
force-pushed
the
evolve-antivirus
branch
from
196e0a6
to
66554c4
Compare
Co-authored-by: Martin <[email protected]>
fschade
force-pushed
the
evolve-antivirus
branch
from
1c4d779
to
0ad7beb
Compare
|
| @@ -34,5 +36,10 @@ func ParseConfig(cfg *config.Config) error { | |||
|
|
|||
| // Validate validates our little config | |||
| func Validate(cfg *config.Config) error { | |||
| if cfg.Scanner.ICAP.DeprecatedTimeout != 0 { | |||
| cfg.Scanner.ICAP.Timeout = time.Duration(cfg.Scanner.ICAP.DeprecatedTimeout) * time.Second | |||
| fmt.Println("ANTIVIRUS_ICAP_TIMEOUT is deprecated, use ANTIVIRUS_ICAP_SCAN_TIMEOUT instead") | |||
… spec (#8062) * enhancement: enable icap preview mode and use a forked icap client which fixes tcp socket keepalive * enhancement: make use of human time for the icap timout config option * enhancement: update icap-client * enhancement: bump icap client library and deprecate ANTIVIRUS_ICAP_TIMEOUT env * chore: vendor icap library * enhancement: set preview size only if greater than 0 * Update services/antivirus/pkg/config/config.go Co-authored-by: Martin <[email protected]> * enhancement: add changelog --------- Co-authored-by: Martin <[email protected]>
… spec (owncloud#8062) * enhancement: enable icap preview mode and use a forked icap client which fixes tcp socket keepalive * enhancement: make use of human time for the icap timout config option * enhancement: update icap-client * enhancement: bump icap client library and deprecate ANTIVIRUS_ICAP_TIMEOUT env * chore: vendor icap library * enhancement: set preview size only if greater than 0 * Update services/antivirus/pkg/config/config.go Co-authored-by: Martin <[email protected]> * enhancement: add changelog --------- Co-authored-by: Martin <[email protected]>
Description
the used icap lib is not active maintained and we've spotted some bugs:
both of the above topics are handled in my fork but needs confirmation and polishing before sending the changes upstream.
The implementation for preview requests follows the rfc 3507 (0 DoubleCRLF) and works (at least in my test-cases) now as expected.
Making use of the preview mechanism could drastically speed up virus detection and therefore improves the end user experience and by reducing the waiting time and on also reduces the network traffic (if a virus is detected within the firs N bytes).
The implementation still needs some more options later on, for now i just wanna wait for confirmation that the bug reported via #6764 is fixed, Once that is done, i start polishing.
The preview requests are enabled by default in this PR, no change needed.
To see the benefit of TCP connection keepalive, changes in the c-icap are needed, e.g.:
KeepAliveTimeout 600Related Issue
Motivation and Context
speedup virus scanning and improve end user experience
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: