[bitfolk] centralised clamav - a sticking point

Hi, I was hoping to provide a centralised clamav service -- something that has been repeatedly asked for -- but I've hit a bit of a road block. I can't be having clamav on just one host, and most clamav clients don't support multiple IPs to round robin, so I'd like to load balance it. The problem is that clamav appears to expect the clients to send the file data by a separate TCP stream, the port for which it tells the client in response to a command the client gives. This is similar to FTP. It means I can't see a way to know which ports to open in the firewall, and worse still, the daemon only responds with a port not an IP, which is no good in a load balanced scenario since all the clients are talking to the load balancer. The only thing I can think of is configuring each clamav box to use a different port range and mapping all those ports on the load balancer to the correct boxes. That's really horrible. Anyone got any better ideas? Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting Encrypted mail welcome - keyid 0x604DE5DB