Hi,
My clamav blocks ~15k infected emails daily. So 1000 infected mail should not be a problem for clamav unless your hardware is too slow for your mail traffic.
I'm beginning to think that's the problem. It's a PIII 450 MHz machine with 384MB RAM. Like said the avarage rate was about 50 infected mails a day. But now the bsmtp server of the ISP delivers about 50 infected mails in one connection.
After handling about 20 mails the clamav-milter process isn't closed properly before the next mail is handled wich seem to cause al the other mails to go thru unscanned. The process that isn't closed then starts consuming CPU and doesn't close at all.
Only way to close the clamav-milter process is to "kill -9" it. There isn't any swap memory in use so the memory looks sufficient.
you may need to increase the timeout setting in the Xclmilter line of your sendmail.cf file.
you may also need to change the values of MaxConnectionQueueLength, ReadTimeout and MaxThreads in your clamd.conf file.
I've tweaking this settings, but the result remains the same the server can't handle the infected mails. When you think about it is kinda strange since all the infected mails are Wom.Sober.I which consists of a small .zip file with a small .pif file inside. I would think the machine could easy process the small virus files.
Hi Richard,
My clamav blocks ~15k infected emails daily. So 1000 infected mail should not be a problem for clamav unless your hardware is too slow for your mail traffic.
> Dec 15 08:55:12 hostname sm-mta[19447]: iBF7oAD5019447: Milter > (clmilter): timeout before data read
you may need to increase the timeout setting in the Xclmilter line of your sendmail.cf file.
you may also need to change the values of MaxConnectionQueueLength, ReadTimeout and MaxThreads in your clamd.conf file.
tayfun
R Jansen wrote:
Hi All,
On a FreeBSD 4.10 server I'm running: ClamAV devel-20041215/630/Tue Dec 14 23:26:33 2004 ClamAV version devel-20041215, clamav-milter version 0.80t
Which is built from the devel-port: clamav-devel-20041201.tar.gz
Lately the virusrate increased from 50 to about 1000 virusmails a day. The machine doesn't handle this to wel. After handling a couple of mails the clmilter ends in error state and from that point on all messages are checked Clean until the hanging clamav-milter processed is forced to stop and restarted.
In the maillog:
Dec 15 08:55:12 hostname sm-mta[19447]: iBF7oAD5019447: Milter (clmilter): timeout before data read
Dec 15 08:55:12 hostname sm-mta[19447]: iBF7oAD5019447: Milter (clmilter): to error state
Sometimes it's also visible in the messages file:
Dec 15 10:30:50 hostname /kernel: pid 20266 (clamav-milter), uid 1002: exited on signal 11
The machine is running sendmail 8.12.11 all mail is checked for spam and virusses
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:5m;R:5m')dnl
define(`confINPUT_MAIL_FILTERS', `spamassassin, clmilter')dnl
What is the best way to debug clamav? Or is this possible a misconfiguration?
All help apreciated.
grtz, Richard
_________________________________________________________________ Chatten met je online vrienden via MSN Messenger. http://messenger.msn.nl/
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
