Hello, we are observing the following behaviour with our clamd/clamav-milter setup:
there some messages that exceed the StreamMaxLength remaining in the quarantine directory with filenames like msg.AuxBaE. Clamav-milter keeps around 17 open filedescriptors for each such file. These file descriptors are not released and over the time reach high numbers, around several thousands (~5000 or more). Eventually clamav-milter stops responding and gets restarted by the watchdog script (clmilter_watch). We have three mail gateways running the same setup and they have the same problem. All of them are running ClamAV version 0.88, clamav-milter version 0.87 on FreeBSD 5.3/5.4. Clamav-milter run as: clamav-milter -enNqd -m 150 -U /var/tmp/clamav Our clamd.conf contain: LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime LogSyslog LogFacility LOG_MAIL PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp/clamav-tmp DatabaseDirectory /var/db/clamav LocalSocket /var/run/clamav/clamd FixStaleSocket TCPAddr 127.0.0.1 MaxConnectionQueueLength 50 StreamMaxLength 1M MaxThreads 100 User clamav AllowSupplementaryGroups ScanPE DetectBrokenExecutables ScanOLE2 ScanMail ScanHTML ScanArchive ArchiveMaxFileSize 1M ArchiveMaxCompressionRatio 1500 Here is a sample of the quarantine directory followed by the output of lsof (I'm sorry about the formatting): % ls -lt /var/tmp/clamav | head total 5246994 -rw------- 1 clamav wheel 1049604 Mar 18 19:46 msg.AuxBaE drwx------ 2 clamav wheel 5120 Mar 18 19:45 060318 -rw------- 1 clamav wheel 1051111 Mar 18 19:43 msg.JxxvNF -rw------- 1 clamav wheel 1050797 Mar 18 19:31 msg.VHSVPJ -rw------- 1 clamav wheel 1050743 Mar 18 19:26 msg.Wbbvdw -rw------- 1 clamav wheel 1049604 Mar 18 19:25 msg.EwAggU -rw------- 1 clamav wheel 1051111 Mar 18 19:22 msg.jieLN6 -rw------- 1 clamav wheel 1049500 Mar 18 18:54 msg.vHmpcn -rw------- 1 clamav wheel 1049496 Mar 18 18:41 msg.v02yjx % /usr/local/sbin/lsof -n -w -c clamav-milter | egrep msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE clamav-mi 65257 clamav 134u VREG 4,18 1049604 10058197 /var/tmp/clamav/msg.AuxBaE I can provide you with some of /var/tmp/clamav/msg.* files for debugging. Regards, Panagiotis _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
