Mark Hennessy wrote:
I have a user that is sending themselves e-mails containing attachments of
web server logs on the last few days of each month that appear to be very
well compressed. When this happens, clamd seems to overheat.
88457 root 59 0 319M 207M RUN 8:28 90.82% 90.82% clamd
Notice the amount of memory that clamd is occupying and the CPU utilization
%. Our mail server caps individual e-mails at 30MB total size. The
uncompressed attachment files take up over 200MB all combined.
Is it a requirement in your environment to scan all files regardless of
size? The preponderance of viruses if not all viruses come in much
smaller packages and so we don't scan files over a certain size (which
shall remain undisclosed).
As for performance on large files - I've seen large text files bog down
the clamd process in this way and this can be tested on a local machine
using Apache or syslog files for examples.
I had a similar problem with a large zipped wmv file crashing the
milter, too. It becomes a big problem if the process times out and the
response to the timeout is a tempfail back to the smtp client because
they will resend over and over to each MX until the message is accepted
or rejected. The work-around is to limit the size of files sent to the
scanner, but that comes with additional risk.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
