On Thu, Apr 15, 2004 at 11:00:46PM -0700, Jeffrey Goldberg wrote: > On Thu, 15 Apr 2004 [EMAIL PROTECTED] wrote: > > > We limit messages to 10 MB. > > We use 20 MB. I wanted 10, my boss wanted 20, so we compromised on 20.
<g> > But we still haven't clarified (or maybe I missed it) whether there is > a memory leak in clamav or whether the huge file caused the problems > leaklessly. I should note that the example/default mimedefang-filter has > a condition on it to not run spamassassin on very large messages. It > might be safe to do the same with virus scanning. A worm so large that > most mail hubs would reject on size is not really going to propogate very > far. There are some outside cases where a 4mb message can make some versions of clamd consume >gigs< of RAM. It's also decompressing files into RAM so a 50 MB message that's compressed 2:1 will take at least 100MB of RAM. Add to this the overhead for the scanner's structures and recursion it could take a great deal more. Clamd can be DoS'd pretty easily right now. You may want to consider tuning it, running something later than .70rc, running it under ulimits and adding as much RAM to the server as you can afford or will fit. An alternate choice is to use clamscan which appears to do a better job with it's memory management but has the expense of reading the sigs for every check along with the process startup costs. Disabling archive scanning can also help. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang