Re: [Clamav-users] ClamAV-milter sending delays
On Fri, 18 Mar 2005 06:55:47 + Rob MacGregor [EMAIL PROTECTED] wrote: On Thu, 17 Mar 2005 16:39:40 -0600, Dan Bongert [EMAIL PROTECTED] wrote: It's a pretty beefy box (though not even close to cutting-edge): dual PIII 1.13GHz processors, 1GB of RAM, FreeBSD 4.8. It's not particularly processor-bound--the load average is usually less than 1, and top only reports 162MB of active RAM. I'm wondering if there might be something weird with .doc scanning (for macro viruses)? That wouldn't be a problem with PDFs... Well, I just turned one of the RTF documents I've got kicking around into a DOC, coming out at 480 KB. That went through in ~3 seconds. I suspect the possibility of a config problem on your box? Worth checking - which milter are you using and are you using the clamav from the ports? I'm using the main branch: /usr/ports/security/clamav I was running 0.82, and just upgraded to 0.83: X-Virus-Scanned: ClamAV 0.83/770 And this only seems to be a problem with this particular Word document. Others pass through the system in a efficient and timely fashion. Something to do with Word's equation editor maybe? -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator (608) 262-9857 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV-milter sending delays
So, I've been using ClamAV quite successfully since the days of .66, and I've got a new problem. A user of mine is sending out a large (but not humongous - ~500kb) that is filled with lots of equations and other complicated stuff from Outlook (though there are problems with other mailers too). What's happening is this: user sends email, and while the connection is still open, sendmail passes the message via milter to Clam, which scans it for viruses. A minute and a half later, Clam has decided that the email is virus-free, sendmail sends a 250 Message accepted for delivery, and the message is sent. However, the problem comes in because Outlook (and Squirrelmail, our web-based email) has timed out the SMTP connection in that minute and a half. This is particularly annoying with Outlook because Outlook will attempt to resend the already-sent email over and over. Does this sound like my sendmail/milter setup is broken? Or is this the way things are supposed to work? I'm planning a transition to Postfix for this summer (since I'm not a Sendmail expert by any means), but if there's a change I can make now, that'd be even better. Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Thu, 17 Mar 2005 18:58:46 + Rob MacGregor [EMAIL PROTECTED] wrote: On Thu, 17 Mar 2005 12:10:28 -0600, Dan Bongert [EMAIL PROTECTED] wrote: So, I've been using ClamAV quite successfully since the days of .66, and I've got a new problem. A user of mine is sending out a large (but not humongous - ~500kb) that is filled with lots of equations and other complicated stuff from Outlook (though there are problems with other mailers too). What's happening is this: user sends email, and while the connection is still open, sendmail passes the message via milter to Clam, which scans it for viruses. A minute and a half later, Clam has decided that the email is virus-free, sendmail sends a 250 Message accepted for delivery, and the message is sent. What sort of hardware have you got and what sort of load is it under? On my largely idle 1 GHz box with 512 MB of RAM I see a ~550 KB PDF file scanned (through MIMEDefang) by both ClamAV and F-Prot in about 2 seconds. I haven't seen anything take longer than 10 seconds, even with SpamAssassin. It's a pretty beefy box (though not even close to cutting-edge): dual PIII 1.13GHz processors, 1GB of RAM, FreeBSD 4.8. It's not particularly processor-bound--the load average is usually less than 1, and top only reports 162MB of active RAM. I'm wondering if there might be something weird with .doc scanning (for macro viruses)? That wouldn't be a problem with PDFs... -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter not honoring the --quiet switch?
As far as I can tell, running --quiet shouldn't send email to *anyone* from clamav-milter. I'm still seeing it send 550 REJECT messages back to the original sender. Is there another switch I need to set? I'm running ClamAV from the FreeBSD 4.8 clamav-devel port (ClamAV version 'clamd / ClamAV version devel-20040129', clamav-milter version '0.66g'), and these are the switches I pass to clamav-milter: --quiet --quarantine-dir=/mail/quarantine/clamav --local --outgoing --max-children=50 /var/run/clamav/clmilter.sock Any thoughts? Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Just installed clamav-milter--reporting/logging and bounce questions
I just installed clamav and clamav-milter (CVS from 20040126 (0.66g), FreeBSD 4.8 port clamav-devel), and am very happy with it. It's very fast, and is doing a wonderful job of blocking various viruses to my users--nearly 7000 MyDooms since last night at 7pm. I'm very impressed. However, I'm wondering about a few things that I didn't find in the documentation. I'm wondering if I can turn off the 550 bouncing behavior, and just silently eat the viruses when they come in. Did I miss a configuration setting for this? I'm not sure bouncing the mail back to the original sender is helping anything. I thought maybe the --quiet switch would turn this off, but that doesn't seem to be helping. Also, is there some way of logging info about each viral message (to, from, and virus caught maybe?) The clamd log only reports: stream: Worm.SCO.A FOUND And the maillog doesn't report which virus was found. Jan 29 10:21:07 charles sendmail[48548]: i0TGL6cZ048548: milter=clmilter, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com Jan 29 10:21:07 charles sendmail[48548]: i0TGL6cZ048548: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com I just like to know exactly what's going on, I guess. Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
