Re: [Clamav-users] ClamAV 0.83 - Stream scanning timeout
[EMAIL PROTECTED] said: I can also not say I understand why ClamAV would hang on STREAM, and not on SCAN Your STREAM problem may be different of course. The messages that gave our clamd a hard time would do exactly the same for clamscan ( of course ). I just wanted you to check that you weren't suffering from the same problem that we were, especially as it was relatively easy to use a recent snapshot tar-ball to avoid the problem. [EMAIL PROTECTED] said: I cannot say this makes me happy We have to find a way to be vigilant and happy at the same time. :-) Steve PS I'm very happy with what ClamAV has done for us, even in my fumbling fists. However, it seems to me that there will always be dangers in running potentially recursive checks in real time on incoming mail. I turned off the ScanMail option to avoid future recurrences but am aware this may be letting some viruses in (eg in bounce messages). I am still not convinced that I understand what happened in our Solaris-based, Exim/exiscan+clamd setup in the minutes/hours after the first dodgy email arrived. In the end, exim quit and we had no mail system. Shortly before that we had a clamd process with many threads, only one of which was doing anything. Calls to clamd were stacking up correctly but none were being processed (it seemed). I don't understand why that happens. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV 0.83 - Stream scanning timeout
Robert, Do your mail logs show what came in just before the problems occurred (twice)? It might just be that it falls into a class of email messages that cause clamav ( 0.81 ) to go into hyperspace, examining each bit individually from every point in five dimensions before giving the message the all clear. I paraphrase; but there was a problem in 0.82 and 0.83 which bit us. The mail server would take many hours to scan a mail digest message. Well it would have if we hadn't kicked it thinking it was looping. As I was told many times - its fixed in the CVS! You can just download the latest tarball instead if you prefer. Hope that helps, Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problems with ScanMail and digests
I once said: A typical 170kB digest containing about 90 messages took 7 hours to scan and exploded to 3900MB! Tomasz said: The problem has been already fixed in CVS. I said: I hope I'm wrong but having downloaded the latest snapshot yesterday and compiled it up I don't see any improvement. ... I have made the dodgy dossier available ... My hopes came true - I obviously was wrong - thanks for downloading my dodgy dossier and checking it for me. If anyone's interested, I had succeeded to build the latest version but failed to execute it (arghhh) due to confusion about the bash shell's hashing algorithm. The which command shared my confusion! Thanks very much, Steve Platt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problems with ScanMail and digests
A typical 170kB digest containing about 90 messages took 7 hours to scan and exploded to 3900MB! The problem has been already fixed in CVS. Tomasz (et al), I hope I'm wrong but having downloaded the latest snapshot yesterday and compiled it up I don't see any improvement. I am assuming that the tarfile snapshots are equivalent to using the CVS (+/- a day)? If it helps, I have made the dodgy dossier available at :- http://homepage.ntlworld.com/steve.platt/dodgy.eml Steve Platt ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] problems with ScanMail and digests
We are having problems with certain mailing list digests that cause clamav to recurse impressively. I see a hint about a similar problem on the developers list but haven't seen anything on this users list yet. A typical 170kB digest containing about 90 messages took 7 hours to scan and exploded to 3900MB! I think clamav is seeing the message digest headers as an indication of bounces andrecursing. This can be demonstrated using the --no-mail option to clamscan. HOWEVER, I am NOT able to turn the ScanMail feature off in the clamd daemon by editting the clamd.conf file - the option remains on. I have reverted to version 0.71 which saves embarrassment for our mail server! Any idea how I can turn ScanMail off in the daemon? Thanks, Steve Platt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problems with ScanMail and digests
A typical 170kB digest containing about 90 messages took 7 hours to scan and exploded to 3900MB! The problem has been already fixed in CVS. Thanks Tomasz. I still have the problem that I cannot turn off ScanMail for the daemon clamd. That is, commented out or not, I still see this :- Mon Feb 28 12:42:19 2005 - Mail files support enabled. I am editing /usr/local/etc/clamd.conf ... With version 0.71 editting clamav.conf allowed me to turn ScanMail on or off. Thanks for any further help, Steve Platt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problems with ScanMail and digests
you need to use DisableDefaultScanOPtions ... A big Thank You Stephen! This option and its significance was hidden by reading:- # DO NOT TOUCH IT unless you know what you are doing. I suppose I should be congratulated for reading that one line, at least! Steve ___ http://lurker.clamav.net/list/clamav-users.html