[Clamav-users] ClamAV-milter sending delays
So, I've been using ClamAV quite successfully since the days of .66, and I've got a new problem. A user of mine is sending out a large (but not humongous - ~500kb) that is filled with lots of equations and other complicated stuff from Outlook (though there are problems with other mailers too). What's happening is this: user sends email, and while the connection is still open, sendmail passes the message via milter to Clam, which scans it for viruses. A minute and a half later, Clam has decided that the email is virus-free, sendmail sends a "250 Message accepted for delivery", and the message is sent. However, the problem comes in because Outlook (and Squirrelmail, our web-based email) has timed out the SMTP connection in that minute and a half. This is particularly annoying with Outlook because Outlook will attempt to resend the already-sent email over and over. Does this sound like my sendmail/milter setup is broken? Or is this the way things are supposed to work? I'm planning a transition to Postfix for this summer (since I'm not a Sendmail expert by any means), but if there's a change I can make now, that'd be even better. Thanks! -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Thu, 17 Mar 2005 12:10:28 -0600, Dan Bongert <[EMAIL PROTECTED]> wrote: > So, I've been using ClamAV quite successfully since the days of .66, > and I've got a new problem. A user of mine is sending out a large (but > not humongous - ~500kb) that is filled with lots of equations and other > complicated stuff from Outlook (though > there are problems with other mailers too). > > What's happening is this: user sends email, and while the connection is > still open, sendmail passes the message via milter to Clam, which scans > it for viruses. A minute and a half later, Clam has decided that the > email is virus-free, sendmail sends a "250 Message accepted for > delivery", and the message is sent. What sort of hardware have you got and what sort of load is it under? On my largely idle 1 GHz box with 512 MB of RAM I see a ~550 KB PDF file scanned (through MIMEDefang) by both ClamAV and F-Prot in about 2 seconds. I haven't seen anything take longer than 10 seconds, even with SpamAssassin. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Thu, 17 Mar 2005 18:58:46 + Rob MacGregor <[EMAIL PROTECTED]> wrote: > On Thu, 17 Mar 2005 12:10:28 -0600, Dan Bongert > <[EMAIL PROTECTED]> wrote: > > So, I've been using ClamAV quite successfully since the days of .66, > > and I've got a new problem. A user of mine is sending out a large > > (but not humongous - ~500kb) that is filled with lots of equations > > and other complicated stuff from Outlook (though there are problems > > with other mailers too). > > > > What's happening is this: user sends email, and while the > > connection is still open, sendmail passes the message via milter to > > Clam, which scans it for viruses. A minute and a half later, Clam > > has decided that the email is virus-free, sendmail sends a "250 > > Message accepted for delivery", and the message is sent. > > What sort of hardware have you got and what sort of load is it under? > > On my largely idle 1 GHz box with 512 MB of RAM I see a ~550 KB PDF > file scanned (through MIMEDefang) by both ClamAV and F-Prot in about 2 > seconds. I haven't seen anything take longer than 10 seconds, even > with SpamAssassin. It's a pretty beefy box (though not even close to cutting-edge): dual PIII 1.13GHz processors, 1GB of RAM, FreeBSD 4.8. It's not particularly processor-bound--the load average is usually less than 1, and top only reports 162MB of active RAM. I'm wondering if there might be something weird with .doc scanning (for macro viruses)? That wouldn't be a problem with PDFs... -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Thu, 17 Mar 2005 16:39:40 -0600, Dan Bongert <[EMAIL PROTECTED]> wrote: > > > It's a pretty beefy box (though not even close to cutting-edge): dual > PIII 1.13GHz processors, 1GB of RAM, FreeBSD 4.8. It's not > particularly processor-bound--the load average is usually less than > 1, and top only reports 162MB of active RAM. I'm wondering if there > might be something weird with .doc scanning (for macro viruses)? That > wouldn't be a problem with PDFs... Well, I just turned one of the RTF documents I've got kicking around into a DOC, coming out at 480 KB. That went through in ~3 seconds. I suspect the possibility of a config problem on your box? Worth checking - which milter are you using and are you using the clamav from the ports? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Fri, 18 Mar 2005 06:55:47 + Rob MacGregor <[EMAIL PROTECTED]> wrote: > On Thu, 17 Mar 2005 16:39:40 -0600, Dan Bongert > <[EMAIL PROTECTED]> wrote: > > > > > > It's a pretty beefy box (though not even close to cutting-edge): > > dual PIII 1.13GHz processors, 1GB of RAM, FreeBSD 4.8. It's not > > particularly processor-bound--the load average is usually less than > > 1, and top only reports 162MB of active RAM. I'm wondering if there > > might be something weird with .doc scanning (for macro viruses)? > > That wouldn't be a problem with PDFs... > > Well, I just turned one of the RTF documents I've got kicking around > into a DOC, coming out at 480 KB. That went through in ~3 seconds. > > I suspect the possibility of a config problem on your box? > > Worth checking - which milter are you using and are you using the > clamav from the ports? I'm using the main branch: /usr/ports/security/clamav I was running 0.82, and just upgraded to 0.83: X-Virus-Scanned: ClamAV 0.83/770 And this only seems to be a problem with this particular Word document. Others pass through the system in a efficient and timely fashion. Something to do with Word's equation editor maybe? -- Dan Bongert [EMAIL PROTECTED] SSCC Unix System Administrator (608) 262-9857 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter sending delays
On Fri, 18 Mar 2005 11:53:55 -0600, Dan Bongert <[EMAIL PROTECTED]> wrote: > > And this only seems to be a problem with this particular Word document. > Others pass through the system in a efficient and timely fashion. > Something to do with Word's equation editor maybe? Dunno. If you want to send me a copy direct I'll run it through my system and see what comes out. At least that way you'll know for certain if it's something linked to the document. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
