Hi! On Fri, 12 Dec 2003, Mike Brodbelt wrote:
MB>Dec 12 07:16:35 castor clamav-milter[8758]: clean message from MB><[EMAIL PROTECTED]> MB>Dec 12 07:18:08 castor clamav-milter[8880]: clamfi_connect: connection MB>from castor.acu.ac.uk [194.81.120.81] MB>Dec 12 07:20:23 castor clamd[12601]: SelfCheck: Database status OK. MB>Dec 12 07:20:48 castor clamav-milter[9396]: clamfi_connect: connection MB>from web14421.mail.yahoo.com [216.136.174.201] MB>Dec 12 07:20:49 castor clamav-milter[9396]: clean message from MB><[EMAIL PROTECTED]> MB> MB> MB>All is fine at this point. At 7:20am, clamd runs a self-check. I am now MB>almost *certain* that the error condition is triggered by this MB>self-check, as I've never consciously seen a failure without an attached MB>self-check. Shortly after the self-check, it becomes apparent that MB>things are going wrong:- Look, two minutes before SelfCheck there is milter thread 8880 started, and I do not see when it finishes. Is something wrong with it? At the moment I have no ideas what is going wrong in your case, following is my clamav.conf, try to change your to be as close to it as possible, and recheck if you had installed libclamav after last rebuild. === clamav.conf === LogFile /tmp/clamd.log LogFileMaxSize 2M LogTime LogSyslog PidFile /var/run/clamd.pid LocalSocket /var/run/clamav/clamd FixStaleSocket StreamSaveToDisk ThreadTimeout 7200 MaxDirectoryRecursion 15 User clamav ScanMail === clamav.conf === I start clamd without any arguments and clamav-milter with following ones: --max-children=0 -l --quarantine-dir /var/quarantine --postmaster-only -o unix:/var/run/clamav/clam-milter MB> MB>Normally, each "connection from" message is followed by the scan result MB>- either "clean" or "virus found". The first odd thing in the logs is a MB>long list of connects with no scan results (positive or negative) after MB>them, then the max-children messages start. When I had similar behaviour, it was caused by clamd deaths. Normally, there are three clamd threads running + one per message being scanned. Sometimes, as of version 0.60, two threads of clamd died and only one left, doing periodical selfchecks. Then any process connecting to clamd would successfully connect but time out waiting for any response. I had not seen something like this since 0.65 released. It may be helpful if you try to run clamdscan on a file when milter begin to block and look if clamdscan hangs too. Don't forget that clamdscan can check only files accessible by user running clamd, not clamdscan. MB>At this point, AFAICT, every mail is slowed down by sendmail waiting for MB>the milter to time-out, and the system starts passing mail unscanned by MB>ClamAV. Soon after, the "private data not NULL" errors start. MB>It then accumulated processes until I notice, and kill and restart it. Do you need to restart both clamav-milter and clamdscan, or only one of them? MB>Something appears to have improved recently, beacuse with the 09122003 MB>CVS, although I still get the huge max-children numbers in the logs, I MB>don't actually seem to have hundreds of processes any more. I had switched that limit off for clamav-milter because at some point with 0.60 it seemed it was not working properly. MB>So, I think that the self-check is actually where it starts to go wrong, MB>and that clamd falls over somehow, which causes the milter to block and MB>time-out, and also means that it doesn't always exit cleanly (leading to MB>the not NULL errors). At the moment I do not see any way for self-check to break things... May be, switching to process based scanning would help? Try UseProcesses option in clamav.conf. misha. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
