On Mon, 2004-04-26 at 21:19, Don Levey wrote:
> In case anyone is still following my story...
>
> I've narrowed things down a bit. The clamd daemon seems to be running
> properly, as evidenced by a proper run of clamdscan. Takes almost no
> time at all to scan one file, and 12 minutes in total to scan approx
> 30Gb of directories/files.
>
> Therefore, I must conclude that there is some communication problem
> between clamav-milter and clamd (or clamav-milter and sendmail) that is
> interfering with the ability of the milter to do its job. As I
> mentioned above, there are two symptoms - a significant slowdown in mail
> exchange, and the failure for any virii to be flagged or a header line
> to be written in acceptable messages. Does anyone have any suggestions
> for what might account for this?
> -Don
>
Once more into the breach:
Three entries from the mail log -
Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174:
from=<[EMAIL PROTECTED]>, size=700, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter
(clmilter): timeout during data read
Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter
(clmilter): to error state
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212:
from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: Milter: data,
reject=451 4.7.1 Please try again later
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again
later
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214:
from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: Milter: data,
reject=451 4.7.1 Please try again later
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again
later
What seem to be corresponding entries from an strace run of
clamav-milter:
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 2
setsockopt(2, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x410cba90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7175], {entry_number:6,
base_addr:0x410cbb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7175
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x418cca90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7213], {entry_number:6,
base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7213
select(2, [1], NULL, [1], {5, 0}) = 1 (in [1], left {4, 780000})
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x418cca90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7215], {entry_number:6,
base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7215
So what is happening here? Why don't viruses get blocked? Why is mail
significantly delayed? Why aren;t the headers getting rewritten?
-Don
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
