We don't get your level of mail [maybe about 1/2 I think ~20000/hour at the upper end]. I only installed clamav last Thursday so I don't have a lot of background info on it.
clamd is running on both front end servers [but we have traffic directed to one more than the other]. The interface I am trying is cgpav V1.2 found at http://program.farit.ru/. Both items compiled and ran without any difficulty [FreeBSD].
After two day of running, the one server that gets more mail [larger domains directed at it and it seems to come in waves] was having trouble. The clamd process was taking up a lot of CPU time [usually sits below 2% but was up in the 70% range].
I didn't have any limits on message sizes in my rules and I think it was being overloaded with tonnes of spam email of minimal size while at the same time trying to scan a few larger emails.
I currently have it set to check messages that are over 3K in size and it seems to help, but I have noticed it bogging down a couple times since with the following showing up in the CommuniGate Logs:
11:03:52.52 3 EXTFILTER(CGPAV) failed on [8124583], will retry. Error Code=external helper timed out
11:03:52.52 3 EXTFILTER(CGPAV) failed on [8124585], will retry. Error Code=external helper timed out
11:03:52.52 3 EXTFILTER(CGPAV) failed on [8124584], will retry. Error Code=external helper timed out
11:03:52.52 3 EXTFILTER(CGPAV) failed on [8124578], will retry. Error Code=external helper timed out
11:03:52.77 3 EXTFILTER(CGPAV) failed on [8124562], will retry. Error Code=external helper timed out
11:03:52.77 3 EXTFILTER(CGPAV) failed on [8124577], will retry. Error Code=external helper timed out
11:03:52.77 3 EXTFILTER(CGPAV) failed on [8124586], will retry. Error Code=external helper timed out
11:03:52.77 3 EXTFILTER(CGPAV) failed on [8124573], will retry. Error Code=external helper timed out
11:03:52.77 3 EXTFILTER(CGPAV) failed on [8119735], will retry. Error Code=external helper timed out
11:03:53.52 3 EXTFILTER(CGPAV) failed on [8124579], will retry. Error Code=external helper timed out
Disabling the Helper in General->Helpers for a little bit helped, but who knows how many viruses go through in the 30seconds to a minute you disable it for.
So, I'm not sure if clamd is getting into trouble or cgpav [the helper program] is causing problems.
The front end server with a lighter load seems to be running without any problems at all. I believe if we balanced the load between the two front ends properly and maybe did some tweaking on message sizes to scan, it would work fine.
If anyone knows the upper and lower limits on message size that will probably/most likely contain viruses, that may be helpful. Can you get viruses that are in 5K messages? How many viruses are transmitted in 5MB messages?
-Jeff
------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
