Hi list, I have posted before about an issue with clamd hanging and yesterday we finally managed to find out what the underlying problem was. We came across an 800k mail that we initially thought was causing clamd to hang. The truth infact was that once we turned on debugging, we noticed that clamd was not hanging - just taking an age to scan the mail. This was obviously causing us huge problems as this was happening on very busy mail servers and in effect causes a DOS. We were running 0.83 and downgraded eventually to 0.80 and then we no longer experienced the issue.
What we noticed about this one particular mail was that it had hundreds of mime-parts. So it appears to us that there has been a major change in the way clamav deals with mime parts since 0.80. So much so that it goes from scanning this mail in under a second in 0.80: # ls -la 1108491486.1513-1.ophelia.telkomsa.net -rw------- 1 root root 817795 Feb 15 20:35 1108491486.1513-1.ophelia.telkomsa.net # cat 1108491486.1513-1.ophelia.telkomsa.net | clamdscan - stream: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.741 sec (0 m 0 s) To taking over 4 minutes to scan in 0.83 Can anyone shed some light on this / offer some advice, as obviously we want to keep up with the latest stable version. I can provide the mail if anyone wants to examine it further. Many thanks Scott Ryan Telkom Internet _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
