Hi We have been having some problems lately with our installation. We are using Sendmail+clamav-milter+clamd as our antivirus solution, over an RedHat Linux with a 2.4.21 kernel (RH9).
We added a sort of tarpitting solution to our sendmail in order to stop people from scanning our userbase. What this means is that responses to SMTP "rcpt to" gets delayed when the envelope user is unknown. The more you miss, the more you get delayed (its exponential). So what happens is that some SMTP clients may have to wait up to 15 minutes for a response from Sendmail if the miss to many recipents. This has worked well with our sendmail, but clamav-milter seems to be suffering. What happens is that the maximum number of childs are reached in a 2-4 hour period, after that, we have to reset the clamav-milter and start over. clamav-milter[9957]: hit max-children limit (240 >= 240): waiting for some to exit This seems reasonable, as each SMTP client tend to stay more time "online", locking for more time a clamav-milter thread. So what we did was to increment the number of childers to an even bigger value. But then we started to hit with other problems: clamav-milter[1932]: ClamAv: thread_create() failed: 12, try again We did an strace to that process, only to find out that we are running out of memory: mmap2(NULL, 10489856, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) This is consistent with what a ps -axu reports. It reports more that 3 GB of memory in use, which is AFIK the max memory one single process can address. However, it does not seems to be reasonable to have each thread reserve 10MB of memory (note the mmap2 call). Is it possible to reduce that value? I did not find that call on the code. We tried to reduce the StreamMaxLength and ArchiveMaxFileSize on clamd.conf without success (just blind-shooting :-)) Any clue how this can be approached? Regards, Pablo _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
