Ok! Having watched this when it happened, I can now confirm that these are the sequence of events for a hung clamav-milter process:
clamav-milter finds virus and logs these in /var/log/maillog: May 29 17:27:28 idc131 clamav-milter[30450]: j4T8RRO3033496: /var/tmp/clamav-2870772f87caf354/msg.C6YkeV: Worm.SomeFool.Gen-1 Intercepted virus from <[EMAIL PROTECTED]> to <deleted address> May 29 17:27:28 idc131 sm-mta[33496]: j4T8RRO3033496: Milter add: header: X-Virus-Status: Infected with Worm.SomeFool.Gen-1 But in /var/log/clamd.log it says: Sun May 29 17:27:28 2005 -> /var/tmp/clamav-2870772f87caf354/msg.C6YkeV: Worm.SomeFool.Gen-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. At this time, ps -aux still shows the incoming smtp process, AND the clamav-milter process. Then 10 minutes later in /var/log/maillog: May 29 17:37:28 idc131 sm-mta[33496]: j4T8RRO3033496: Milter (clmilter): timeout before data read May 29 17:37:28 idc131 sm-mta[33496]: j4T8RRO3033496: Milter (clmilter): to error state May 29 17:37:28 idc131 sm-mta[33496]: j4T8RRO3033496: Milter: data, reject=451 4.3.2 Please try again later May 29 17:37:28 idc131 sm-mta[33496]: j4T8RRO3033496: to=<address deleted>, delay=00:10:00, pri=54614, stat=Please try again later At this time, the incoming smtp connection closes but the clamav-milter process remains. Some minutes later, the same smtp server will try again to deliver the infected message (having been told to try again later,) and thus I have yet another hung process. Currently, I am using these to start clamav-milter: -HNPCol --external --timeout=60 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] --pidfile=/var/somewhere local:/path/to/clmilter.sock on FreeBSD 4.x with sendmail-8.13.3. This is also happening on another FreeBSD 4.x boxx with sendmail-8.13.4 Thanks in advance for any pointers! Cheers, N. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
