Odhiambo Washington wrote:
From your MTA's end, what sort of message sizes do you give clamd to
scan? FWIW, I use Exim as my MTA and I only send messages less that 512k
to clamd. Anything above that size is assumed to be safe, but that's by
myself. Fortunately, it's me who decides on such aspects. YMMV.
There are other factors to look at as well, so you better describe your
server environment and mail volumes, etc, even give a glimpse into your
clamd.conf (egrep -v "#|^$" /usr/local/etc/clamd.conf) to enable us give
second opinion.
My 0.87.1 is very stable on several servers. On the main box, I run CVS,
strangely!
I'm using exim as my MTA, and calling clam on every message with a
simple av_scanner = clamd:/var/run/clamav/clamd
The clamd.conf is quite basic:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
FixStaleSocket
User clamav
AllowSupplementaryGroups
DisableDefaultScanOptions
ScanPE
DetectBrokenExecutables
ScanOLE2
ScanMail
MailFollowURLs
ScanHTML
ScanArchive
ScanRAR
ArchiveBlockEncrypted
The load on this machine is extremely low, and it only passes about
9,000 emails/day.
The services run inside a jail which is entirely contained on a single
disk volume (backed by mirrored scsi drives). There's plenty of RAM
available (currently running with about 1.6G available), and no lack of
CPU (2xXeon, with a load that usually stays well below 0.5)
We run extremely similar setups, under much higher load, without issue,
and are a bit confused that this particular installation just loves to
spiral out of control. We've rebuilt the OS kernel and worlds, and all
clamav-related software with no improvement.
When clamd dies it just sits there ignoring TERM, burning CPU and not
logging anything in particular. I'm not sure what to do at that point,
to extract any useful debugging data.
Regards,
Kevin Way
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
