--On 23 August 2006 10:04 -0700 Chuck Swiger <[EMAIL PROTECTED]> wrote:
Clamd will grow as needed to handle any compressed files being passed to
it; perhaps someone is sending maliciously constructed archives which
require excessive resources to unpack and scan?
Hi,
Thanks for the reply... So clamd basically 'grows' around any file it's
scanning, it doesn't just 'read' the file (buffering say 'x'k of it?)
clamd.conf should have
some tunable knobs related to this which you might try adjusting.
Yeah, we've had to look in there before - a problem we had some months go
with a legitimate file that compressed by thousands of percent ;)
Also,
I don't think that clamav-milter is the best interface for doing virus
scanning, but YMMV; consider using a frontend like amavisd which invokes
clamdscan as needed only after a message passes less resource-intensive
checking.
We really didn't want to install anything else on the server - i.e. all it
does is scan for viruses, that's it - which meant, at the time the supplied
milter was more than enough.
Note that /var/log/clamav/clamd.log might contain useful information...
I've already checked there - at the moment it doesn't log anything
interesting at all. The only problem is with the volume of mail going
through the server, I have to tread carefully how much logging I enable.
Cheers,
-Karl
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
