Thu, 15 Feb 2007 (12:44 -0000 UTC) Nigel Horne wrote:
robert delius royar wrote:
System: FreeBSD 4.7-RELEASE-p28 i386
Sendmail: 8.13.8
Milters: spamassassin_milter (C based)
smf-grey
clamav-milter 0.90
With the latest version of clamav-milter, all incoming mail is failing
with a temp fail 451 error. In the log files I see
Milter (clmilter): timeout before data read
Milter (clmilter): to error state
for each message after about 4 minutes waiting, the timeout set in
sendmail.mc:
INPUT_MAIL_FILTER(`clmilter',`S=unix:/var/run/clamav/clmilter.sock, F=T,
T=S:4m;R:4m')
I start the milter with
/usr/local/sbin/clamav-milter -lHq --dont-wait --max-children 12 -T 0
local:/var/run/clamav/clmilter.sock
Version 0.88.7 of the milter works fine. I have tried various timeout
settings, but I believe the problem is beyond my user-level ability to
diagnose without suggestions.
Any suggestions would be appreciated.
Clamd takes longer to start in 0.90 than 0.88, you need to ensure that
your startup script allows for this - see
.../contrib/init/RedHat/clamav-milter,
whilst that script is for Linux, the same change will be needed for all
platforms.
I forgot to update the startup scripts for the other O/S's, sorry, however on
the other hand no-one noticed it during the RC stage and reported it.
I am not sure I understand the reference to clamd startup. I do not use
the '-e' option to clamav-milter, so I am depending on the milter to
work on its own. I understood from the former version and from reading
the new man page (and looking through the CHANGELOG) that I could still
let clamav-milter run "alone" and that it would query the database
itself with clamd being resident.
I have the timeout set at 4 minutes, unless the -T option does not work
as described (or as it does in 0.88.7). The sendmail milter
configuration for clmilter sets the timeout as 4 minutes.
--timeout=n -T n
Used in conjunction with max-children. If clamav-milter waits
for more than n seconds (default 300) it proceeds with scanning.
Setting n to zero will turn off the timeout and clamav-milter
will wait indefinitely for the scanning to quit. In practice the
timeout set by sendmail will then take over.
I tried a few test messages and found that sendmail waited 4 minutes for
each message.
I do have one idea but do not want grasp at a straw. When I configured
0.88.7, all I needed was '--enable-milter'. With 0.90 I see a configure
error that libmilter cannot be found. The config.log file shows this to
be an incorrect error. The test program linking libmilter cannot be
built because the directive -lpthread is added, and FreeBSD (at least
this server) supplies liblthread.so. It supports -pthread. I did not
see this error in previous builds.
The earlier version did not require any thread-related parameters to
configure. Perhaps this problem is a thread-related issue. Note that
sendmail was compiled with threads enabled (nm shows calls to pthread_*
in libmilter.so)
[As an aside, when I did try 0.90 clamd, it quickly ran up to 80% of my
CPU time (on a dual CPU system). The only way to kill it was a
SIGKILL.]
--
Dr. Robert Delius Royar <[EMAIL PROTECTED]>
Associate Professor of English, Morehead State University
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
