I've had really good success with clamav for a few years now, but I've had a message stuck in my queue for a week: Aug 3 14:54:08 sa postfix/lmtp[25237]: 9A1381196: to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10025, delay=363983, delays=363554/0.02/0/428, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=25448-06, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0x804bbac) Exceeded allowed time at (eval 50) line 309. at (eval 50) line 511.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan collect_results - reading aborted: timed out at /usr/sbin/amavisd line 2812. at (eval 50) line 511. (in reply to end of DATA command))
There are no logs worth mentioning in clamd.log, but here they are for the same time period: Fri Aug 3 14:25:57 2007 -> SelfCheck: Database status OK. Fri Aug 3 14:55:58 2007 -> SelfCheck: Database status OK. Fri Aug 3 15:09:02 2007 -> /var/lib/amavis/tmp/amavis-20070803T150749-27061/parts/p002: Worm.Mydoom.AV FOUND Fri Aug 3 15:25:59 2007 -> SelfCheck: Database status OK. Fri Aug 3 15:26:51 2007 -> /var/lib/amavis/tmp/amavis-20070803T152640-28273/parts/p001: HTML.Phishing.Pay-203 FOUND The message contains a pdf: []$ sudo postcat -q 9A1381196 | grep Content-Type: Content-Type: multipart/mixed; Content-Type: multipart/alternative; Content-Type: text/plain; Content-Type: text/html; Content-Type: application/pdf; It appears to be rather large: []$ sudo postcat -q 9A1381196 | wc 118520 118856 9113939 And it takes a long time when run interactively: []$ sudo postcat -q 9A1381196 | clamscan - stdin: OK ----------- SCAN SUMMARY ----------- Known viruses: 142140 Engine version: 0.91.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 25.20 MB Time: 488.716 sec (8 m 8 s) from the content, it appears to be marketing anyway, so it's not critical, but advice on what to do with it would be appreciated. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
