hi everybody! I recently set up a combination of exim and clamav which was working very nicely until clamav seemingly started to choke. Switching debugging on I obtained the following:
Wed Nov 7 01:52:06 2012 -> Received POLLIN|POLLHUP on fd 4 Wed Nov 7 01:52:06 2012 -> Got new connection, FD 9 Wed Nov 7 01:52:06 2012 -> Received POLLIN|POLLHUP on fd 5 Wed Nov 7 01:52:06 2012 -> fds_poll_recv: timeout after 5 seconds Wed Nov 7 01:52:06 2012 -> Received POLLIN|POLLHUP on fd 9 Wed Nov 7 01:52:06 2012 -> got command SCAN /var/spool/exim/scan/1TVtsE-0006lJ-9m/1TVtsE-0006lJ-9m.eml (63, 5), argument: /var/spool/exim/scan/1TVtsE-0006lJ-9m/1TVtsE-0006lJ-9m.eml Wed Nov 7 01:52:06 2012 -> mode -> MODE_WAITREPLY Wed Nov 7 01:52:06 2012 -> Breaking command loop, mode is no longer MODE_COMMAND Wed Nov 7 01:52:06 2012 -> Consumed entire command Wed Nov 7 01:52:06 2012 -> THRMGR: queue (single) crossed low threshold -> signaling Wed Nov 7 01:52:06 2012 -> THRMGR: queue (bulk) crossed low threshold -> signaling Wed Nov 7 01:52:06 2012 -> Number of file descriptors polled: 1 fds Wed Nov 7 01:52:06 2012 -> fds_poll_recv: timeout after 600 seconds Wed Nov 7 01:52:06 2012 -> /var/spool/exim/scan/1TVtsE-0006lJ-9m/1TVtsE-0006lJ-9m.eml: Can't create temporary directory ERROR Wed Nov 7 01:52:06 2012 -> Finished scanthread Wed Nov 7 01:52:06 2012 -> Scanthread: connection shut down (FD 9) Wed Nov 7 01:52:06 2012 -> THRMGR: queue (single) crossed low threshold -> signaling Wed Nov 7 01:52:06 2012 -> THRMGR: queue (bulk) crossed low threshold -> signaling This seems very odd, since it seems that it wants to create a temporary file which has exactly the same name as the input file and hence little probability of success. Am I interpreting the error message incorrectly? Or is this maybe some other issue? I have now tried with clamav versions 0.97.4, 0.97.5 and 0.97.6. Exim is at version 4.80. Its log file contains the corresponding message: 1TVtsE-0006lJ-9m malware acl condition: clamd: ClamAV returned: /var/spool/exim/scan/1TVtsE-0006lJ-9m/1TVtsE-0006lJ-9m.eml: Can't create temporary directory ERROR Of note is that it happens for all mails, even the most simplistic ones (e.g., generated by swaks), where there is nothing to unpack. The description I found here: http://lurker.clamav.net/message/20120618.182545.25960b6a.en.html lets me think that the error message might not be quite ok? I have also tried with different settings of 'TemporaryDirectory' going through several useful settings such as /tmp or /var/tmp and also obviously broken directories, just in order to see if anything changes. So far I have not had any luck to change clamav's behaviour at all. Do you have any suggestions how to further track down and hopefully fix this issue? cheers Philipp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
