Already more than a week ago I posted my first question to the list. I must admit I'm a bit disappointed that nobody responds. Is it that I asked a silly question? Or is the issue just to hard to solve and just nobody wants to burn his fingers on it?
On 06/30/2015 08:38 AM, Jingo Administrator wrote: > Dear clamav-users, > > I am struggling with this problem now for quite some time and can't get > a solution. Reason for asking the user list is that I couldn't get a > clue solving the issue even after thorough searching on the internet and > the clamav-users lists archive. > The situation is as follows. I am running a mail server (exim4) on a > Debian Wheezy 32-bit Linux machine. The freshclam daemon is running the > update every hour. What I have noticed is that clamav is taking quite > some time to actually update the database. Currently this is about 5 > minutes. Also the cpu is occupied by the clamd daemon during the update > to almost 100%. I can reduce this to every percentage I want by for > example utilizing cpulimit, as a side effect of this the update would > only take longer. > The problem I have with this is that, when during the update exim4 sends a > message to the daemon to be checked by clamav, I get an error message in > /var/log/exim4/paniclog stating : > 2015-06-19 13:51:10 [21601] 1Z5unF-0005cP-Lg malware acl condition: > clamd: unable to read from socket (Connection timed out) > At first I thought the cause of the problem was in some misconfiguration > of exim4, but then I noticed messages during the same time in the > clamav.log : > Fri Jun 19 13:51:24 2015 -> Client disconnected (FD 12) > This behavior and synchronicity is reproduced. I am running this server > for quite a while now, the reason I only lately noticed this problem is > that the size of the database has grown, due to including some 3rd party > descriptions, in this case securiteinfo. In ram (resident memory) it now > takes about 0.5 Gb, total memory is 2 Gb. I recently added 1 Gb of ram but > that doesn't make any difference. In the past only now and then > I got the same error message in the paniclog of exim4, but I did not pay > much attention. Now that's occurring more frequently I do. Maybe there > are ways to reduce the time it takes for clamav to update, but this > nevertheless does not take away the fact that during the clamav update > the socket isn't accessible by exim. And that's the whole point. > No matter how short this time is, the problem is still there. > As I use this mail server for my own use only, it's not very busy in terms > of handling a lot of e-mails. If it were then the problem would have been > much bigger I guess. > When trying to solve the issue I more than quadruple checked all the > relevant options in clamav.conf, like setting AllowSupplementaryGroups > to yes, checking the socket path, permissions, ownership etc. I am out > of options. > So if someone has a clue I would be more than happy. > Thanks in advance, > Wouter Berkepeis > > > > > --- e-mail sent by Private Lotus using Exim --- > ------------ virus scan by ClamAV ------------- > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml --- e-mail sent by Private Lotus using Exim --- ------------ virus scan by ClamAV ------------- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
