Hi there, On Sun, 31 Oct 2021, Mark G Thomas wrote:
I'm running sendmail+mimedefang+clamav on a bunch of MX servers. This morning over a period of several hours each of my instances appear to have caused clamd to consume all RAM and swap. Normally swap is empty and 10GB of the 16GB per host is free. This happened immediately following db updates, but hours apart, and all the systems have matching db updates centrally distributed here ...
We find it less trouble to run a single clamd server which the mail servers use via the network. We also run Sendmail, but we don't use MIMEDefang any more - the MTAs talk to the clamd server via a milter. The server is more or less dedicated to clamd, and if it does go OOM there's less colateral damage. It generally uses around 2G of RAM and almost no swap. It's been that way for at least a year (the RAM, swap and a bunch of other stuff are graphed using Nagios which sends email alerts if things get dicey). I really recommend it. In a case like this you'd probably be able to see to within a few minutes the times when the memory usage started to climb and that might help to identify the culprit.
I suspect some e-mail message payload was the commonality.
Seems plausible. Do you have any idea what that might have been?
Has anyone else had similar experiences recently?
Nothing to report here I'm afraid, but I'll be very interested if you can provide a sample message which demonstrates the issue. Which was the update you mentioned? We saw daily bumped to 26338 yesterday at about 15:06 BST and to 26339 at about 14:07 GMT today. Of course it's just a coincidence that the clocks changed this morning. Or is it? -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
