On Sun, 31 Oct 2021, Mark G Thomas wrote: > Date: Sun, 31 Oct 2021 13:05:35 -0400 > From: Mark G Thomas <m...@misty.com> > > I'm running sendmail+mimedefang+clamav on a bunch of MX servers. > > This morning over a period of several hours each of my instances > appear to have caused clamd to consume all RAM and swap. Normally > swap is empty and 10GB of the 16GB per host is free. This happened > immediately following db updates, but hours apart, and all the > systems have matching db updates centrally distributed here, so I > suspect some e-mail message payload was the commonality. > > Has anyone else had similar experiences recently? > > All the clamd Limits settings are as default. > > CentOS Linux release 7.9.2009 (Core) > clamav-0.104.0 (current stable release) > > Oct 31 09:01:39 imx1 clamd: Database correctly reloaded (12623346 signatures) > Oct 31 09:01:39 imx1 clamd: Activating the newly loaded database... > Oct 31 09:02:51 imx1 kernel: mimedefang.pl invoked oom-killer: > gfp_mask=0x280da, order=0, oom_score_adj=0 > Oct 31 09:02:51 imx1 kernel: mimedefang.pl cpuset=/ mems_allowed=0 > Oct 31 09:02:51 imx1 kernel: CPU: 2 PID: 30341 Comm: mimedefang.pl Kdump: > loaded Not tainted 3.10.0-1160.42.2.el7.x86_64 #1 > Oct 31 09:02:51 imx1 kernel: Hardware name: ... > Oct 31 09:02:51 imx1 kernel: Call Trace: > Oct 31 09:02:51 imx1 kernel: [<ffffffffb9583539>] dump_stack+0x19/0x1b > Oct 31 09:02:51 imx1 kernel: [<ffffffffb957e5d8>] dump_header+0x90/0x229 > Oct 31 09:02:51 imx1 kernel: [<ffffffffb8f06992>] ? ktime_get_ts64+0x52/0xf0 > .... > Oct 31 09:02:51 imx1 kernel: Out of memory: Kill process 5336 (clamd) score > 92 or sacrifice child > Oct 31 09:02:51 imx1 kernel: Killed process 5336 (clamd), UID 8, > total-vm:3399696kB, anon-rss:1774440kB, file-rss:0kB, shmem-rss:0kB > Oct 31 09:02:51 imx1 systemd: clamav-daemon.service: main process exited, > code=killed, status=9/KILL > Oct 31 09:02:51 imx1 systemd: Unit clamav-daemon.service entered failed state. > Oct 31 09:02:51 imx1 systemd: clamav-daemon.service failed. > The trouble starts with a tool called mimedefang.pl :
https://mimedefang.org : "What is MIMEDefang? MIMEDefang is an e-mail filtering tool that works with the Sendmail "Milter" library. MIMEDefang lets you express your filtering policies in Perl rather than C, making it quick and easy to filter or manipulate your mail. MIMEDefang is mature software: The first version was released in 2000. It's also in use in thousands of installations. It remains under active development. MIMEDefang is free software: It's released under the terms of the GNU General Public License. It runs under Linux, FreeBSD, Solaris and most other UNIX or UNIX-like systems." One of the reasons i selected clamd for my email system was that it was written in 100% C. If clamd in your email system invokes a perl based tool, anything can happen. Perl is a perfect tool for administering complicated tasks, but when you allow it to get invoked for a unknown number of times as part of a heavy duty service, the end result is unclear. -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
