Thanks for this info, Andrew.
This might be the issue. I have two qmailtoaster boxes, one that is
still on CentOS 5 (don't judge me) and has been running more or less
rock-solid for years, and one that I'm setting up and testing out,
running CentOS 7.
The C5 box is still happily downloading ClamAV updates, and ClamAV seems
to be stable on it. On the C7 box, ClamAV has now crashed twice --
although it doesn't seem to crash all the time. It will quite happily
start up and handle emails for a while before crashing out.
The C5 box has 3GB of RAM available, the C7 has only 2GB.
So while I'm still surprised that ClamAV should be so memory-hungry,
this does seem consistent with what you describe.
I guess my hosting bill just went up another $10/month.
I wonder if it's possible to reduce ClamAV's appetite by not fetching
some of the 'optional add-on' signatures, such as the SaneSecurity spam
and phishing sigs. In my experience, these ones sometimes cause more
trouble than they're worth, so they might be good candidates for
elimination in the name of slimming ClamAV down a bit.
Thanks,
Angus
Andrew Swartz wrote on 7/23/20 3:40 AM:
I had this problem about 8 months ago. It it was extremely difficult
to troubleshoot, but I eventually figured it out.
It is a problem which has been around for a decade or more. The
clamav deamon signature file, which is updated frequently,
continuously grows as the amount of malware it needs to recognize
grows. Eventually, the signature file gets so big that clamav daemon
crashes when it tries to load it due to insufficient RAM. But it was
hard to diagnose because the deamon does not crash at startup or when
it updates the signature file, but rather when it is passed an email
to scan. You can confirm this by restarting clamav and noting that it
will run fine until a mail comes in, at which point it crashes and
qmail starts reporting the 'qq soft reject' to the log.
I was running on CentOS-7 VM with 2GB of RAM. I increased the RAM up
to 4GB and it fixed the problem.
Unfortunately, the signature file will always continue to grow as more
malware accrues, so in another couple years I'll surely need to
increase the RAM again.
Hope this helps.
-Andy
On 7/20/2020 10:01 AM, Angus McIntyre wrote:
My qmailtoaster running on CentOS 7 was behaving fine, but now seems
to soft reject everything, and I'm having a hard time working out why.
It doesn't seem to be a ClamAV issue: I set 'clam=no' in
'/var/qmail/control/simcontrol' and restarted qmail, but I still get
the rejections.
I added 'SIMSCAN_DEBUG="5"' to the list of env vars in
'/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any
actionable debugging output anywhere that I can see.
Does anyone have any suggestions for debugging this issue? I know
there's been some talk of bad signatures for ClamAV recently, but I
_thought_ I'd eliminated that as a possibility by turning off clam in
simcontrol. If that's not the case, how would I identify (and
suppress) a bad signature?
Thanks,
Angus
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
https://raingod.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
