[Clamav-users] clamav-milter 0.85.1 processes not going away
Hi! Ever since upgrading to 0.85.1, some clamav-milter processes don't seem to know when to exit/go away. A 'ps -aux' would show something like this: 15159 ?? Ss 0:00.30 (clamav-milter) 15160 ?? Ss 0:00.30 (clamav-milter) 15161 ?? Ss 0:00.30 (clamav-milter) 15162 ?? Ss 0:00.30 (clamav-milter) .. up to the number of --max-children specified. It would seem that the sendmail processes which started the clamav-milter processes have long gone/exited but yet the clamav-milter processes are hanging about. Since I wasn't using the --external option. I thought that was due to the recent hicupps of the 'internal mode'. So I started things with: --external --max-children=20 --dont-wait Soon, I had 20 clamav-milter hanging around and new inbound smtp connections were turned away. I read from the man page that if SESSION hasn't been enabled (by default,) I don't need the --max-children. So, I tried: --external --timeout=60 However, that didn't seem to help. Most of the time it'll work. But it's the timed out sendmail connections that would leave those clamav-milter processes hanging about. I'm running clamd 0.85.1 with clamav-milter 0.85 on FreeBSD 4.9. Thanks in advance for your help. Cheers, N. __ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter 0.85.1 processes not going away
Hi again! I forgot to mention that all those persistent clamav-milter processes would go into a zombie (?) state after recording these in /var/log/mailllog: Milter (clmilter): timeout before data read Milter (clmilter): to error state Milter: data, reject=451 4.3.2 Please try again later Thanks. Cheers, N. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Memory limit per process hit
Hi there, On Fri, 27 May 2005 Pablo Alsina wrote: > We added a sort of tarpitting solution to our sendmail... > clamav-milter seems to be suffering. What happens is that the > maximum number of childs are reached in a 2-4 hour period People with far more experience than I tell me that this isn't the way. Don't forget that sendmail can deal with mail using relatively far less resource consumption than ClamAv, because it doesn't have to scan each mail body for thousands of signatures the way that ClamAv does. You could hand the offending connections to another MTA that doesn't use the ClamAv milter of course but you'll always risk running out of resources before the spammers do anyway - many of them run 500+ threads per machine, they probably won't notice your tarpit. Perhaps it's better to use a firewalling technique instead of a tarpit? 73, Ged. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Spam from ClamAv digest lists.
Hi there, On Sat, 28 May 2005 Robert L Mathews wrote: > "G.W. Haywood" <[EMAIL PROTECTED]> wrote: > > > They are spamming me. > > Uh, well, that's not "spam" (since it's not "unsolicited"). Well that depends on how you define "unsolicited". :) I asked for the digests to get less mail not more, but at the moment on the devel list when there's no other mail for it to send I'm getting the same message from Eugene Crosser over and over again, and it doesn't show any signs of stopping. Other groups I correspond with manage to use the same list manager without this kind of problem, and they aren't even dedicated to an email scanning system... > A better description would be "They are annoying me". Words, words, words. :) But you're right. It would. They are. > I am also on the digest and see the same thing. There are problems on both users- and devel-, from what you say it seems they're not quite as bad on users. That may just be because there's more traffic (a LOT more:) on users. To be honest I only joined users because I got no response from devel. > I reported it a couple of weeks ago to clamav-users-owner... but > have not yet received a response. On May 2nd I reported this to clamav-devel-owner and I've received the same response that you have. Do you happen to know who this mysterious owner might be? 73, Ged. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Memory limit per process hit
G.W. Haywood wrote: > > We added a sort of tarpitting solution to our sendmail... > > clamav-milter seems to be suffering. What happens is that the > > maximum number of childs are reached in a 2-4 hour period > > People with far more experience than I tell me that this isn't the > way. And the above is the exact reason why they say it isn't the correct way to do it. Adding this 'delay' to smtp negotiations can literally lead to you Dos'ing, (or whichever phraseology you prefer), yourself :) Matt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter 0.85.1 processes not going away
Found many of these in /var/log/clamd.log Sat May 28 19:56:58 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.rMYrWH: Worm.Mytob.BN-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 19:57:16 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.9vy1YC: Worm.Mytob.BN-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:01:28 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.Bappx3: Worm.SomeFool.P FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:23:22 2005 -> SelfCheck: Database status OK. Sat May 28 20:31:43 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.GNPcfP: Worm.SomeFool.P FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:41:33 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.6PNrD7: Worm.Mytob.BN-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:41:33 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.WBgjoz: Worm.Mytob.BY FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:41:55 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.ObPFZw: Worm.Mytob.BN-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. Sat May 28 20:42:11 2005 -> /var/tmp/clamav-c110c22fa52c87f5/msg.BfjDWA: Worm.Mytob.BN-1 FOUND LibClamAV Error: Segmentation fault :-( Bye.. Though I can't be sure but though it seg. faulted, the clamav-milter process was left hanging about? Is this possible? Have seen nothing like this until the upgrade till 0.85.1. Thanks. Cheers, N. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Configuring clamd.conf
# By default clamd uses scan options recommended by libclamav. This option # disables recommended options and allows you to enable selected ones below. # DO NOT TOUCH IT unless you know what you are doing. # Default: disabled #DisableDefaultScanOptions > > Before one of the trolls jumps at this, if you wish > to alter any of the > scan options below that option, uncomment > DisableDefaultScanoptions, and > then the settings you enable/disable will come into > play. Otherwise, if > you leave it commented out, the default scan options > will be used, Do the 'default scan options' include any of the values below this point? Perhaps they are 'enabled' by default and the fact that they are commented out doesn't mean anything. For example: # Default: disabled #DisableDefaultScanOptions # Default: enabled #ScanOLE2 Do I need to Uncomment '#DisableDefaultScanOptions' and '#ScanOLE2' to get it to scan for OLE2's, or by doing nothing, Clam will Scan for OLE2's by default. Thanks again! Lee __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Configuring clamd.conf
Lee Zelyck wrote: > # Default: enabled > #ScanOLE2 ^^^ As you can see, the comments mention what the default is :) > Do I need to Uncomment '#DisableDefaultScanOptions' > and '#ScanOLE2' to get it to scan for OLE2's, or by > doing nothing, Clam will Scan for OLE2's by default. If you wanted to turn that off, you would have to uncomment DisableDefaultScanOptions and leave ScanOLE2 commented. When you start clamd, the list of options with which it is running are printed to the logfile. Matt ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Configuring clamd.conf
Hi all, > > # Default: enabled > > #ScanOLE2 ^^^ > > As you can see, the comments mention what the > default is :) > Yes, thats what I had suspected, but I just wanted to make sure. Thank you for your help! Lee > > Do I need to Uncomment > '#DisableDefaultScanOptions' > > and '#ScanOLE2' to get it to scan for OLE2's, or > by > > doing nothing, Clam will Scan for OLE2's by > default. > > If you wanted to turn that off, you would have to > uncomment > DisableDefaultScanOptions and leave ScanOLE2 > commented. When you start > clamd, the list of options with which it is running > are printed to the > logfile. > > > Matt > ___ > http://lurker.clamav.net/list/clamav-users.html > __ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Output Errors From Clam-0.85.1 Startup
Greetings all, Well, I think I have the install working, but I have a small lingering concern: # /etc/init.d/clamav start Starting Antivirus database update daemon. Starting Antivirus daemon. Starting E-mail scanner. /usr/local/sbin/clamav-milter: (-q && !LogSyslog): warning - all interception message methods are off /usr/local/sbin/clamav-milter: --max-children must be given if --external is not given /etc/init.d/clamav stop Now, I have not been able to find anything in clamd.conf or freshclam.conf that would indicate anything about specifying children. Additionally, I'm not sure what '!LogSyslog' is referring to? Anyways /var/log/clamd showed the following when I tried starting up 0851: Sat May 28 14:04:20 2005 -> +++ Started at Sat May 28 14:04:20 2005 Sat May 28 14:04:20 2005 -> clamd daemon 0.85.1 (OS: solaris2.9, ARCH: sparc, CPU: sparc) Sat May 28 14:04:20 2005 -> Log file size limited to 65536 bytes. Sat May 28 14:04:20 2005 -> Running as user clamav (UID 16116, GID 20002) Sat May 28 14:04:20 2005 -> Reading databases from /usr/local/depot/clamav.0851/share/clamav Sat May 28 14:04:22 2005 -> Protecting against 34861 viruses. Sat May 28 14:04:22 2005 -> Unix socket file /tmp/clamd Sat May 28 14:04:22 2005 -> Setting connection queue length to 15 Sat May 28 14:04:22 2005 -> Archive: Archived file size limit set to 1048576 bytes. Sat May 28 14:04:22 2005 -> Archive: Recursion level limit set to 1. Sat May 28 14:04:22 2005 -> Archive: Files limit set to 1000. Sat May 28 14:04:22 2005 -> Archive: Compression ratio limit set to 200. Sat May 28 14:04:22 2005 -> Archive: Limited memory usage. Sat May 28 14:04:22 2005 -> Archive support enabled. Sat May 28 14:04:22 2005 -> Archive: RAR support disabled. Sat May 28 14:04:22 2005 -> Portable Executable support enabled. Sat May 28 14:04:22 2005 -> Mail files support enabled. Sat May 28 14:04:22 2005 -> OLE2 support enabled. Sat May 28 14:04:22 2005 -> HTML support enabled. Sat May 28 14:04:22 2005 -> Self checking every 1800 seconds. Sat May 28 14:04:43 2005 -> Socket file removed. Sat May 28 14:04:43 2005 -> Pid file removed. Sat May 28 14:04:43 2005 -> Exiting (clean) Sat May 28 14:04:43 2005 -> --- Stopped at Sat May 28 14:04:43 2005 For comparison, I have included the equivalent output from starting 072. # /etc/init.d/clamav start Starting Antivirus database update daemon. Starting Antivirus daemon. Starting E-mail scanner. # Sat May 28 14:05:04 2005 -> +++ Started at Sat May 28 14:05:04 2005 Sat May 28 14:05:04 2005 -> Log file size limited to 65536 bytes. Sat May 28 14:05:04 2005 -> Running as user clamav (UID 16116, GID 20002) Sat May 28 14:05:04 2005 -> Reading databases from /usr/local/depot/clamav.072/share/clamav Sat May 28 14:05:06 2005 -> Protecting against 30104 viruses. Sat May 28 14:05:07 2005 -> Unix socket file /var/log/clamav/clamd.sock Sat May 28 14:05:07 2005 -> Setting connection queue length to 15 Sat May 28 14:05:07 2005 -> Archive: Archived file size limit set to 1048576 bytes. Sat May 28 14:05:07 2005 -> Archive: Recursion level limit set to 1. Sat May 28 14:05:07 2005 -> Archive: Files limit set to 1000. Sat May 28 14:05:07 2005 -> Archive: Compression ratio limit set to 200. Sat May 28 14:05:07 2005 -> Archive: Limited memory usage. Sat May 28 14:05:07 2005 -> Archive support enabled. Sat May 28 14:05:07 2005 -> RAR support disabled. Sat May 28 14:05:07 2005 -> Mail files support enabled. Sat May 28 14:05:07 2005 -> OLE2 support enabled. Sat May 28 14:05:07 2005 -> Self checking every 3600 seconds. If someone could suggest where I might clear up those startup errors, it would be very much appreciated! Thanks! Lee __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Output Errors From Clam-0.85.1 Startup
Lee Zelyck wrote: > Well, I think I have the install working, but I have a > small lingering concern: > > # /etc/init.d/clamav start > Starting Antivirus database update daemon. > Starting Antivirus daemon. > Starting E-mail scanner. > /usr/local/sbin/clamav-milter: (-q && !LogSyslog): > warning - all interception message methods are off > /usr/local/sbin/clamav-milter: --max-children must be > given if --external is not given > /etc/init.d/clamav stop man clamav-milter. Matt ___ http://lurker.clamav.net/list/clamav-users.html
