Well, at first thought I doubt it is a permissions issue or a failure
to have clam running as it works fine 97% of the time. It is the other
3% of the time it fails. I checked the permissions a few days ago and
they looked good.
ps | aux | grep clam shows:
root 4826 0.0 0.0 1448 320 ? S Apr30 0:00
supervise clamd
clamav 4846 0.0 0.0 1584 376 ? S Apr30 0:00
/usr/local/bin/multilog t /var/log/clamd
clamav 4857 5.2 6.1 196424 159860 ? Sl Apr30 250:44
/usr/local/sbin/clamd
clamav 13462 0.0 0.0 5008 1188 ? Ss May02 0:00
/usr/local/bin/freshclam -d
root 24292 0.0 0.0 1960 664 pts/0 S+ 19:55 0:00 grep clam
Clamscand shows:
clamdscan test.txt
/root/test.txt: lstat() failed. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
I have 2.5 GB of memory, and vmstat while the issue is occurring doesn't
show any problems. Plenty of memory free.
I think your "Unable to connect() error. " might be hitting close. I
thought I saw similar errors in some logs when this issue occurs (as
stated in the very first post). If I wait 10 or 15 minutes, I can send
it. It is like it is out of threads or something and has to catch up.
Regarding your telnet command. What port is 3310? I am blocking it
with my firewall, so I can't connect to it; however, I wonder which
service it is you wish me to hit (in case I have it on another port).
Here is a copy of my tcp.smtp as it currently is:
mail:/home/vpopmail/etc # cat tcp.smtp
127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/simscan"
Questions I have: Are there only a certain number of threads that clam
is allowed to use? Sounds like I am running out... or something else is
going on that is delaying it (for 10 or 15 minutes). I really
appreciate your help though.
Thanks,
John
Jason 'XenoPhage' Frisvold wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Harmon wrote:
| Does it have something to do with the number of open threads? Can I
set
| a ulimit for it? Or does it have something to do with memory? Why
does
| clamav cause these issue? or at least, what can I do to narrow down
| what in clamav is causing the issue? I don't see errors, but the tests
| you gave me point to it being clam.
Unless you're running a huge number of threads, I doubt that's the
problem. Memory may be an issue, but again, I doubt it.
Simscan uses a program called clamdscan to send the mail to the clamd
daemon process. If clamdscan is unable to contact the clamd daemon, it
reports back with an Unable to connect() error.
The reason your web-based users can send mail is likely because they are
allowed specifically in the tcp.smtp file. If you can provide a copy of
that, I can confirm...
As for how to fix your clam problem, you need to determine why clamdscan
is not able to contact clamd. The first step is probably to make sure
that clamd is running :
ps -ef | grep clamd
You should get something like this :
[EMAIL PROTECTED] ~]$ ps -ef | grep clamd
friz 21749 21719 0 21:29 pts/3 00:00:00 grep clamd
clamav 28430 1 0 Apr15 ? 00:14:14 /usr/sbin/clamd
Next, you can try connecting to the local process yourself :
[EMAIL PROTECTED] ~]$ telnet localhost 3310
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
UNKNOWN COMMAND
Connection closed by foreign host.
Just hitting enter when you connect will result in the UNKNOWN COMMAND
you see above. Next, try sending something manually to clamd via
clamdscan.. You'll probably get an lstat() error when you do because
you're not running clamdscan as the proper user, and clamd can't access
the file, but it will, at least, connect.
[EMAIL PROTECTED] ~]$ clamdscan wil.txt
/home/friz/wil.txt: lstat() failed. ERROR
- ----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.002 sec (0 m 0 s)
If it doesn't connect, you'll get something like this :
[EMAIL PROTECTED] ~]$ clamdscan wil.txt
connect(): Connection refused
WARNING: Can't connect to clamd.
- ----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
If you get the latter, then my guess is that either you have a firewall
blocking the process, or clamd is set up to use a non-standard port.
If all of the above works, then it may be a permissions problem. Check
Shupp's toaster directions to make sure you have the permissions
right... My own setup is a tad different, so I'm not 100% sure I have
that part set up like his...
If you're still having problems, let me know and we can tackle this
further..
| Thanks,
| John
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
[EMAIL PROTECTED]
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
- ---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone
and unmoving, it is at once still and yet in constant motion. It is the
source of all programs. I do not know its name, so I will call it the
Tao of Programming."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIHRL9hR5xme3cl74RAq1BAJoCDCWVTnjboBPGNHsPqGYHWZ1UmgCg0M/E
RAroHDLcLeaqjdY71Ti2B+E=
=GnFs
-----END PGP SIGNATURE-----
