Jaap Scholten wrote:
In my case this is directly due to large emails. Also that above message means that clamd is no longer listening to clamav-milter.
Joe Maimon wrote:
Joe Maimon wrote:<snip>
I have been having the same as well.
I added some more verbosity into the syslog statement and got this logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error: Bad file descriptor
Any ideas?
OK I think I know what the problem is. Large attachments. this got logged in my clamav syslog - I probaly turned on debugging or something
ScanStream: Size exceeded (stopped at 10453272, max: 10485760
I also grabbed one of the continually tempfailed emails. 11M attachment.
Just found
StreamMaxLength 10M
config option
I have been getting this since upgrading to 0.70. It is driving me insane (and my clients too) I have checked streamlength, and all is as before (0.67). I get this only from some clients who smarthost off me. Using sendmail.
From the maillog:dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later
Any ideas, anyone? (The latest tarball had issues during the make, so I could not get it installed)
In your case it might be a thread timeout. Which is a macro defined in defaults.h
Short answer run clamav-milter with -d option which will effectively not scan email larger than 10megabytes, instead accepting it. It will also not scan any email and just accept for many other error conditions which can include all cases listed by
grep "cl_error" clamav-milter/*
man clamav-milter
If you have sendmail, you may find (as I did) the common denominator staring at you in the face in the maillog. Check the size= and delay= sendmail log equates.
Or if you find it reproducible, setup the alias to distribute the incoming email for the recipient into a file and disable clamav-milter or use -d and then examine the message at your leisure. Or packet capture it.
Long answer, stuff that I found
1) clamav-milter does not respect the options in clamav.conf for StreamMaxLength. clamd is the program which does. It respects it by.....
2) clamd does not scan anything if the stream is larger than StreamMaxLength - sizeof(buff). In my book thats a bug. It should read up to the max.
It might be wiser to
a) make clamav-milter respect MaxStreamLength and also make clamd actualy go up to StreamMaxLength
b) scan whatever we got prior to exceeding StreamMaxLength, which is probaly easier to do once you do (a) than current behavior.
I have been playing with making a patch to do this.
Disclaimer: I am a clamav newbie, someone else probaly has a much better handle on this.
Joe
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
