After upgrading one of our servers to clamav 0.87, we are experience
intermittent failures of clamav-milter which result sendmail refusing
all mail until clamav-milter is restarted. Sometimes it will run for 24
hours or more without crashing but generally it seems to crash every few
hours. Typical errors messages we're seeing in the log file at the time
of failure look like this:
Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
(clamav-milter): timeout before data read
Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
(clamav-milter): to error state
Or this:
Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
(clamav-milter): write(Q) returned -1, expected 5: Broken pipe
Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
(clamav-milter): to error state
Or this:
Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
(clamav-milter): write(A) returned -1, expected 5: Broken pipe
Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
(clamav-milter): to error state
Sometimes sendmail starts rejecting all email once we hit just one of
these errors. Other times, I'll see a string of dozens of such errors
over the course of an hour during which time sendmail seems to be
rejecting some email and accepting some email. But eventually, in every
case so far, it fails completely and begins rejecting all email.
I'm sure it would be helpful to know exactly what I'm running here:
OS is Redhat 7.3 fully up to date with all patches from the legacy
project.
Sendmail-8.12.8-9.1.rh73.dag.i386.rpm
clamav-*0.87-1.0.rh7.rf.i386.rpm
Contest of /etc/sysconfig/clamav-milter:
### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.
### --quiet
CLAMAV_FLAGS="
--config-file=/etc/clamd.conf
--max-children=20
-T=0
--force-scan
--dont-log-clean
--noreject
--quiet
local:/var/clamav/clmilter.socket
"
If other config info would help diagnose it, just let me know what's
needed.
If anyone has any clues or suggestions, I've love to hear them.
One side note. In the past I used smtp-vilter instead of clamav-milter
and it had what I think may be a better failure mode. It was designed so
that if it failed, sendmail would continue to operated normally, just
without virus scanning. I much prefer that mode of failure to forcing
sendmail to reject all incoming mail. It would be nice to see such a
feature in future version of clamav-milter.
-Steve
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
