After upgrading one of our servers to clamav 0.87, we are experience intermittent failures of clamav-milter which result sendmail refusing all mail until clamav-milter is restarted. Sometimes it will run for 24 hours or more without crashing but generally it seems to crash every few hours. Typical errors messages we're seeing in the log file at the time of failure look like this:
Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter (clamav-milter): timeout before data read Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter (clamav-milter): to error state Or this: Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter (clamav-milter): write(Q) returned -1, expected 5: Broken pipe Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter (clamav-milter): to error state Or this: Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter (clamav-milter): write(A) returned -1, expected 5: Broken pipe Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter (clamav-milter): to error state Sometimes sendmail starts rejecting all email once we hit just one of these errors. Other times, I'll see a string of dozens of such errors over the course of an hour during which time sendmail seems to be rejecting some email and accepting some email. But eventually, in every case so far, it fails completely and begins rejecting all email. I'm sure it would be helpful to know exactly what I'm running here: OS is Redhat 7.3 fully up to date with all patches from the legacy project. Sendmail-8.12.8-9.1.rh73.dag.i386.rpm clamav-*0.87-1.0.rh7.rf.i386.rpm Contest of /etc/sysconfig/clamav-milter: ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. ### --quiet CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --max-children=20 -T=0 --force-scan --dont-log-clean --noreject --quiet local:/var/clamav/clmilter.socket " If other config info would help diagnose it, just let me know what's needed. If anyone has any clues or suggestions, I've love to hear them. One side note. In the past I used smtp-vilter instead of clamav-milter and it had what I think may be a better failure mode. It was designed so that if it failed, sendmail would continue to operated normally, just without virus scanning. I much prefer that mode of failure to forcing sendmail to reject all incoming mail. It would be nice to see such a feature in future version of clamav-milter. -Steve _______________________________________________ http://lurker.clamav.net/list/clamav-users.html