* On 04/12/05 16:44 -0500, Kevin Way wrote:
> Odhiambo Washington wrote:
> >
> >From your MTA's end, what sort of message sizes do you give clamd to
> >scan? FWIW, I use Exim as my MTA and I only send messages less that 512k
> >to clamd. Anything above that size is assumed to be safe, but that's by
> >myself. Fortunately, it's me who decides on such aspects. YMMV.
> >
> >There are other factors to look at as well, so you better describe your
> >server environment and mail volumes, etc, even give a glimpse into your
> >clamd.conf (egrep -v "#|^$" /usr/local/etc/clamd.conf) to enable us give
> >second opinion.
> >My 0.87.1 is very stable on several servers. On the main box, I run CVS,
> >strangely!
> >
> >
> I'm using exim as my MTA, and calling clam on every message with a
> simple av_scanner = clamd:/var/run/clamav/clamd
Tell your Exim guru that it does not make sense sending all messages to
clamd. As I mentioned before, I only send messages less than 512k for
scanning. Perhaps he can do something about this. If he's anal about
e-mail security (Viruses) perhaps he can make that value to be 1M. I'm
sure he'll understand what I mean. It's done in acl_smtp_mime, just
in case.
> The clamd.conf is quite basic:
>
> LogFile /var/log/clamav/clamd.log
> PidFile /var/run/clamav/clamd.pid
> DatabaseDirectory /var/db/clamav
> LocalSocket /var/run/clamav/clamd
> FixStaleSocket
> User clamav
> AllowSupplementaryGroups
> DisableDefaultScanOptions
> ScanPE
> DetectBrokenExecutables
> ScanOLE2
> ScanMail
> MailFollowURLs
> ScanHTML
> ScanArchive
> ScanRAR
> ArchiveBlockEncrypted
And here is mine: (I use CVS code - clamav-devel - where the config uses
boolean values)
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 10M
LogTime yes
LogVerbose yes
TemporaryDirectory /var/tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/spool/exim/clamd.sock
FixStaleSocket yes
MaxThreads 100
FollowDirectorySymlinks yes
FollowFileSymlinks yes
User exim
Foreground yes
ScanPE yes
DetectBrokenExecutables yes
ScanMail yes
DetectPhishing yes
ScanHTML yes
ScanArchive yes
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 8
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 250
PS: I use daemontools to monitor clamd. That explains why I have
"Foreground yes".
> The load on this machine is extremely low, and it only passes about
> 9,000 emails/day.
Mine does about 60,000 emails/day on average.
> The services run inside a jail which is entirely contained on a single
> disk volume (backed by mirrored scsi drives). There's plenty of RAM
> available (currently running with about 1.6G available), and no lack of
> CPU (2xXeon, with a load that usually stays well below 0.5)
My box is a single CPU, Xeon, with 1GB RAM. It also runs other services,
not just mail. Load average is around 0.8 - 1.0.
> We run extremely similar setups, under much higher load, without issue,
> and are a bit confused that this particular installation just loves to
> spiral out of control. We've rebuilt the OS kernel and worlds, and all
> clamav-related software with no improvement.
Something _must_ be different!!!
> When clamd dies it just sits there ignoring TERM, burning CPU and not
> logging anything in particular. I'm not sure what to do at that point,
> to extract any useful debugging data.
Running with Debug turned on in clamd.conf might help, but again, that
will seriously impact on performance. You might want to try it anyway.
How often the lockup happens might motivate your actions towards
debugging.
-Wash
http://www.netmeister.org/news/learn2quote.html
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
When Marriage is Outlawed,
Only Outlaws will have Inlaws.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
