jean-paul natola wrote:
> I'm running;
> Freebsd 5.4 clamav 88.7 SA 3.1.7
>
> In the paniclog /var/log/exim/paniclog is where I 'm seeing these
entries
> I did check the 'messages' log and there are no entries-
>
> It seems that clamav is timing out when it is attempting to scan large
> messages
Could be a normal situation.
> yesterday I saw clams cpu and mem start to skyrocket, at that moment i
> looked at what message was being scanned and it was an 18meg file which
> subsequently caused another timeout error
>
[snip]
> I will now look for- and examine the clam log
Saw your other message, you probably want to enable time stamping to
correlate
(with the exim log) what is going on.
from clamlog
Fri Dec 15 16:37:42 2006 -> Set stack size to 1048576
Fri Dec 15 16:45:17 2006 ->
/var/spool/exim/scan/1GvKrj-000An9-H2/1GvKrj-000An9-H2.eml:
HTML.Phishing.Bank-627 FOUND
Fri Dec 15 17:02:16 2006 -> Client disconnected
Fri Dec 15 17:07:52 2006 -> No stats for Database check - forcing reload
Fri Dec 15 17:07:52 2006 -> Reading databases from /var/db/clamav
Fri Dec 15 17:08:06 2006 -> Database correctly reloaded (82936 viruses)
from paniclog
2006-12-15 17:02:15 1GvL4w-000AoY-0K malware acl condition: clamd: unable to
read from socket (Operation timed out)
I'm going to now try the option to not have messages over 1mb scanned-
as it appears that calm is "choking" on large messages
Will keep you posted
_________________________________________________________________
WIN up to $10,000 in cash or prizes enter the Microsoft Office Live
Sweepstakes http://clk.atdmt.com/MRT/go/aub0050001581mrt/direct/01/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
