system: 4 CPU Sun E450, solaris 5.9, gcc 3.4.3 before i start: i don't have a copy of gdb on this system, so i'm unable to provide a debug log.
this system is fairly low load (after blocklists, something less than 50k messages per day) and has been running 0.88.7 since mid-january with no problems. i tried an upgrade to 0.90 when it came out with many of the same issues that people were seeing so i backed out to 0.88.7. recently, i tried installing 0.90.1 with slightly different issues. here's my initial clamd.conf: LogTime yes LogSyslog yes LogFacility LOG_MAIL TemporaryDirectory /export/home/clamav/tmp LocalSocket /var/clamav/clamd.sock FixStaleSocket yes MaxConnectionQueueLength 32 StreamMaxLength 64M MaxThreads 64 SelfCheck 3600 User clamav ScanMail yes ScanArchive yes clam is started with the following code fragment: if [ -f /export/home/clamav/sbin/clamd -a -f /export/home/clamav/etc/clamd.conf ] ; then echo "clamd starting." /export/home/clamav/sbin/clamd >/dev/console 2>&1 fi sleep 30 if [ -f /export/home/clamav/sbin/clamav-milter ] ; then echo "clamav-milter starting." /export/home/clamav/sbin/clamav-milter -PHl --postmaster=root -m 64 --external /var/clamav/clmilter.sock >/dev/console 2>&1 the only change from the previous (0.88.7) startup is the addition of the 'sleep' between clamd and clamav-milter. with this setup, clam starts up, scans messages and find Bad Things. just as with 0.90, however, the system load grows over time, but seems to grow more slowly. after about 15 minutes, CPU on a four-processor system is pegged and the system load is about 9 and slowly growing. (by this time with 0.90 i would have had a load of 40+ with a probable clamd crash.) as a second try, i've changed ScanArchive yes to ScanArchive no and restarted. the cpu usage for clamd *seems* to bounce around more than it did, but it seems to recover, at least in the short term. i let the system run for about a day with no visible problems. at around the 2-2.5 day mark, however, we started seeing errors in the logs: Mar 30 20:07:23 sennit sendmail[11833]: [ID 801593 mail.error] l2V01r0J011833: Milter (clamav): timeout before data read Mar 30 20:07:23 sennit sendmail[11833]: [ID 801593 mail.info] l2V01r0J011833: Milter (clamav): to error state which repeated for a while, to be followed by: Mar 30 20:18:59 sennit sendmail[12799]: [ID 801593 mail.error] l2V0Ixa9012799: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.sock Mar 30 20:18:59 sennit sendmail[12799]: [ID 801593 mail.info] l2V0Ixa9012799: Milter (clamav): to error state by this point, clmilter was using 100% of one CPU (as far as i could tell). the next thing was to change clamd.conf in two ways: ScanArchive yes ArchiveMaxRecursion 1 with these settings, the system was stable for about five-to-six hours (albeit with significantly higher load than with ScanArchive no), at which point the load started to grow and clamd started consuming more CPU. at the 7 hour point it was using about 100% of available CPU and the load was approaching 20. at the moment, i'm probably going to back out to 0.88.7. before i do, are there any other suggestions folks might have as to things to try? rp rick pim [EMAIL PROTECTED] information technology services (613) 533-2242 queen's university, kingston ----------------------------------------------------------------------- "Leaving a trail of slime wherev-" >CLICK!< _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html