Since last Wednesday our mail server has seen frequent long bursts (upwards of 30-60 minutes each) of inbound traffic of 1-2 Mbps. Since this is a mail server (running Windows Server 2003) I first thought the mail server was under a DOS or spam attack. Not so.
Shutting off all services, one by one through process of elimination, revealed the culprit-- spamd.exe which runs as a service. Every time one of these periods of sustained traffic occurs, we can immediately halt it by stopping the clamd service. This is possibly UDP traffic, because "netstat -n" does not show any established connections. We upgraded to the latest Clam version a few weeks ago, but this particular problem has only been happening since last Wednesday. I've completely un-installed ClamAV 0.91.2 and re-installed, but that has not helped. Anyone else seeing this, or have any clues what might be happening? _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
