# Version: Endian Firewall Community release 2.1.2
Hi!
We run Endian as a spam/virus filter. Usually, everything works fine,
but 5-15 times a day clamav "chokes" on some mail and either (a) fails
or (b) does not respond to amavis in time (see below for log
examples).
Every time this happens, some directory in /var/amavis is created to
"preserve evidence" (/var/amavis/clamav-* or /var/amavis/amavis-*).
Every month or so, these directories fill up the whole hard drive and
no more mails are accepted ("452 Insufficient system storage") until
these directories have been removed manually.
Clearly, this behavior cannot be "by design", since I'm sure Endian
has been designed to run _without_ a Linux guru manually fixing stuff
every month. :-)
Any ideas on how to permanently fix this? (I know that I could create
a cron-job removing these files, but that wouldn't really solve the
"cause" of the problem...)
Greetings,
Heinzi
PS: Just to make sure there's no misunderstanding: Endian is *not*
configured to quarantine spam or virus mail, it's just those clamav
crashes that fill up the HDD.
PPS:
Log file examples for (a) [reformatted for better reading]:
May 17 00:28:48 EFWmoser amavis[23593]: (23593-01) (!!)run_av (Clam Antivirus -
clamscan) FAILED - unexpected exit 50, output="
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ...***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Error: Wrote 0 instead of 512
(/var/amavis/clamav-df61825c7734fa92e5f13c52abb511a3/main.ndb).
LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
LibClamAV Error: Can't load /usr/share/clamav/main.cvd: CVD extraction failure
ERROR: CVD extraction failure"
Log file examples for (b):
May 11 12:17:14 EFWmoser amavis[3020]: (03020-20) (!)run_av (Clam
Antivirus-clamd, built-in i/f): Exceeded allowed time at (eval 40) line 292.
May 11 12:17:14 EFWmoser amavis[3020]: (03020-20) (!!)Clam Antivirus-clamd
av-scanner FAILED: CODE(0x9edce00) Exceeded allowed time at (eval 40) line 292.
at (eval 40) line 491.
May 11 12:17:14 EFWmoser amavis[3020]: (03020-20) (!!)WARN: all primary virus
scanners failed, considering backups
May 11 12:17:36 EFWmoser amavis[3020]: (03020-20) (!)killing process [8664]
running Clam Antivirus - clamscan (reason: on reading: timed out)
May 11 12:17:36 EFWmoser amavis[3020]: (03020-20) (!)run_av (Clam Antivirus -
clamscan): collect_results - reading aborted: timed out at /usr/sbin/amavisd
line 2671.
May 11 12:17:36 EFWmoser amavis[3020]: (03020-20) (!!)Clam Antivirus - clamscan
av-scanner FAILED: /usr/bin/clamscan collect_results - reading aborted: timed
out at /usr/sbin/amavisd line 2671. at (eval 40) line 491.
May 11 12:17:36 EFWmoser amavis[3020]: (03020-20) (!!)TROUBLE in check_mail:
virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: Clam Antivirus-clamd
av-scanner FAILED: CODE(0x9edce00) Exceeded allowed time at (eval 40) line 292.
at (eval 40) line 491.; Clam Antivirus - clamscan av-scanner FAILED:
/usr/bin/clamscan collect_results - reading aborted: timed out at
/usr/sbin/amavisd line 2671. at (eval 40) line 491.
May 11 12:17:36 EFWmoser amavis[3020]: (03020-20) (!)PRESERVING EVIDENCE in
/var/amavis/amavis-20080511T053835-03020
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
