Am 12.07.2021 09:56, schrieb Andrew C Aitchison:
Hi Andrew,
Yesterday happens the problem again, using ClamAV with TCP instead of
Unix-Socket.
This time I can see a correlation to the triggered reload:
Exim paniclog:
2021-07-10 14:10:25 1m2BjZ-0002Ox-Ew malware acl condition: clamd
[127.0.0.1]:3310 : unable to read from socket (Connection timed out)
2021-07-10 14:10:58 1m2Bk6-0002QG-79 malware acl condition: clamd
[127.0.0.1]:3310 : unable to read from socket (Connection timed out)
I had not noticed that this was paniclog.
Do you need some sort of defer option so that exim handles clamav
timeouts
gracefully ?
Not of all...
I'm using ClamAV 0.102.4+dfsg-0+deb10u1 from Debian 10 repositories.
Clam-log:
Sat Jul 10 14:10:40 2021 -> Reading databases from /var/lib/clamav
Sat Jul 10 14:11:09 2021 -> Database correctly reloaded (8544586
signatures)
Any idea how to change the configuration in order to avoid the
problem?
Modern clamd/freshclam (not sure when it started, maybe 0.103.0) will
load the new database in the background then switch over; my
clamav.log has
Sun Jul 11 14:00:22 2021 -> Reading databases from /var/lib/clamav
Sun Jul 11 14:00:35 2021 -> Database correctly reloaded (8545008
signatures)
Sun Jul 11 14:00:35 2021 -> Activating the newly loaded database...
I can't explain me, why another server, with the same version and
configuration of Exim and ClamAV does not have the same problem...
Thanks for any suggestion
Luca Bertoncello
([email protected])
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
