I had this problem about 8 months ago. It it was extremely difficult to
troubleshoot, but I eventually figured it out.
It is a problem which has been around for a decade or more. The clamav
deamon signature file, which is updated frequently, continuously grows
as the amount of malware it needs to recognize grows. Eventually, the
signature file gets so big that clamav daemon crashes when it tries to
load it due to insufficient RAM. But it was hard to diagnose because
the deamon does not crash at startup or when it updates the signature
file, but rather when it is passed an email to scan. You can confirm
this by restarting clamav and noting that it will run fine until a mail
comes in, at which point it crashes and qmail starts reporting the 'qq
soft reject' to the log.
I was running on CentOS-7 VM with 2GB of RAM. I increased the RAM up to
4GB and it fixed the problem.
Unfortunately, the signature file will always continue to grow as more
malware accrues, so in another couple years I'll surely need to increase
the RAM again.
Hope this helps.
-Andy
On 7/20/2020 10:01 AM, Angus McIntyre wrote:
My qmailtoaster running on CentOS 7 was behaving fine, but now seems to
soft reject everything, and I'm having a hard time working out why.
It doesn't seem to be a ClamAV issue: I set 'clam=no' in
'/var/qmail/control/simcontrol' and restarted qmail, but I still get the
rejections.
I added 'SIMSCAN_DEBUG="5"' to the list of env vars in
'/etc/tcprules.d/tcp.smtp', but that doesn't seem to generate any
actionable debugging output anywhere that I can see.
Does anyone have any suggestions for debugging this issue? I know
there's been some talk of bad signatures for ClamAV recently, but I
_thought_ I'd eliminated that as a possibility by turning off clam in
simcontrol. If that's not the case, how would I identify (and suppress)
a bad signature?
Thanks,
Angus
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
