Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Trog]

On Fri, 2005-09-23 at 09:52 -0500, R. Steven Rainwater wrote:

 
 But I guess the big question now is how can determine for sure if it's a
 specifically formatted email that's causing the clamav crashes and, if
 so, how can I capture one of the emails? 
 

What platform are you using?

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav-milter seems unstable with 0.87

[Mark Coetser]

I would like to add to this I have been having the exact same problems, I
have tried all of the latest versions of the milter and all exhibit the same
problem, I am running the milter with the following options to try and keep
the email flowing. 

--dont-log-clean --dont-scan-on-error --max-children=32 --dont-wait
--external --local

I am running the following packages

clamav-milter  0.87-0volatile
sendmail   8.13.4-3



Thank you,

Mark Adrian Coetser
[EMAIL PROTECTED]
http://www.tux-edo.co.za, http://www.thummb.com
cel: +27 76 527 8789
tel: +27 11 805 2076
fax: +27 11 805 2330

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Steven
Rainwater
Sent: 27 September 2005 01:02 AM
To: clamav-users@lists.clamav.net
Subject: Re: [Clamav-users] clamav-milter seems unstable with 0.87

On Fri, 2005-09-23 at 22:58, N Fung wrote:
 --- [EMAIL PROTECTED] wrote:
  I think that certain emails are crashing clamav-milter
  or clamd when it reads them, causing the processes to 
  hang. I've noticed that each time we get one of the 
  errors in the log, an additional clamav-milter process
  gets stuck, so that over time, we collect more and more
  stuck processes until max children is hit and
  everything blows up.

 What errors, if any, are you getting in /path/to/clamd.log?
 Are you seeing segfaults there?

No segfaults or error messages at all in the clamd.log. Clamd.log
contains lots of SelfCheck: Database status OK messages but mostly
contains entries for viruses that have been found.

The errors I'm seeing, which I posted in a previous email, are all in
the /var/log/maillog where sendmail and all the milters log their
activity. 

-Steve

___
http://lurker.clamav.net/list/clamav-users.html

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Todd Lyons]

Mark wanted us to know:

 ... The result is processes that hang forever
 on our system. We have a cronjob that does a
 killall -HUP sendmail every 2 hours.
 that clears out those hanging processes.
That seems a bit crude. :) I wrote a cronjob like that, in Perl; but,
based on 'ps' output, it only kills sendmail child processes that have
been *idle* for over 10 minutes.

Seems nice.

 I figure if someone can't get a message to me in 2 hours of connect
 time, I almost certainly don't want said message.
But with this blanket kill, you also kill connections that may have just
been there for a few seconds, and are still very much alive.

Unfortunately it's required to get sendmail to reload the w class.
-- 
Regards...  Todd
OS X: We've been fighting the It's a mac syndrome with upper management
for  years  now.  Lately  we've  taken  to  just  referring  to  new  mac 
installations  as  Unix  installations  when  presenting proposals  and 
updates.  For some reason, they have no problem with that.  -- /.
Linux kernel 2.6.11-12mdksmp   2 users,  load average: 1.74, 1.54, 1.53
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Jan Pieter Cornet]

On Mon, Sep 26, 2005 at 09:47:45AM -0700, Todd Lyons wrote:
 But with this blanket kill, you also kill connections that may have just
 been there for a few seconds, and are still very much alive.
 
 Unfortunately it's required to get sendmail to reload the w class.

You only need to restart the listening daemon for that. Kids handling
existing connections will exit when the connection terminates, and it's
VERY unlikely that you will receive emails for domains via connections
that were made before you announced said domain (at least, I presume
you add the domains to sendmail before changing the MX records).

It's remotely possible, just very very unlikely.

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED]
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Damian Menscher]

On Thu, 22 Sep 2005, R. Steven Rainwater wrote:


If anyone has any clues or suggestions, I've love to hear them.


I'm not convinced that your -T=0 is valid syntax.  It should be -T0 or 
--timeout=0.  Using an = with a single-character argument is bad form.


You should be running clmilter_watch [1] out of cron, preferably shortly 
after your freshclam cronjob runs.  This can be used to restart 
clamav-milter only when necessary, rather than restarting it every hour 
(or whatever) whether it needs it or not.


[1] http://www.itg.uiuc.edu/itg_software/clmilter_watch/


One side note. In the past I used smtp-vilter instead of clamav-milter
and it had what I think may be a better failure mode. It was designed so
that if it failed, sendmail would continue to operated normally, just
without virus scanning. I much prefer that mode of failure to forcing
sendmail to reject all incoming mail. It would be nice to see such a
feature in future version of clamav-milter.


That's a function of how you configure your sendmail.mc file.  For 
example, mine is:


INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, 
T=S:4m;R:4m')dnl

where the F= tells it that in the event of a milter failure, it should 
continue processing as if the milter did not exist.


There are more details of how to configure clamav-milter intelligently 
(assuming I'm intelligent ;) on my website:


  http://www.itg.uiuc.edu/~menscher/clamav_notes_0.87.html

Damian Menscher
--
-=#| Physics Grad Student  SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

On Mon, 2005-09-26 at 17:46, Damian Menscher wrote:
 I'm not convinced that your -T=0 is valid syntax.  It 
 should be -T0 or --timeout=0.

I've switched to using --timeout=0 but it didn't help with the
clamav-milter crashes, which are my main problem.

 You should be running clmilter_watch [1] out of cron
 [1] http://www.itg.uiuc.edu/itg_software/clmilter_watch/

Thanks, I'm downloading it now. Sounds useful.

 INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, 
 T=S:4m;R:4m')dnl
 where the F= tells it that in the event of a milter failure, it should 
 continue processing as if the milter did not exist.

Hmmm... My sendmail.mc uses exactly the same thing with the F= but
when clamav-milter starts spitting out errors, sendmail begins rejecting
all email until the milter is restarted. 

 There are more details of how to configure clamav-milter
 intelligently (assuming I'm intelligent ;) on my website:
 http://www.itg.uiuc.edu/~menscher/clamav_notes_0.87.html

Thanks, I'll check it out. 

-Steve


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

On Fri, 2005-09-23 at 22:58, N Fung wrote:
 --- [EMAIL PROTECTED] wrote:
  I think that certain emails are crashing clamav-milter
  or clamd when it reads them, causing the processes to 
  hang. I've noticed that each time we get one of the 
  errors in the log, an additional clamav-milter process
  gets stuck, so that over time, we collect more and more
  stuck processes until max children is hit and
  everything blows up.

 What errors, if any, are you getting in /path/to/clamd.log?
 Are you seeing segfaults there?

No segfaults or error messages at all in the clamd.log. Clamd.log
contains lots of SelfCheck: Database status OK messages but mostly
contains entries for viruses that have been found.

The errors I'm seeing, which I posted in a previous email, are all in
the /var/log/maillog where sendmail and all the milters log their
activity. 

-Steve

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

On Thu, 2005-09-22 at 17:16, Todd Lyons wrote:
 R. Steven Rainwater wanted us to know:
  Have you tried running clamd and using --external on clamav-milter?
 Just tried it. Already had two more crashes in less than 10 minutes!
 :-(  Both were of the write(A) return -1, expected 5: Broken pipe
 variety, if that means anything.
 
 Pick up the max children setting.  See if that makes a difference.
 Watch as the number of processes build up.

Thanks Todd, this was the first thing I've tried that helped. Prior to
0.87, we were running max children at 25 and never had problems. I
bumped it up to 40 now and that seems to have helped somewhat. We're
still getting a couple of the error messages in the log every hour but
it seems that overall, clamav-milter is now able to continue longer
before sendmail starts rejecting everything. I adjusted my cron job to
restart clamav-milter once a day instead of once an hour, so things are
relatively stable compared to yesterday.

I still find it odd that 0.87 seems so broken. All the previous versions
we've run on this machine have been very stable. And I take it this is
not a problem anyone else is seeing, making it even more of a mystery.

Taking a clue from the max children setting, I started monitoring the
processes and I now have a hunch about what's happening. I think that
certain emails are crashing clamav-milter or clamd when it reads them,
causing the processes to hang. I've noticed that each time we get one of
the errors in the log, an additional clamav-milter process gets stuck,
so that over time, we collect more and more stuck processes until max
children is hit and everything blows up.

We occasional get emails that take an hour or so to receive and process.
Prior to 0.87, you'd see a sendmail process along with the associated
clamav-milter and spamass-milter processes hanging out until it
finished. What happens with 0.87 is that the sendmail and spamassasin
process go ahead and end at the time of the clamav-milter crash but
sometimes the clamav processes seem to stick around forever (until I
restart clamav-milter). I've got clamav-milter processes that have been
running for over 7 hours even though the associated sendmail process is
long gone. 

But I guess the big question now is how can determine for sure if it's a
specifically formatted email that's causing the clamav crashes and, if
so, how can I capture one of the emails? 

 Also check dmesg to see if it's reporting weird things such as NMI
 errors (ie bad memory);.

I checked this and nothing unusual is being reported.

-Steve

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Brian Morrison]

On Fri, 23 Sep 2005 09:52:37 -0500 in
[EMAIL PROTECTED] R. Steven Rainwater
[EMAIL PROTECTED] wrote:

  I still find it odd that 0.87 seems so broken. All the previous
  versions we've run on this machine have been very stable. And I take
  it this is not a problem anyone else is seeing, making it even more
  of a mystery.

Have you checked how many of the responses that say it's OK are for
people using RH 7.3? I would not expect it to be a large proportion.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav-milter seems unstable with 0.87

[Matthew.van.Eerde]

R. Steven Rainwater wrote:
 But I guess the big question now is how can determine for sure if
 it's a specifically formatted email that's causing the clamav crashes
 and, if so, how can I capture one of the emails?

Hmmm... I know there are some archive milters out there that make a copy of 
all incoming mail they scan.  Maybe that would be useful... you might install 
one of these archive milters, making sure it appears before clamav-milter in 
the list of milters... then when a thread goes haywire, check the last few 
emails in the archive for fishyness.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Todd Lyons]

R. Steven Rainwater wanted us to know:

Thanks Todd, this was the first thing I've tried that helped. Prior to
0.87, we were running max children at 25 and never had problems. I
bumped it up to 40 now and that seems to have helped somewhat. We're
still getting a couple of the error messages in the log every hour but
it seems that overall, clamav-milter is now able to continue longer
before sendmail starts rejecting everything. I adjusted my cron job to
restart clamav-milter once a day instead of once an hour, so things are
relatively stable compared to yesterday.

We set ours at 200.

Your first reaction is No server can run with that kind of load, but
the problem is not that there are that many connections coming in at the
same time, it's that there are a bunch of cablemodems or dial up links
(low upstream bandwidth) that just take forever to send out their
messages (they're trying to send out too many for the amount of
bandwidth available to it).  The result is processes that hang forever
on our system.  We have a cronjob that does a 
  killall -HUP sendmail
every 2 hours.  That clears out those hanging processes.

I figure if someone can't get a message to me in 2 hours of connect
time, I almost certainly don't want said message.

-- 
Regards...  Todd
There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo.  Please use in that order. --Ed Howdershelt
Linux kernel 2.6.11-12mdksmp   load average: 1.20, 1.14, 1.15
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[N Fung]

--- [EMAIL PROTECTED] wrote:

From: R. Steven Rainwater [EMAIL PROTECTED]
Subject: Re: [Clamav-users] clamav-milter seems unstable
with 0.87
To: clamav-users@lists.clamav.net


Thanks Todd, this was the first thing I've tried that
helped. Prior to
0.87, we were running max children at 25 and never had
problems. I
bumped it up to 40 now and that seems to have helped
somewhat. We're
still getting a couple of the error messages in the log
every hour but
it seems that overall, clamav-milter is now able to
continue longer
before sendmail starts rejecting everything. I adjusted
my cron job to
restart clamav-milter once a day instead of once an hour,
so things are
relatively stable compared to yesterday.

I still find it odd that 0.87 seems so broken. All the
previous 
versions
we've run on this machine have been very stable. And I
take it this is
not a problem anyone else is seeing, making it even more
of a mystery.

Taking a clue from the max children setting, I started
monitoring the
processes and I now have a hunch about what's happening.
I think that
certain emails are crashing clamav-milter or clamd when
it reads them,
causing the processes to hang. I've noticed that each
time we get one 
of
the errors in the log, an additional clamav-milter
process gets 
stuck,
so that over time, we collect more and more stuck
processes until max
children is hit and everything blows up.

Steve,

What errors, if any, are you getting in /path/to/clamd.log?
 Are you seeing segfaults there?

-- 
N.


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Cevher]

R. Steven Rainwater yazmış:

After upgrading one of our servers to clamav 0.87, we are experience
intermittent failures of clamav-milter which result sendmail refusing
all mail until clamav-milter is restarted. Sometimes it will run for 24
hours or more without crashing but generally it seems to crash every few
hours. Typical errors messages we're seeing in the log file at the time
of failure look like this:

Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
(clamav-milter): timeout before data read
Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
(clamav-milter): to error state

Or this:

Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
(clamav-milter): write(Q) returned -1, expected 5: Broken pipe
Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
(clamav-milter): to error state

Or this:

Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
(clamav-milter): write(A) returned -1, expected 5: Broken pipe
Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
(clamav-milter): to error state

Sometimes sendmail starts rejecting all email once we hit just one of
these errors. Other times, I'll see a string of dozens of such errors
over the course of an hour during which time sendmail seems to be
rejecting some email and accepting some email. But eventually, in every
case so far, it fails completely and begins rejecting all email.

I'm sure it would be helpful to know exactly what I'm running here:

OS is Redhat 7.3 fully up to date with all patches from the legacy
project.

Sendmail-8.12.8-9.1.rh73.dag.i386.rpm

clamav-*0.87-1.0.rh7.rf.i386.rpm

Contest of /etc/sysconfig/clamav-milter:

### Simple config file for clamav-milter, you should
### read the documentation and tweak it as you wish.
### --quiet
 
CLAMAV_FLAGS=
--config-file=/etc/clamd.conf
--max-children=20
-T=0
--force-scan
--dont-log-clean
--noreject
--quiet
local:/var/clamav/clmilter.socket


If other config info would help diagnose it, just let me know what's
needed.

If anyone has any clues or suggestions, I've love to hear them.

One side note. In the past I used smtp-vilter instead of clamav-milter
and it had what I think may be a better failure mode. It was designed so
that if it failed, sendmail would continue to operated normally, just
without virus scanning. I much prefer that mode of failure to forcing
sendmail to reject all incoming mail. It would be nice to see such a
feature in future version of clamav-milter.

-Steve

___
http://lurker.clamav.net/list/clamav-users.html


  

Try with adding --timeout=0 to your CLAMAV_FLAGS variable.
Did you upgrade from 0.86.2?

-- 
Cevher Cemal Bozkur
+-+-+-+-+-+-+-+-+-+
YÖRE NET Teknoloji
Tel:+90 212 234 00 90

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

On Thu, 2005-09-22 at 11:28, Cevher wrote:
 R. Steven Rainwater yazmış:
 After upgrading one of our servers to clamav 0.87,
 we are experience intermittent failures ...
  
 Try with adding --timeout=0 to your CLAMAV_FLAGS variable.

According to the man page 0 is the default value for timeout. But 
my config current has this in it already:

-T=0


The man page also indicates that -T=0 should be equivalent to
--timeout=0. I'll try changing it from T to timeout and see if that
makes any difference.

 Did you upgrade from 0.86.2?

Yes.

-Steve

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

Update. I tried changing -T=0 to --timeout=0 as one person suggested but
it had no effect. For the moment, I've added a chron job that restarts
clamav-milter hourly, which is at least keeping the mail flowing for
now. If I can't come up with a solution shortly though, I may need to
downgrade back to 0.86. Has anyone else seen anything like this before?
I've double checked that there were no other changes to the server or
sendmail configuration - just the clamav upgrade. 

-Steve

On Thu, 2005-09-22 at 11:20, R. Steven Rainwater wrote:
 After upgrading one of our servers to clamav 0.87, we are experience
 intermittent failures of clamav-milter which result sendmail refusing
 all mail until clamav-milter is restarted. Sometimes it will run for 24
 hours or more without crashing but generally it seems to crash every few
 hours. Typical errors messages we're seeing in the log file at the time
 of failure look like this:
 
 Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
 (clamav-milter): timeout before data read
 Sep 19 00:53:34 wirrn sendmail[22759]: j8J5nY16022759: Milter
 (clamav-milter): to error state
 
 Or this:
 
 Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
 (clamav-milter): write(Q) returned -1, expected 5: Broken pipe
 Sep 20 10:26:08 wirrn sendmail[22405]: j8KDA4bF022405: Milter
 (clamav-milter): to error state
 
 Or this:
 
 Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
 (clamav-milter): write(A) returned -1, expected 5: Broken pipe
 Sep 20 10:55:15 wirrn sendmail[27926]: j8KDt1bE027926: Milter
 (clamav-milter): to error state
 
 Sometimes sendmail starts rejecting all email once we hit just one of
 these errors. Other times, I'll see a string of dozens of such errors
 over the course of an hour during which time sendmail seems to be
 rejecting some email and accepting some email. But eventually, in every
 case so far, it fails completely and begins rejecting all email.
 
 I'm sure it would be helpful to know exactly what I'm running here:
 
 OS is Redhat 7.3 fully up to date with all patches from the legacy
 project.
 
 Sendmail-8.12.8-9.1.rh73.dag.i386.rpm
 
 clamav-*0.87-1.0.rh7.rf.i386.rpm
 
 Contest of /etc/sysconfig/clamav-milter:
 
 ### Simple config file for clamav-milter, you should
 ### read the documentation and tweak it as you wish.
 ### --quiet
  
 CLAMAV_FLAGS=
 --config-file=/etc/clamd.conf
 --max-children=20
 -T=0
 --force-scan
 --dont-log-clean
 --noreject
 --quiet
 local:/var/clamav/clmilter.socket
 
 
 If other config info would help diagnose it, just let me know what's
 needed.
 
 If anyone has any clues or suggestions, I've love to hear them.
 
 One side note. In the past I used smtp-vilter instead of clamav-milter
 and it had what I think may be a better failure mode. It was designed so
 that if it failed, sendmail would continue to operated normally, just
 without virus scanning. I much prefer that mode of failure to forcing
 sendmail to reject all incoming mail. It would be nice to see such a
 feature in future version of clamav-milter.
 
 -Steve
 
 ___
 http://lurker.clamav.net/list/clamav-users.html

___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav-milter seems unstable with 0.87

[Matthew.van.Eerde]

R. Steven Rainwater wrote:
 Update. I tried changing -T=0 to --timeout=0 as one person suggested
 but it had no effect. For the moment, I've added a chron job that
 restarts clamav-milter hourly, which is at least keeping the mail
 flowing for now. If I can't come up with a solution shortly though, I
 may need to downgrade back to 0.86.

Have you tried running clamd and using --external on clamav-milter?

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Todd Lyons]

[EMAIL PROTECTED] wanted us to know:

R. Steven Rainwater wrote:
 Update. I tried changing -T=0 to --timeout=0 as one person suggested
 but it had no effect. For the moment, I've added a chron job that
 restarts clamav-milter hourly, which is at least keeping the mail
 flowing for now. If I can't come up with a solution shortly though, I
 may need to downgrade back to 0.86.

Have you tried running clamd and using --external on clamav-milter?

Agreed, that's the way we run it here and don't have any problems with
0.87 yet on a medium volume mail server (approx 50K emails/day).

-- 
Regards...  Todd
They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.   --Benjamin Franklin
Linux kernel 2.6.11-12mdksmp   2 users,  load average: 2.04, 2.18, 1.98
___
http://lurker.clamav.net/list/clamav-users.html

RE: [Clamav-users] clamav-milter seems unstable with 0.87

[R. Steven Rainwater]

On Thu, 2005-09-22 at 15:22, [EMAIL PROTECTED] wrote:
 R. Steven Rainwater wrote:
  Update. I tried changing -T=0 to --timeout=0 as one person suggested
  but it had no effect. For the moment, I've added a chron job that
  restarts clamav-milter hourly, which is at least keeping the mail
  flowing for now. If I can't come up with a solution shortly though, I
  may need to downgrade back to 0.86.
 
 Have you tried running clamd and using --external on clamav-milter?

Just tried it. Already had two more crashes in less than 10 minutes!
:-(  Both were of the write(A) return -1, expected 5: Broken pipe
variety, if that means anything.

-Steve


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter seems unstable with 0.87

[Todd Lyons]

R. Steven Rainwater wanted us to know:

 Have you tried running clamd and using --external on clamav-milter?
Just tried it. Already had two more crashes in less than 10 minutes!
:-(  Both were of the write(A) return -1, expected 5: Broken pipe
variety, if that means anything.

Pick up the max children setting.  See if that makes a difference.
Watch as the number of processes build up.

Also check dmesg to see if it's reporting weird things such as NMI
errors (ie bad memory);.
-- 
Regards...  Todd
Well, it's Karch...   --frequently heard after every amazing move he does
Linux kernel 2.6.11-12mdksmp   load average: 1.34, 1.29, 1.60
___
http://lurker.clamav.net/list/clamav-users.html