clamd with amavis on Postfix
I am using playing with clamd and spamd on a [production] server. ;-)
I really like clamd however it keeps dying.
The [Postfix] MTA server is acting as a mail gateway processing about 20,000+ incoming emails daily.
Since amavis does not depend on clamd, Postfix just goes on delivering un-scanned emails when clamd dies.
Thus, nothing is really impacted when clamd dies.
However, I was wondering if there is anything I do aside from running a cronjob to keep clamd running ?
Any recommendations would greatly be appreciated. Since most users [on my end] are unaware
that I am testing clamd, turning off clamd will not hurt many.
But, having a virus scanner on the mail gateway seems so cool. Are there any other nice virus scanners that
are open source ?
I have these packages installed:
==========================================
Sarge:
ii amavisd-new 20030616p7-3 Interface between MTA and virus scanner/cont
ii clamav 0.67-7 Antivirus scanner for Unix
ii clamav-base 0.67-7 Base package for clamav, an anti-virus utili
ii clamav-daemon 0.67-7 Powerful Antivirus scanner daemon
ii clamav-freshcl 0.67-7 Downloads clamav virus databases from the In
ii libclamav1 0.67-7 Virus scanner library
Woody:
ii postfix 1.1.11-0.woody A high-performance mail transport agent
ii postfix-ldap 1.1.11-0.woody LDAP map support for Postfix
ii postfix-pcre 1.1.11-0.woody PCRE map support for Postfix
Logs from clamd where crash occured:
==========================================
Tue Apr 6 14:09:43 2004 -> +++ Started at 2004-04-06 14:09:43
Tue Apr 6 14:09:43 2004 -> Log file size limited to 1048576 bytes.
Tue Apr 6 14:09:43 2004 -> Reading databases from /var/lib/clamav/
Tue Apr 6 14:09:44 2004 -> Protecting against 20848 viruses.
Tue Apr 6 14:09:45 2004 -> Unix socket file /var/run/clamav/clamd.ctl
Tue Apr 6 14:09:45 2004 -> Setting connection queue length to 15
Tue Apr 6 14:09:45 2004 -> Maximal number of threads: 12
Tue Apr 6 14:09:45 2004 -> Archive: Archived file size limit set to 1048576 bytes.
Tue Apr 6 14:09:45 2004 -> Archive: Recursion level limit set to 5.
Tue Apr 6 14:09:45 2004 -> Archive: Files limit set to 10000.
Tue Apr 6 14:09:45 2004 -> WARNING: USING HARDCODED LIMIT: Archive: Compression ratio limit set to 200.
Tue Apr 6 14:09:45 2004 -> Archive support enabled.
Tue Apr 6 14:09:45 2004 -> RAR support disabled.
Tue Apr 6 14:09:45 2004 -> Mail files support enabled.
Tue Apr 6 14:09:45 2004 -> OLE2 support disabled.
Tue Apr 6 14:09:45 2004 -> Self checking every 3600 seconds.
Tue Apr 6 14:09:45 2004 -> Timeout set to 180 seconds.
Tue Apr 6 14:09:45 2004 -> SelfCheck: Database status OK.
Tue Apr 6 14:11:33 2004 -> /var/lib/amavis/amavis-20040406T141123-32670/parts/part-00003: Worm.Bagle.Gen-zippwd-2 FOUND
Tue Apr 6 14:11:33 2004 -> /var/lib/amavis/amavis-20040406T141123-32670/parts/email.txt: Worm.Bagle.Gen-zippwd-2 FOUND
Tue Apr 6 14:28:22 2004 -> /var/lib/amavis/amavis-20040406T142653-02329/parts/email.txt: Worm.Mydoom.F FOUND
Tue Apr 6 14:28:22 2004 -> /var/lib/amavis/amavis-20040406T142653-02329/parts/part-00003: Worm.Mydoom.F FOUND
Tue Apr 6 15:10:21 2004 -> SelfCheck: Database status OK.
Tue Apr 6 15:13:49 2004 -> /var/lib/amavis/amavis-20040406T151248-06187/parts/email.txt: Worm.Mydoom.F FOUND
Tue Apr 6 15:13:49 2004 -> /var/lib/amavis/amavis-20040406T151248-06187/parts/part-00005: Worm.Mydoom.F FOUND
Tue Apr 6 15:14:48 2004 -> /var/lib/amavis/amavis-20040406T151340-06284/parts/part-00003: Worm.SomeFool.P FOUND
Tue Apr 6 15:15:24 2004 -> /var/lib/amavis/amavis-20040406T151426-06364/parts/part-00003: Worm.Bagle.Gen-zippwd-2 FOUND
Tue Apr 6 15:15:24 2004 -> Segmentation fault :-( Bye..
My clamd.conf looks like this:
==========================================
debian:/var/lib/amavis# cat /etc/clamav/clamav.conf
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket
ScanMail
ScanArchive
ArchiveMaxRecursion 5
ArchiveMaxFiles 10000
ArchiveMaxFileSize 1M
ThreadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamSaveToDisk
LogFile /var/log/clamav/clamav.log
LogTime
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/
#SelfCheck 3600
SelfCheck 3600
#added later by Ted
#TCPSocket 11111
TCPAddr 127.0.0.1
MaxConnectionQueueLength 50
ArchiveMaxFiles 10000
MaxThreads 20
#don't scan any files larger than 1M
ClamukoMaxFileSize 1M
MaxConnectionQueueLength 30
Server power:
=================================
debian:/var/log/clamav# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 10
cpu MHz : 1000.041
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse
bogomips : 1992.29
debian:/var/log/clamav# cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 525742080 489848832 35893248 0 15749120 308232192
Swap: 1499279360 20836352 1478443008
MemTotal: 513420 kB
MemFree: 35052 kB
MemShared: 0 kB
Buffers: 15380 kB
Cached: 288752 kB
SwapCached: 12256 kB
Active: 287828 kB
Inactive: 153920 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 513420 kB
LowFree: 35052 kB
SwapTotal: 1464140 kB
SwapFree: 1443792 kB
--
------------------------------------------
Ted Knab
Chester, Maryland 21619 USA
------------------------------------------
Conquest is easy. Control is not.
-- Kirk, "Mirror, Mirror", stardate unknown
Reply to: