Re: sudden problem with clamav hosing my server
On Tue February 12 2008 11:19:06 Robert Cates wrote:
> I'm suddenly having problems with what seems to be my clamav installation -
> clamav 0.90.1-3etch8 on Debian 4.0 Etch i386 (kernel 2.6.18-6-686-18etch1).
> Things have been fine until about a week or two ago when my server started
> bombing-out (no access at all, and I would have to physically reboot the
> machine). Anyway, I've been getting a lot of this type of problem:
>
> Feb 12 06:51:16 server postfix/smtpd[5742]: disconnect from
> unknown[123.123.123.123]
>
> Feb 12 06:51:24 server amavis[5579]: (05579-06) (!) /usr/bin/clamscan is
> taking longer than 315 s and will be killed
>
> Feb 12 06:51:24 server amavis[5579]: (05579-06) (!) killing process [6110]
> running /usr/bin/clamscan
>
> Feb 12 06:51:24 server amavis[5579]: (05579-06) (!) run_av: timed out
>
> Feb 12 06:51:24 server amavis[5579]: (05579-06) (!!) ClamAV-clamscan
> av-scanner FAILED: /usr/bin/clamscan timed out at (eval 44) line 462.
>
> Feb 12 06:51:24 server amavis[5579]: (05579-06) (!!) TROUBLE in check_mail:
> virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd
> av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl
> (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or
> directory) at (eval 44) line 268.; ClamAV-clamscan av-scanner FAILED:
> /usr/bin/clamscan timed out at (eval 44) line 462.
>
> I've searched Google and reluctantly changed ownership and permissions
> (from clamav to amavis), but that obviously did not seem to be the problem.
>
> Does anybody know what could be wrong, and what I need to do to fix this
> problem? When it gets that far, my mail server (Postfix) is not receiving
> mail.
Any possibility of a very large email that's hanging it up? Alternatively,
a bug could be causing it to loop on a not-large email. Try using top to
see when the scanner starts accumulating CPU and then lsof -p to see what
it's scanning.
--Mike Bird
Reply to: