Upgrade to clamav 0.90.2 makes scanning extremely slow

Wed Apr 25 20:52:26 IST 2007

Daniel Maher spake the following on 4/25/2007 11:35 AM:
>> I think I discovered the patches in this same list.
>> Anyway I'll post them again (wrapper might be slightly
>> modified -- I don't remember)
>>
>> Apply SweepViruses.patch:
> 
> <Snip>
> 
>> clamav-0.90.2/contrib/clamdwatch
>> There are install instructions there
>>
>> That's all.
>> I don't remember doing something else,
>> apart from telling the system that clamd
>> should be running on system reboot.
>>
>> Good luck
>>
>> Giannis
>> ps. This configuration works for me,
>> Apply at your own risk.
> 
> 
> Thank you for your prompt and informative reply!  Unfortunately, it "didn't work". :(  I followed all of the steps, including the wrapper, lint, and debug tests, and everything appeared to be ok.
> 
> When I restarted MailScanner with "clamd" as the Virus Scanner, all continued to appear well.  Messages were coming in, getting processed, ostensibly scanned, and passed along.  However, the load had dropped /so much/ compared to clamscan that I became suspicious.  I sent a handful of messages with either the Eicar test string, or the Eicar zip file, through the mail server.  They passed through cleanly, without so much as a warning.
> 
> Clearly, messages were /not/ getting scanned by clamd.  I re-enabled clamscan, and sent the same Eicar test messages again; this time, they were indentified as normal.
> 
> After some investigation, I noticed that the Incoming Work Dir was not owned by the proper group, as defined by: Incoming Work Group = clamv
> I chgrp -R'd the directory, and tried again, but to my surprise, when I restarted MailScanner, ownership reverted to postfix.root !
> 
> Does anybody have any idea why the permissions on the Incoming Work Dir are not being set properly, and what might be changing them?  Furthermore, does this even seem to be the reason why clamd wasn't able to scan incoming mail?
> 
> As always, I appreciate any commentary or feedback.  Thank you.
> 
> 
> --
>   _
>  °v°  Daniel Maher
> /(_)\ Administrateur Système Unix
>  ^ ^  Unix System Administrator
>  
> "How can a man choose between Fresh and Fly?  And believe me, there IS a difference." - Crack Stuntman, 2007.
Probably the user that provided the patches is running sendmail, and you are
running postfix.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!