MS hangs with strange clamav database
Glenn Steen
glenn.steen at gmail.com
Mon Apr 7 12:54:50 IST 2008
On 07/04/2008, Ronny T. Lampert <telecaadmin at gmail.com> wrote:
> Hi,
>
> Usually the clamav database looks like this:
>
> #> ls -l /var/clamav/
> total 13152
> -rw-r--r-- 1 clamav clamav 396261 Apr 7 12:39 daily.cvd
> -rw-r--r-- 1 clamav clamav 13050207 Apr 7 12:39 main.cvd
> -rw------- 1 clamav clamav 52 Apr 7 12:40 mirrors.dat
>
>
> But sometimes the daily.cvd and main.cvd get strangely converted to
> subdirectories with around 10 files in them - that's when MS starts to
> hang and not process any mail at all.
>
> Error is:
>
> Apr 7 12:34:10 SERVER MailScanner[24956]: None of the files matched by
> the "Monitors For ClamAV Updates" patterns exist!
>
> ... which of course is true because of my setting
>
> Monitors for ClamAV Updates = /var/clamav/*.cvd
So you are using ClamAVModule... Then that one is wrong, and has been
for quite some time now. If you search the archives you'll see that it
need look something like:
Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db
/var/clamav/*.cvd
.... Assuming /var/clamav to be correct for your ClamAV signature DBs.
The first one is for the incremental updates you are normally seeing,
the second for any "extra" signatires you might have, the third one is
for the "normal" monolithic DBs.
>
> My question is twofold:
>
> 1) Has anybody seen a similar thing and why do the clamav files get
> strange?
Yes. Incremental updates.
>
> 2) What is the best value for "Monitors for ClamAV Updates" to prevent
> such a breakdown in case clamav gets strange again?
"Best" is a relative tierm:-). The above is what I use...
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list