Clamav Ping Timeout During Update
Rick Cooper
rcooper at dwford.com
Mon Mar 3 22:31:30 GMT 2008
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of Neal Morgan
> Sent: Monday, March 03, 2008 12:16 PM
> To: mailscanner at lists.mailscanner.info
> Subject: Clamav Ping Timeout During Update
>
> Greetings:
>
> My Mailscanner has been reporting timeouts when clamav updates its
> database. I see entries like this in syslog:
>
> 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]:
> Clamd::ERROR:: CLAM PING TIMED OUT! :: .
>
>
> If I review the clamav log, it seems that the timeout always occurs
> within several seconds of the "database reloaded" entry:
>
> Mon Mar 3 08:30:21 2008 -> SelfCheck: Database modification
> detected.
> Forcing reload.
> Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav
> Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704
> signatures)
>
>
> I wouldn't care too much about this, except any messages
> passing through
> MailScanner during that same several second period get
> marked as virus
> infected with "Denial of Service" as the virus report.
>
> I am running Mailscanner on 5 servers, all Debian etch, all using the
> package maintainer's clamav and all using MailScanner-4.66.5-3 built
> from source. All 5 are experiencing the same issue.
>
Are you running clamavmodule as well as clamd (accidentally or otherwise)?
If you are turn one off, you don't want ClamAVModule and clamd both.
MailScanner --lint should tell you if it's calling both.
If not using the perl module you should not be tracking the clam databases
within MailScanner as they have no meaning at all. Look for "Monitors for
ClamAV Updates" in MailScanner.conf and get remove the information relating
to the databases. It would be a question for Julian as to why MailScanner
would be watching those files if clamavmodule is not in use. Also, the Clamd
ping timeout is 90 seconds, that is a long, long time. I cannot imagine why
it would take that much time to connect. Using TCP or Unix sockets? Anything
odd in the clamd logs? This should only happen if you can connect to clamd
but it fails to return anything at all within the 90 seconds (even
jibberish)
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list