ClamAV .90.2 Troubles & Slowdowns

As of lately I've noticed that my systems have experienced some mail-clogging issues, where messages get stuck in the mail queues and my CPU utilization goes off the chart. Some of my customers have noticed this as well, and in one case they're running that Piratefish off an AMD 64 server, so there's no lack of horsepower.

However, the problem seems to manifest with log entries that look like this:

Jul 27 15:26:07 (server) MailScanner[16763]: Commercial scanner clamav timed out!
Jul 27 15:26:07 (server) MailScanner[16763]: clamav: Failed to complete, timed out
Jul 27 15:26:07 (server) MailScanner[16763]: Virus Scanning: Denial Of Service attack detected!

I've already posted a query about the timeline for updates to ClamAV on the Ubuntu forums as I believe the latest version (0.91.1) would probably solve these problems, but for the time being, we're stuck with .90.2. If any users would like to log into the Ubuntu forums and put their two cents in, please do so - ubuntuforums.org is a fantastic resource for all Ubuntu users - and the community improves when we all participate.

To deactivate ClamAV in your Piratefish configuration, do the following:

1) Log into Webmin
2) Open the Servers menu on the left-bar
3) Select MailScanner
4) Click on the Virus Scanning and Vulnerability Testing icon
5) Turn off Virus Scanning
6) Click on Save
7) Click on Return to module index
8) Click on the Apply Changes button
9) Wait about 10 seconds, then click on the MailScanner server line on the left side menu to refresh the screen - you'll find that MailScanner is no longer running.
10) Click on Start (you may see an error)

After this is done, when you return to the MailScanner server panel, it should appear as running.

Mail will move more quickly through your Piratefish now, but is more likely to be infected, so make sure your users are protected.

Once the new version of ClamAV is published, I'll let everyone know to update and reactivate.

Comments

Popular Posts