Replying to my own posts is obviously not a good sign...
We've narrowed this down a bit - and it doesn't look like it's just an
issue with 0.88.4 - we backed the server down to 0.88.1 and the same thing
happened...
Looking back at the logs - clamd typically consumes around 40Mb / 36Mb of
memory (total / resident).
This is on a pretty busy server - something's happening to cause that to
baloon - e.g. when we catch in the throws of death it's using around 600Mb
RAM (of which 550Mb odd is marked as 'resident') with the machine starting
to swap heavily.
The only output in syslog I can see is:
"
Aug 23 14:45:26 myhost clamav-milter: clamfi_eom: read nothing from clamd
on myhost.domain.com
Aug 23 14:46:15 myhost clamav-milter: clamfi_eom: read nothing from clamd
on myhost.domain.com
"
In the clamd log, all I can see is:
"
SelfCheck: Database status OK.
/var/tmp//clamav-66e1a298d2ead163/msg.OvzTj2: HTML.Phishing.Auction-144
FOUND
SelfCheck: Database status OK.
SelfCheck: Database status OK.
[and then]
/var/run/clamav/clamd: Connection refused
/var/run/clamav/clamd: Connection refused
/var/run/clamav/clamd: Connection refused
/var/run/clamav/clamd: Connection refused
"
And that's it.
Bearing in mind this is a busy server - does anyone have any hints for what
log options I could sensibly enable that might throw some light on this,
without generating huge swathes of debug output?
Thanks,
-Karl
ps. Does anyone know if it's safe to run clamav-milter using just the
libclamav library, and not have it connect to clamd? - We used to do this
before, but it went through a phase of 'not being recommended' and causing
problems - does it still?
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
