> some background information would be helpful:
> I see you're running it on a sparc of some sort, can you supply
> information about the environment clam is running in (RAM/CPU, etc)?
1G RAM, single UltraSparc IIi
> Can I see the config file for clamd? How are you calling clamd? I see
Attached.
> all the files are in /var/spool/clamav-filter - this suggests an app I
> am unfamiliar with placing files there and then calling clamd.
#!/bin/sh
INSPECT_DIR=/var/spool/clamav-filter
SENDMAIL="/usr/lib/sendmail -i"
CLAMSCAN=/usr/bin/clamdscan
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
TEMP=$(tempfile -d $INSPECT_DIR -p clfi.)
# Clean up when done or when aborting.
trap "rm -f $TEMP log.$$" EXIT HUP INT QUIT TERM
cat >$TEMP
$CLAMSCAN $TEMP 2>log.$$
retval=$?
case "$retval" in
(0)
formail -i 'X-Clamav-Filter: scanned' < $TEMP | $SENDMAIL "$@"
exit $? # No virus found
;;
(1)
echo Message content rejected
cp $TEMP quarantine.$(date '+%Y%m%d-%H%M%S-%N').$$
cp log.$$ log.$(date '+%Y%m%d-%H%M%S-%N').$$
exit $EX_UNAVAILABLE
;;
(2)
echo An error occurred
exit $EX_TEMPFAIL
;;
esac
exit $retval
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogFile /var/log/clamav/clamav.log
LogTime
LogFileMaxSize 0
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/
SelfCheck 3600
ScanOLE2
ScanPE
DetectBrokenExecutables
ScanHTML
ArchiveBlockMax
LogClean
LogVerbose
