Re: [Exim] Paniclog says clamd: buffer too small

Top Page
Delete this message
Reply to this message
Author: Andreas Piesk
Date:  
To: Mark Douglas
CC: exim-users, tom
Subject: Re: [Exim] Paniclog says clamd: buffer too small
Mark Douglas schrieb:
|
| In brief. Clamav0.65 with exim 4.24 and revision 13 exiscan.
| Clamd died, required re-install. Now all works but in Exim's
| paniclog I sometimes get

|
| malware acl condition: clamd: buffer too small

|
| Can anyone tell me why and how to fix it?


well, your clamd returns more than or exactly 1024 bytes.
look at malware.c:823:

~      /* Read the result */
~      memset(av_buffer, 0, sizeof(av_buffer));
~      bread = read(sock, av_buffer, sizeof(av_buffer));
~      close(sock);
...
~      if (bread == sizeof(av_buffer)) {
~        log_write(0, LOG_MAIN|LOG_PANIC,
~                  "malware acl condition: clamd: buffer too small");
~        return DEFER;
~      }



first you should check, why clamd is returning so much data. if that is
ok, increase the size of av_buffer.

i think, i sent tom some stuff replacing the fixed buffer with a
dynamically created one some time ago. tom, why the fixed buffer again?
was there a problem with the code?


- -ap