Victor Sudakov via Exim-users wrote:
> >
> > > or a bug in Exim, or both, but if I can provide any help or
> > > additional info/testing to clear the situation once and for all, I'd be
> > > glad to.
> >
> > If you could get a run with the original configuration, but with debug
> > enabled (command-line "-d+all") on the exim that ends up calling
> > out to Clam, that will help to locate that "close(-1)" we saw.
> >
> > If that's the exim daemon:
> >
> > - Check using "ps" for any extra args normally used on your
> > exim daemon process
> > - stop the exim service
> > - run
> > # exim -d+all -bd 2>&1 | tee logfile
> > to get a daemon with debug.
>
> I now have this log and am ready to send it privately to you or another
> person requesting it, preferably in encrypted form. I would not like to
> publish such a detailed log somewhere on the Internet.
Does anyone need the "-d+all" log?
>
> A relevant snippet from the log is below:
>
>
> 13:54:33 63708 Malware scan: clamd tmo=2m
> 13:54:33 63708 trying server name 192.168.153.104, port 3310
> 13:54:33 63708 TFO mode connection attempt to 192.168.153.104, 10 data
> 13:54:33 63708 Malware scan: issuing clamd new-style remote scan (zINSTREAM)
> 13:54:33 63708 socket: domain AF_INET lcl [95.170.141.50]:47149 type SOCK_STREAM proto tcp
> 13:54:33 63708 LOG: MAIN PANIC
> 13:54:33 63708 malware acl condition: clamd : unable to send file body to socket (192.168.153.104)
> 13:54:33 63708 deny: condition test failed in ACL "acl_check_data"
>
>
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet
http://vas.tomsk.ru/
