[exim] Strange problem with the communication to ClamAV

Top Page
Delete this message
Reply to this message
Author: Luca Bertoncello
Date:  
To: Users, Exim
Subject: [exim] Strange problem with the communication to ClamAV
Hi list!

We have a very strange problem on a mailserver by us...

Sometime, very random, Exim reports:

2021-07-08 14:08:32 1m1Ske-000Gkt-3E malware acl condition: clamd
/var/run/clamav/clamd.ctl : unable to read from socket (Connection timed
out)

In this moment there are _NO_ log entry in ClamAV-Log or Syslog, so I
can't understand why sometimes Exim cannot speak with ClamAV...

In the Exim-configuration we have:

   deny   condition       = ${if eq {$acl_m_ciphermail}{true}{no}{yes}}
           condition      = ${if eq {$acl_m_dontAVscan}{} {yes}{no}}
           message        = 552 PVC06 - This message contains a virus 
($malware_name) - Scanned by ClamAV
           log_message    = 552 PVC06 - E-Mail contains Virus. 
ASSISTENCE_MESSAGE (PVC06)
           set acl_m0     = clamd:/var/run/clamav/clamd.ctl
           malware        = * / tmo=5m


As you see, I already tried to give a huge timeout in the communication
between Exim and ClamAV, but it does not solve the problem...

Do someone have an idea?

Thanks a lot
Luca Bertoncello
(lucabert@???)