Re: [exim] Strange problem with the communication to ClamAV

Top Page
Delete this message
Reply to this message
Author: Evgeniy Berdnikov
Date:  
To: exim-users
Subject: Re: [exim] Strange problem with the communication to ClamAV
On Thu, Jul 08, 2021 at 03:57:49PM +0200, Luca Bertoncello via Exim-users wrote:
> Am 08.07.2021 15:24, schrieb Jeremy Harris via Exim-users:

...
> > have worked. I'd suggest running a smaller timeout, letting this
> > error ripple though to a defer and subsequent retry from the sender.
>
> Hi Jeremy,
>
> well, so simple is not by us, since we have three Antivirus: Kaspersky,
> Amavis and ClamAV.
> And due to a decision of my boss is ClamAV the last in the check list...


1. Chaining and chain order does not matter.
2. Amavis is not antivirus, it is a content filter with limited capability.

> The very curios: the server is NOT YET in production and just receive test
> E-Mails from our Icinga-Monitor (every 10 minutes) to check that the
> workflow runs.
> And sometimes during this process has Exim problems speacking with ClamAV...


It looks like a problem in ClamAV, not Exim.

For test environment and workload "1 mail / 10 minutes" you are free to
emplement extensive debugging. The line "read timeout" in the log file
may be used as a trigger. Look what ClamAV is doing (with strace/ltrace),
get program stack (with pstack or gdb). The aim is to clarify whether
this is a ClamAV bug or not.

I've stopped to use ClamAV several years ago. Until this moment I had to
use software watchdog for it, because sometimes (once in 3-5 weeks) it
crashes of hangs on connect. Watchdog script is attached.
--
Eugene Berdnikov
#!/usr/bin/perl

use Socket;

$clamd_socket = '/var/run/clamav/clamd.ctl';
$clamd_pidfile = '/var/run/clamav/clamd.pid';

if (!open (FD, "< $clamd_pidfile")) {
    print STDERR "file $clamd_pidfile does not exist\n";
    print STDERR "Restarting ClamAv-daemon...\n";
    exec "/etc/init.d/clamav-daemon restart";
}
chomp ($clamd_pid = <FD>);
close (FD);


if (!kill 0, $clamd_pid) {
print STDERR "clamav-daemon (pid=$clamd_pid) is not running, restarting..\n";
exec "/etc/init.d/clamav-daemon restart";
}

$sun = sockaddr_un($clamd_socket);
socket(SH, PF_UNIX, SOCK_STREAM, 0) || die;

eval {
   local $SIG{ALRM} = sub { die "connect($clamd_socket) timed out"; };
   alarm 15; $ret_unix = connect(SH, $sun); alarm 0;
};
if (!$ret_unix || $@ =~ m/timed out/) {
   print STDERR "connect($clamd_socket) -> $!\n";
   if (kill 0, $clamd_pid) {
    print STDERR "trying to kill pid=$clamd_pid...\n";
    kill 1, $clamd_pid; sleep 10 ; kill 9, $clamd_pid; sleep 5;
   }
   print STDERR "Restarting ClamAv-daemon...\n";
   system("/etc/init.d/clamav-daemon restart");
}


###