Author: Luca Bertoncello Date: To: Users, Exim Subject: Re: [exim] Strange problem with the communication to ClamAV
Am 12.07.2021 09:56, schrieb Andrew C Aitchison:
Hi Andrew,
>> Yesterday happens the problem again, using ClamAV with TCP instead of
>> Unix-Socket.
>> This time I can see a correlation to the triggered reload:
>>
>> Exim paniclog:
>> 2021-07-10 14:10:25 1m2BjZ-0002Ox-Ew malware acl condition: clamd
>> [127.0.0.1]:3310 : unable to read from socket (Connection timed out)
>> 2021-07-10 14:10:58 1m2Bk6-0002QG-79 malware acl condition: clamd
>> [127.0.0.1]:3310 : unable to read from socket (Connection timed out)
>
> I had not noticed that this was paniclog.
> Do you need some sort of defer option so that exim handles clamav
> timeouts
> gracefully ?
Not of all...
I'm using ClamAV 0.102.4+dfsg-0+deb10u1 from Debian 10 repositories.
>> Clam-log:
>> Sat Jul 10 14:10:40 2021 -> Reading databases from /var/lib/clamav
>> Sat Jul 10 14:11:09 2021 -> Database correctly reloaded (8544586
>> signatures)
>>
>> Any idea how to change the configuration in order to avoid the
>> problem?
>
> Modern clamd/freshclam (not sure when it started, maybe 0.103.0) will
> load the new database in the background then switch over; my
> clamav.log has
>
> Sun Jul 11 14:00:22 2021 -> Reading databases from /var/lib/clamav
> Sun Jul 11 14:00:35 2021 -> Database correctly reloaded (8545008
> signatures)
> Sun Jul 11 14:00:35 2021 -> Activating the newly loaded database...
I can't explain me, why another server, with the same version and
configuration of Exim and ClamAV does not have the same problem...
Thanks for any suggestion
Luca Bertoncello
(lucabert@???)