[clamav-win32] Long bursts of inbound traffic from clamd
clamavlist at bedrox.com
Tue Oct 23 21:25:14 CEST 2007
Since last Wednesday our mail server has seen frequent long bursts (upwards of
30-60 minutes each) of inbound traffic of 1-2 Mbps. Since this is a mail
server (running Windows Server 2003) I first thought the mail server was under
a DOS or spam attack. Not so.
Shutting off all services, one by one through process of elimination, revealed
the culprit-- spamd.exe which runs as a service. Every time one of these
periods of sustained traffic occurs, we can immediately halt it by stopping
the clamd service.
This is possibly UDP traffic, because "netstat -n" does not show any
We upgraded to the latest Clam version a few weeks ago, but this particular
problem has only been happening since last Wednesday. I've completely
un-installed ClamAV 0.91.2 and re-installed, but that has not helped.
Anyone else seeing this, or have any clues what might be happening?
More information about the clamav-win32