[clamav-win32] Long bursts of inbound traffic from clamd

Jeff clamavlist at bedrox.com
Tue Oct 23 21:25:14 CEST 2007

Since last Wednesday our mail server has seen frequent long bursts (upwards of
30-60 minutes each) of inbound traffic of 1-2 Mbps.  Since this is a mail
server (running Windows Server 2003) I first thought the mail server was under
a DOS or spam attack.  Not so.

Shutting off all services, one by one through process of elimination, revealed
the culprit-- spamd.exe which runs as a service.  Every time one of these
periods of sustained traffic occurs, we can immediately halt it by stopping
the clamd service.

This is possibly UDP traffic, because "netstat -n" does not show any
established connections.

We upgraded to the latest Clam version a few weeks ago, but this particular
problem has only been happening since last Wednesday.   I've completely
un-installed ClamAV 0.91.2 and re-installed, but that has not helped.

Anyone else seeing this, or have any clues what might be happening?

More information about the clamav-win32 mailing list