[clamav-users] clamav-milter: ClamAV, mi_rd_cmd: read returned -1: Connection reset by peer
Marco
falon at ruparpiemonte.it
Fri Mar 14 08:22:48 UTC 2014
Dear ClamAV users,
I have a boring problem with my clamav installation. Frequently
(twice on a minute) I see this message in clamav log:
clamav-milter[30560]: ClamAV, mi_rd_cmd: read returned -1: Connection
reset by peer
There are no any other warning or error messages.
I installed ClamAV-milter and clamd on a server that is TCP connected
to many Postfix servers configured as follow:
smtpd_milters = inet:example.com:7357
milter_default_action = accept
The clamav-milter conf on example.com is:
MilterSocket inet:7357
ClamdSocket unix:/var/run/clamav/clamd.sock
ClamdSocket tcp:example2.com
OnInfected Reject
OnFail Accept
SupportMultipleRecipients yes
The clamd confs are:
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
LogFacility LOG_LOCAL1
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
MaxConnectionQueueLength 30
MaxThreads 50
User clamav
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no
I also see that after few days clamav-milter eat a lot of memory (2GB):
8159: clamav-milter --config-file=/etc/clamav-milter.conf
Address Kbytes RSS Dirty Mode Mapping
0000000000400000 156 80 0 r-x-- clamav-milter
0000000000627000 4 4 4 rw--- clamav-milter
0000000000628000 4 4 4 rw--- [ anon ]
0000000000827000 8 0 0 rw--- clamav-milter
00000000016ec000 132 44 44 rw--- [ anon ]
000000000170d000 84 60 60 rw--- [ anon ]
000000321ba00000 128 92 0 r-x-- ld-2.12.so
000000321bc1f000 4 4 4 r---- ld-2.12.so
000000321bc20000 4 4 4 rw--- ld-2.12.so
000000321bc21000 4 0 0 rw--- [ anon ]
000000321be00000 8 4 0 r-x-- libdl-2.12.so
000000321be02000 2048 0 0 ----- libdl-2.12.so
000000321c002000 4 0 0 r---- libdl-2.12.so
000000321c003000 4 0 0 rw--- libdl-2.12.so
000000321c200000 1628 524 0 r-x-- libc-2.12.so
000000321c397000 2048 0 0 ----- libc-2.12.so
000000321c597000 16 16 4 r---- libc-2.12.so
000000321c59b000 4 4 4 rw--- libc-2.12.so
000000321c59c000 20 16 16 rw--- [ anon ]
000000321c600000 92 72 0 r-x-- libpthread-2.12.so
000000321c617000 2044 0 0 ----- libpthread-2.12.so
000000321c816000 4 4 4 r---- libpthread-2.12.so
000000321c817000 4 4 4 rw--- libpthread-2.12.so
000000321c818000 16 4 4 rw--- [ anon ]
000000321de00000 88 56 0 r-x-- libresolv-2.12.so
000000321de16000 2048 0 0 ----- libresolv-2.12.so
000000321e016000 4 0 0 r---- libresolv-2.12.so
000000321e017000 4 0 0 rw--- libresolv-2.12.so
000000321e018000 8 0 0 rw--- [ anon ]
0000003c16200000 52 28 0 r-x-- libmilter.so.1.0.1
0000003c1620d000 2044 0 0 ----- libmilter.so.1.0.1
0000003c1640c000 4 4 4 rw--- libmilter.so.1.0.1
0000003c1640d000 12 0 0 rw--- [ anon ]
00007fead8000000 33324 31880 31880 rw--- [ anon ]
00007feada08b000 32212 0 0 ----- [ anon ]
00007feae0000000 65504 63024 63020 rw--- [ anon ]
00007feae3ff8000 32 0 0 ----- [ anon ]
00007feae4000000 65520 63436 63436 rw--- [ anon ]
00007feae7ffc000 16 0 0 ----- [ anon ]
00007feae8000000 65524 46000 45984 rw--- [ anon ]
00007feaebffd000 12 0 0 ----- [ anon ]
00007feaec000000 65504 61824 61792 rw--- [ anon ]
00007feaefff8000 32 0 0 ----- [ anon ]
00007feaf0000000 65536 59860 59856 rw--- [ anon ]
00007feaf8000000 65500 59196 59136 rw--- [ anon ]
00007feafbff7000 36 0 0 ----- [ anon ]
00007feafc000000 65528 58772 58732 rw--- [ anon ]
00007feaffffe000 8 0 0 ----- [ anon ]
00007feb00000000 131072 100636 100584 rw--- [ anon ]
00007feb08000000 65516 52380 52320 rw--- [ anon ]
00007feb0bffb000 20 0 0 ----- [ anon ]
00007feb10000000 65516 33068 33056 rw--- [ anon ]
00007feb13ffb000 20 0 0 ----- [ anon ]
00007feb14000000 65492 63448 63436 rw--- [ anon ]
00007feb17ff5000 44 0 0 ----- [ anon ]
00007feb18000000 65532 52092 52084 rw--- [ anon ]
00007feb1bfff000 4 0 0 ----- [ anon ]
00007feb1c000000 65528 52480 52452 rw--- [ anon ]
00007feb1fffe000 8 0 0 ----- [ anon ]
00007feb20000000 65528 21084 21072 rw--- [ anon ]
00007feb23ffe000 8 0 0 ----- [ anon ]
00007feb24000000 65536 46176 46164 rw--- [ anon ]
00007feb28000000 65520 14692 14676 rw--- [ anon ]
00007feb2bffc000 16 0 0 ----- [ anon ]
00007feb2c000000 65516 2824 2816 rw--- [ anon ]
00007feb2fffb000 20 0 0 ----- [ anon ]
00007feb30000000 131052 57596 57576 rw--- [ anon ]
00007feb37ffb000 20 0 0 ----- [ anon ]
00007feb38000000 65532 61508 61496 rw--- [ anon ]
00007feb3bfff000 4 0 0 ----- [ anon ]
00007feb40000000 65532 47164 47152 rw--- [ anon ]
00007feb43fff000 4 0 0 ----- [ anon ]
00007feb44000000 65508 63704 63692 rw--- [ anon ]
00007feb47ff9000 28 0 0 ----- [ anon ]
00007feb48000000 65536 63496 63496 rw--- [ anon ]
00007feb50000000 65536 65536 65536 rw--- [ anon ]
00007feb58000000 65516 43068 43068 rw--- [ anon ]
00007feb5bffb000 20 0 0 ----- [ anon ]
00007feb5c000000 65536 65536 65536 rw--- [ anon ]
00007feb60000000 65520 63568 63548 rw--- [ anon ]
00007feb63ffc000 16 0 0 ----- [ anon ]
00007feb64000000 65524 53268 53268 rw--- [ anon ]
00007feb67ffd000 12 0 0 ----- [ anon ]
00007feb68000000 131016 88152 88132 rw--- [ anon ]
00007feb6fff2000 56 0 0 ----- [ anon ]
00007feb70000000 131044 121120 121080 rw--- [ anon ]
00007feb77ff9000 28 0 0 ----- [ anon ]
00007feb78000000 65528 63532 63532 rw--- [ anon ]
00007feb7bffe000 8 0 0 ----- [ anon ]
00007feb80000000 65504 22652 22628 rw--- [ anon ]
00007feb83ff8000 32 0 0 ----- [ anon ]
00007feb88000000 65508 61552 61548 rw--- [ anon ]
00007feb8bff9000 28 0 0 ----- [ anon ]
00007feb90000000 65528 55408 55404 rw--- [ anon ]
00007feb93ffe000 8 0 0 ----- [ anon ]
00007feb94000000 131036 37008 37000 rw--- [ anon ]
00007feb9bff7000 36 0 0 ----- [ anon ]
00007feb9c000000 131072 34960 34936 rw--- [ anon ]
00007feba4000000 65536 65536 65536 rw--- [ anon ]
00007feba8000000 140 8 8 rw--- [ anon ]
00007feba8023000 65396 0 0 ----- [ anon ]
00007febac000000 620 12 12 rw--- [ anon ]
00007febac09b000 64916 0 0 ----- [ anon ]
00007febb0000000 320 4 4 rw--- [ anon ]
00007febb0050000 65216 0 0 ----- [ anon ]
00007febb4000000 348 0 0 rw--- [ anon ]
00007febb4057000 65188 0 0 ----- [ anon ]
00007febb8000000 328 0 0 rw--- [ anon ]
00007febb8052000 65208 0 0 ----- [ anon ]
00007febbd7fc000 4 0 0 ----- [ anon ]
00007febbd7fd000 10240 8 8 rw--- [ anon ]
00007febbe1fd000 4 0 0 ----- [ anon ]
00007febbe1fe000 10240 8 8 rw--- [ anon ]
00007febc0000000 308 4 4 rw--- [ anon ]
00007febc004d000 65228 0 0 ----- [ anon ]
00007febc4000000 504 8 8 rw--- [ anon ]
00007febc407e000 65032 0 0 ----- [ anon ]
00007febc8000000 300 0 0 rw--- [ anon ]
00007febc804b000 65236 0 0 ----- [ anon ]
00007febcc000000 524 4 4 rw--- [ anon ]
00007febcc083000 65012 0 0 ----- [ anon ]
00007febd0000000 192 0 0 rw--- [ anon ]
00007febd0030000 65344 0 0 ----- [ anon ]
00007febd4000000 516 8 8 rw--- [ anon ]
00007febd4081000 65020 0 0 ----- [ anon ]
00007febd8000000 432 4 4 rw--- [ anon ]
00007febd806c000 65104 0 0 ----- [ anon ]
00007febdc000000 364 8 8 rw--- [ anon ]
00007febdc05b000 65172 0 0 ----- [ anon ]
00007febe03fa000 4 0 0 ----- [ anon ]
00007febe03fb000 10240 8 8 rw--- [ anon ]
00007febe0dfb000 4 0 0 ----- [ anon ]
00007febe0dfc000 10240 8 8 rw--- [ anon ]
00007febe17fc000 4 0 0 ----- [ anon ]
00007febe17fd000 10240 8 8 rw--- [ anon ]
00007febe21fd000 4 0 0 ----- [ anon ]
00007febe21fe000 10240 8 8 rw--- [ anon ]
00007febe35ff000 4 0 0 ----- [ anon ]
00007febe3600000 10240 24 24 rw--- [ anon ]
00007febe4000000 132 4 4 rw--- [ anon ]
00007febe4021000 65404 0 0 ----- [ anon ]
00007febe8241000 4 0 0 ----- [ anon ]
00007febe8242000 10240 8 8 rw--- [ anon ]
00007febe9643000 4 0 0 ----- [ anon ]
00007febe9644000 10240 4 4 rw--- [ anon ]
00007febea044000 4 0 0 ----- [ anon ]
00007febea045000 10240 4 4 rw--- [ anon ]
00007febeaa45000 4 0 0 ----- [ anon ]
00007febeaa46000 10240 8 8 rw--- [ anon ]
00007febeb446000 20 12 0 r-x-- libnss_dns-2.12.so
00007febeb44b000 2044 0 0 ----- libnss_dns-2.12.so
00007febeb64a000 4 0 0 r---- libnss_dns-2.12.so
00007febeb64b000 4 0 0 rw--- libnss_dns-2.12.so
00007febeb64c000 48 24 0 r-x-- libnss_files-2.12.so
00007febeb658000 2048 0 0 ----- libnss_files-2.12.so
00007febeb858000 4 0 0 r---- libnss_files-2.12.so
00007febeb859000 4 0 0 rw--- libnss_files-2.12.so
00007febeb85a000 16 12 12 rw--- [ anon ]
00007febeb86e000 4 4 4 rw--- [ anon ]
00007febeb86f000 4 0 0 rw--- [ anon ]
00007fff6d502000 84 8 8 rw--- [ stack ]
00007fff6d5ff000 4 4 0 r-x-- [ anon ]
ffffffffff600000 4 0 0 r-x-- [ anon ]
---------------- ------ ------ ------
total kB 3865260 2018488 2017004
Finally this is the clamd start log:
2014-03-13T14:31:58.079658+01:00 av-02 clamd[509]: clamd daemon 0.98.1
(OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
2014-03-13T14:31:58.079708+01:00 av-02 clamd[509]: Running as user
clamav (UID 498, GID 496)
2014-03-13T14:31:58.079734+01:00 av-02 clamd[509]: Log file size
limited to 4294967295 bytes.
2014-03-13T14:31:58.079804+01:00 av-02 clamd[509]: Reading databases
from /var/clamav
2014-03-13T14:31:58.079833+01:00 av-02 clamd[509]: Not loading PUA signatures.
2014-03-13T14:31:58.079886+01:00 av-02 clamd[509]: Bytecode: Security
mode set to "TrustSigned".
2014-03-13T14:32:05.136443+01:00 av-02 clamd[509]: Loaded 3813577 signatures.
2014-03-13T14:32:05.860904+01:00 av-02 clamd[509]: TCP: Bound to port 3310
2014-03-13T14:32:05.860961+01:00 av-02 clamd[509]: TCP: Setting
connection queue length to 30
2014-03-13T14:32:05.861034+01:00 av-02 clamd[509]: LOCAL: Unix socket
file /var/run/clamav/clamd.sock
2014-03-13T14:32:05.861098+01:00 av-02 clamd[509]: LOCAL: Setting
connection queue length to 30
2014-03-13T14:32:05.865687+01:00 av-02 clamd[545]: Limits: Global size
limit set to 104857600 bytes.
2014-03-13T14:32:05.865822+01:00 av-02 clamd[545]: Limits: File size
limit set to 26214400 bytes.
2014-03-13T14:32:05.865889+01:00 av-02 clamd[545]: Limits: Recursion
level limit set to 16.
2014-03-13T14:32:05.865945+01:00 av-02 clamd[545]: Limits: Files limit
set to 10000.
2014-03-13T14:32:05.866004+01:00 av-02 clamd[545]: Limits:
MaxEmbeddedPE limit set to 10485760 bytes.
2014-03-13T14:32:05.866058+01:00 av-02 clamd[545]: Limits:
MaxHTMLNormalize limit set to 10485760 bytes.
2014-03-13T14:32:05.866151+01:00 av-02 clamd[545]: Limits:
MaxHTMLNoTags limit set to 2097152 bytes.
2014-03-13T14:32:05.866211+01:00 av-02 clamd[545]: Limits:
MaxScriptNormalize limit set to 5242880 bytes.
2014-03-13T14:32:05.866267+01:00 av-02 clamd[545]: Limits:
MaxZipTypeRcg limit set to 1048576 bytes.
2014-03-13T14:32:05.866319+01:00 av-02 clamd[545]: Archive support enabled.
2014-03-13T14:32:05.866375+01:00 av-02 clamd[545]: Algorithmic
detection enabled.
2014-03-13T14:32:05.866427+01:00 av-02 clamd[545]: Portable Executable
support enabled.
2014-03-13T14:32:05.866492+01:00 av-02 clamd[545]: ELF support enabled.
2014-03-13T14:32:05.866548+01:00 av-02 clamd[545]: Mail files support enabled.
2014-03-13T14:32:05.866603+01:00 av-02 clamd[545]: OLE2 support enabled.
2014-03-13T14:32:05.866657+01:00 av-02 clamd[545]: PDF support enabled.
2014-03-13T14:32:05.866711+01:00 av-02 clamd[545]: SWF support enabled.
2014-03-13T14:32:05.866764+01:00 av-02 clamd[545]: HTML support enabled.
2014-03-13T14:32:05.866822+01:00 av-02 clamd[545]: Self checking every
600 seconds.
2014-03-13T14:32:06.058743+01:00 av-02 clamav-milter[8159]: ClamAV,
mi_rd_cmd: read returned -1: Connection reset by peer
2014-03-13T14:33:01.992797+01:00 av-01 freshclam[11136]: ClamAV update
process started at Thu Mar 13 14:33:01 2014
2014-03-13T14:33:01.994906+01:00 av-01 freshclam[11136]: main.cld is
up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
2014-03-13T14:33:01.994994+01:00 av-01 freshclam[11136]: daily.cld is
up to date (version: 18586, sigs: 818381, f-level: 63, builder: neo)
2014-03-13T14:33:01.995106+01:00 av-01 freshclam[11136]: bytecode.cld
is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
2014-03-13T14:35:06.385126+01:00 av-01 clamav-milter[30560]: ClamAV,
mi_rd_cmd: read returned -1: Connection reset by peer
2014-03-13T14:36:10.644883+01:00 av-02 clamd[545]:
instream(158.102.109.84 at 47719): Sanesecurity.Spam.10995.UNOFFICIAL FOUND
2014-03-13T14:38:14.850213+01:00 av-01 clamav-milter[30560]: ClamAV,
mi_rd_cmd: read returned -1: Connection reset by peer
My questions are:
Why do I see the "Connection reset by peer" notice?
Is there something I can do to avoid that notice?
Thanks a lot
Marco
More information about the clamav-users
mailing list