[clamav-users] clamav-milter: ClamAV, mi_rd_cmd: read returned -1: Connection reset by peer

Marco falon at ruparpiemonte.it
Fri Mar 14 04:22:48 EDT 2014


Dear ClamAV users,

  I have a boring problem with my clamav installation. Frequently  
(twice on a minute) I see this message in clamav log:

clamav-milter[30560]: ClamAV, mi_rd_cmd: read returned -1: Connection  
reset by peer

There are no any other warning or error messages.

I installed ClamAV-milter and clamd on a server that is TCP connected  
to many Postfix servers configured as follow:

smtpd_milters = inet:example.com:7357
milter_default_action = accept

The clamav-milter conf on example.com is:

MilterSocket inet:7357
ClamdSocket unix:/var/run/clamav/clamd.sock
ClamdSocket tcp:example2.com
OnInfected Reject
OnFail Accept
SupportMultipleRecipients yes

The clamd confs are:
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
LogFacility LOG_LOCAL1
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
MaxConnectionQueueLength 30
MaxThreads 50
User clamav
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no


I also see that after few days clamav-milter eat a lot of memory (2GB):

8159:   clamav-milter --config-file=/etc/clamav-milter.conf
Address           Kbytes     RSS   Dirty Mode   Mapping
0000000000400000     156      80       0 r-x--  clamav-milter
0000000000627000       4       4       4 rw---  clamav-milter
0000000000628000       4       4       4 rw---    [ anon ]
0000000000827000       8       0       0 rw---  clamav-milter
00000000016ec000     132      44      44 rw---    [ anon ]
000000000170d000      84      60      60 rw---    [ anon ]
000000321ba00000     128      92       0 r-x--  ld-2.12.so
000000321bc1f000       4       4       4 r----  ld-2.12.so
000000321bc20000       4       4       4 rw---  ld-2.12.so
000000321bc21000       4       0       0 rw---    [ anon ]
000000321be00000       8       4       0 r-x--  libdl-2.12.so
000000321be02000    2048       0       0 -----  libdl-2.12.so
000000321c002000       4       0       0 r----  libdl-2.12.so
000000321c003000       4       0       0 rw---  libdl-2.12.so
000000321c200000    1628     524       0 r-x--  libc-2.12.so
000000321c397000    2048       0       0 -----  libc-2.12.so
000000321c597000      16      16       4 r----  libc-2.12.so
000000321c59b000       4       4       4 rw---  libc-2.12.so
000000321c59c000      20      16      16 rw---    [ anon ]
000000321c600000      92      72       0 r-x--  libpthread-2.12.so
000000321c617000    2044       0       0 -----  libpthread-2.12.so
000000321c816000       4       4       4 r----  libpthread-2.12.so
000000321c817000       4       4       4 rw---  libpthread-2.12.so
000000321c818000      16       4       4 rw---    [ anon ]
000000321de00000      88      56       0 r-x--  libresolv-2.12.so
000000321de16000    2048       0       0 -----  libresolv-2.12.so
000000321e016000       4       0       0 r----  libresolv-2.12.so
000000321e017000       4       0       0 rw---  libresolv-2.12.so
000000321e018000       8       0       0 rw---    [ anon ]
0000003c16200000      52      28       0 r-x--  libmilter.so.1.0.1
0000003c1620d000    2044       0       0 -----  libmilter.so.1.0.1
0000003c1640c000       4       4       4 rw---  libmilter.so.1.0.1
0000003c1640d000      12       0       0 rw---    [ anon ]
00007fead8000000   33324   31880   31880 rw---    [ anon ]
00007feada08b000   32212       0       0 -----    [ anon ]
00007feae0000000   65504   63024   63020 rw---    [ anon ]
00007feae3ff8000      32       0       0 -----    [ anon ]
00007feae4000000   65520   63436   63436 rw---    [ anon ]
00007feae7ffc000      16       0       0 -----    [ anon ]
00007feae8000000   65524   46000   45984 rw---    [ anon ]
00007feaebffd000      12       0       0 -----    [ anon ]
00007feaec000000   65504   61824   61792 rw---    [ anon ]
00007feaefff8000      32       0       0 -----    [ anon ]
00007feaf0000000   65536   59860   59856 rw---    [ anon ]
00007feaf8000000   65500   59196   59136 rw---    [ anon ]
00007feafbff7000      36       0       0 -----    [ anon ]
00007feafc000000   65528   58772   58732 rw---    [ anon ]
00007feaffffe000       8       0       0 -----    [ anon ]
00007feb00000000  131072  100636  100584 rw---    [ anon ]
00007feb08000000   65516   52380   52320 rw---    [ anon ]
00007feb0bffb000      20       0       0 -----    [ anon ]
00007feb10000000   65516   33068   33056 rw---    [ anon ]
00007feb13ffb000      20       0       0 -----    [ anon ]
00007feb14000000   65492   63448   63436 rw---    [ anon ]
00007feb17ff5000      44       0       0 -----    [ anon ]
00007feb18000000   65532   52092   52084 rw---    [ anon ]
00007feb1bfff000       4       0       0 -----    [ anon ]
00007feb1c000000   65528   52480   52452 rw---    [ anon ]
00007feb1fffe000       8       0       0 -----    [ anon ]
00007feb20000000   65528   21084   21072 rw---    [ anon ]
00007feb23ffe000       8       0       0 -----    [ anon ]
00007feb24000000   65536   46176   46164 rw---    [ anon ]
00007feb28000000   65520   14692   14676 rw---    [ anon ]
00007feb2bffc000      16       0       0 -----    [ anon ]
00007feb2c000000   65516    2824    2816 rw---    [ anon ]
00007feb2fffb000      20       0       0 -----    [ anon ]
00007feb30000000  131052   57596   57576 rw---    [ anon ]
00007feb37ffb000      20       0       0 -----    [ anon ]
00007feb38000000   65532   61508   61496 rw---    [ anon ]
00007feb3bfff000       4       0       0 -----    [ anon ]
00007feb40000000   65532   47164   47152 rw---    [ anon ]
00007feb43fff000       4       0       0 -----    [ anon ]
00007feb44000000   65508   63704   63692 rw---    [ anon ]
00007feb47ff9000      28       0       0 -----    [ anon ]
00007feb48000000   65536   63496   63496 rw---    [ anon ]
00007feb50000000   65536   65536   65536 rw---    [ anon ]
00007feb58000000   65516   43068   43068 rw---    [ anon ]
00007feb5bffb000      20       0       0 -----    [ anon ]
00007feb5c000000   65536   65536   65536 rw---    [ anon ]
00007feb60000000   65520   63568   63548 rw---    [ anon ]
00007feb63ffc000      16       0       0 -----    [ anon ]
00007feb64000000   65524   53268   53268 rw---    [ anon ]
00007feb67ffd000      12       0       0 -----    [ anon ]
00007feb68000000  131016   88152   88132 rw---    [ anon ]
00007feb6fff2000      56       0       0 -----    [ anon ]
00007feb70000000  131044  121120  121080 rw---    [ anon ]
00007feb77ff9000      28       0       0 -----    [ anon ]
00007feb78000000   65528   63532   63532 rw---    [ anon ]
00007feb7bffe000       8       0       0 -----    [ anon ]
00007feb80000000   65504   22652   22628 rw---    [ anon ]
00007feb83ff8000      32       0       0 -----    [ anon ]
00007feb88000000   65508   61552   61548 rw---    [ anon ]
00007feb8bff9000      28       0       0 -----    [ anon ]
00007feb90000000   65528   55408   55404 rw---    [ anon ]
00007feb93ffe000       8       0       0 -----    [ anon ]
00007feb94000000  131036   37008   37000 rw---    [ anon ]
00007feb9bff7000      36       0       0 -----    [ anon ]
00007feb9c000000  131072   34960   34936 rw---    [ anon ]
00007feba4000000   65536   65536   65536 rw---    [ anon ]
00007feba8000000     140       8       8 rw---    [ anon ]
00007feba8023000   65396       0       0 -----    [ anon ]
00007febac000000     620      12      12 rw---    [ anon ]
00007febac09b000   64916       0       0 -----    [ anon ]
00007febb0000000     320       4       4 rw---    [ anon ]
00007febb0050000   65216       0       0 -----    [ anon ]
00007febb4000000     348       0       0 rw---    [ anon ]
00007febb4057000   65188       0       0 -----    [ anon ]
00007febb8000000     328       0       0 rw---    [ anon ]
00007febb8052000   65208       0       0 -----    [ anon ]
00007febbd7fc000       4       0       0 -----    [ anon ]
00007febbd7fd000   10240       8       8 rw---    [ anon ]
00007febbe1fd000       4       0       0 -----    [ anon ]
00007febbe1fe000   10240       8       8 rw---    [ anon ]
00007febc0000000     308       4       4 rw---    [ anon ]
00007febc004d000   65228       0       0 -----    [ anon ]
00007febc4000000     504       8       8 rw---    [ anon ]
00007febc407e000   65032       0       0 -----    [ anon ]
00007febc8000000     300       0       0 rw---    [ anon ]
00007febc804b000   65236       0       0 -----    [ anon ]
00007febcc000000     524       4       4 rw---    [ anon ]
00007febcc083000   65012       0       0 -----    [ anon ]
00007febd0000000     192       0       0 rw---    [ anon ]
00007febd0030000   65344       0       0 -----    [ anon ]
00007febd4000000     516       8       8 rw---    [ anon ]
00007febd4081000   65020       0       0 -----    [ anon ]
00007febd8000000     432       4       4 rw---    [ anon ]
00007febd806c000   65104       0       0 -----    [ anon ]
00007febdc000000     364       8       8 rw---    [ anon ]
00007febdc05b000   65172       0       0 -----    [ anon ]
00007febe03fa000       4       0       0 -----    [ anon ]
00007febe03fb000   10240       8       8 rw---    [ anon ]
00007febe0dfb000       4       0       0 -----    [ anon ]
00007febe0dfc000   10240       8       8 rw---    [ anon ]
00007febe17fc000       4       0       0 -----    [ anon ]
00007febe17fd000   10240       8       8 rw---    [ anon ]
00007febe21fd000       4       0       0 -----    [ anon ]
00007febe21fe000   10240       8       8 rw---    [ anon ]
00007febe35ff000       4       0       0 -----    [ anon ]
00007febe3600000   10240      24      24 rw---    [ anon ]
00007febe4000000     132       4       4 rw---    [ anon ]
00007febe4021000   65404       0       0 -----    [ anon ]
00007febe8241000       4       0       0 -----    [ anon ]
00007febe8242000   10240       8       8 rw---    [ anon ]
00007febe9643000       4       0       0 -----    [ anon ]
00007febe9644000   10240       4       4 rw---    [ anon ]
00007febea044000       4       0       0 -----    [ anon ]
00007febea045000   10240       4       4 rw---    [ anon ]
00007febeaa45000       4       0       0 -----    [ anon ]
00007febeaa46000   10240       8       8 rw---    [ anon ]
00007febeb446000      20      12       0 r-x--  libnss_dns-2.12.so
00007febeb44b000    2044       0       0 -----  libnss_dns-2.12.so
00007febeb64a000       4       0       0 r----  libnss_dns-2.12.so
00007febeb64b000       4       0       0 rw---  libnss_dns-2.12.so
00007febeb64c000      48      24       0 r-x--  libnss_files-2.12.so
00007febeb658000    2048       0       0 -----  libnss_files-2.12.so
00007febeb858000       4       0       0 r----  libnss_files-2.12.so
00007febeb859000       4       0       0 rw---  libnss_files-2.12.so
00007febeb85a000      16      12      12 rw---    [ anon ]
00007febeb86e000       4       4       4 rw---    [ anon ]
00007febeb86f000       4       0       0 rw---    [ anon ]
00007fff6d502000      84       8       8 rw---    [ stack ]
00007fff6d5ff000       4       4       0 r-x--    [ anon ]
ffffffffff600000       4       0       0 r-x--    [ anon ]
----------------  ------  ------  ------
total kB         3865260 2018488 2017004


Finally this is the clamd start log:
2014-03-13T14:31:58.079658+01:00 av-02 clamd[509]: clamd daemon 0.98.1  
(OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
2014-03-13T14:31:58.079708+01:00 av-02 clamd[509]: Running as user  
clamav (UID 498, GID 496)
2014-03-13T14:31:58.079734+01:00 av-02 clamd[509]: Log file size  
limited to 4294967295 bytes.
2014-03-13T14:31:58.079804+01:00 av-02 clamd[509]: Reading databases  
from /var/clamav
2014-03-13T14:31:58.079833+01:00 av-02 clamd[509]: Not loading PUA signatures.
2014-03-13T14:31:58.079886+01:00 av-02 clamd[509]: Bytecode: Security  
mode set to "TrustSigned".
2014-03-13T14:32:05.136443+01:00 av-02 clamd[509]: Loaded 3813577 signatures.
2014-03-13T14:32:05.860904+01:00 av-02 clamd[509]: TCP: Bound to port 3310
2014-03-13T14:32:05.860961+01:00 av-02 clamd[509]: TCP: Setting  
connection queue length to 30
2014-03-13T14:32:05.861034+01:00 av-02 clamd[509]: LOCAL: Unix socket  
file /var/run/clamav/clamd.sock
2014-03-13T14:32:05.861098+01:00 av-02 clamd[509]: LOCAL: Setting  
connection queue length to 30
2014-03-13T14:32:05.865687+01:00 av-02 clamd[545]: Limits: Global size  
limit set to 104857600 bytes.
2014-03-13T14:32:05.865822+01:00 av-02 clamd[545]: Limits: File size  
limit set to 26214400 bytes.
2014-03-13T14:32:05.865889+01:00 av-02 clamd[545]: Limits: Recursion  
level limit set to 16.
2014-03-13T14:32:05.865945+01:00 av-02 clamd[545]: Limits: Files limit  
set to 10000.
2014-03-13T14:32:05.866004+01:00 av-02 clamd[545]: Limits:  
MaxEmbeddedPE limit set to 10485760 bytes.
2014-03-13T14:32:05.866058+01:00 av-02 clamd[545]: Limits:  
MaxHTMLNormalize limit set to 10485760 bytes.
2014-03-13T14:32:05.866151+01:00 av-02 clamd[545]: Limits:  
MaxHTMLNoTags limit set to 2097152 bytes.
2014-03-13T14:32:05.866211+01:00 av-02 clamd[545]: Limits:  
MaxScriptNormalize limit set to 5242880 bytes.
2014-03-13T14:32:05.866267+01:00 av-02 clamd[545]: Limits:  
MaxZipTypeRcg limit set to 1048576 bytes.
2014-03-13T14:32:05.866319+01:00 av-02 clamd[545]: Archive support enabled.
2014-03-13T14:32:05.866375+01:00 av-02 clamd[545]: Algorithmic  
detection enabled.
2014-03-13T14:32:05.866427+01:00 av-02 clamd[545]: Portable Executable  
support enabled.
2014-03-13T14:32:05.866492+01:00 av-02 clamd[545]: ELF support enabled.
2014-03-13T14:32:05.866548+01:00 av-02 clamd[545]: Mail files support enabled.
2014-03-13T14:32:05.866603+01:00 av-02 clamd[545]: OLE2 support enabled.
2014-03-13T14:32:05.866657+01:00 av-02 clamd[545]: PDF support enabled.
2014-03-13T14:32:05.866711+01:00 av-02 clamd[545]: SWF support enabled.
2014-03-13T14:32:05.866764+01:00 av-02 clamd[545]: HTML support enabled.
2014-03-13T14:32:05.866822+01:00 av-02 clamd[545]: Self checking every  
600 seconds.
2014-03-13T14:32:06.058743+01:00 av-02 clamav-milter[8159]: ClamAV,  
mi_rd_cmd: read returned -1: Connection reset by peer
2014-03-13T14:33:01.992797+01:00 av-01 freshclam[11136]: ClamAV update  
process started at Thu Mar 13 14:33:01 2014
2014-03-13T14:33:01.994906+01:00 av-01 freshclam[11136]: main.cld is  
up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
2014-03-13T14:33:01.994994+01:00 av-01 freshclam[11136]: daily.cld is  
up to date (version: 18586, sigs: 818381, f-level: 63, builder: neo)
2014-03-13T14:33:01.995106+01:00 av-01 freshclam[11136]: bytecode.cld  
is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
2014-03-13T14:35:06.385126+01:00 av-01 clamav-milter[30560]: ClamAV,  
mi_rd_cmd: read returned -1: Connection reset by peer
2014-03-13T14:36:10.644883+01:00 av-02 clamd[545]:  
instream(158.102.109.84 at 47719): Sanesecurity.Spam.10995.UNOFFICIAL FOUND
2014-03-13T14:38:14.850213+01:00 av-01 clamav-milter[30560]: ClamAV,  
mi_rd_cmd: read returned -1: Connection reset by peer

My questions are:

Why do I see the "Connection reset by peer" notice?
Is there something I can do to avoid that notice?

Thanks a lot
Marco





More information about the clamav-users mailing list