[clamav-users] clamav-milter: ClamAV, mi_rd_cmd: read returned -1: Connection reset by peer

G.W. Haywood clamav at jubileegroup.co.uk
Fri Mar 14 12:29:19 EDT 2014

Hi there,

On Fri, 14 Mar 2014, Marco wrote:

> ...
> clamav-milter[30560]: ClamAV, mi_rd_cmd: read returned -1: Connection 
> reset by peer
> ...
> I installed ClamAV-milter and clamd on a server that is TCP connected 
> to many Postfix servers ...

How many Postfix servers?  Do you know that your clamd server is
capable of sustaining the load from the many Postfix servers?

> ...
> Why do I see the "Connection reset by peer" notice?

Because you're a sensible chap who is reading his logs. :)  I
suspect that Postfix has some timeout that is being exceeded,
and perhaps that this is because the clamd server is busy, and
that this is why clamd's peer (which is the Postfix instance)
closes the connection after waiting for a response from clamd.

Have you checked the load on the clamd server?

> Is there something I can do to avoid that notice?

You could use syslog-ng, and tell it to send them to /dev/null. :)

My first concern would be to make sure that the systems can cope
with the load and that mail is flowing as it should.  Then I would
want to look in the Postfix logs for messages which relate to the
'Connection reset' messages in the clamd logs to find out what's
happening on the client (Postfix) servers.  I hope that you are
running ntpd on all the servers. :)

You could try increasing the Postfix timeout (if that is in fact the
cause of the issue) but I wonder if you might need a more powerful
clamd server.  Scanning for viruses can be processor intensive.



More information about the clamav-users mailing list