[clamav-users] DB update and clamav-milter delay

Joel Esler (jesler) jesler at cisco.com
Tue Sep 29 13:44:32 EDT 2015


On Sep 29, 2015, at 9:57 AM, Kris Deugau <kdeugau at vianet.ca<mailto:kdeugau at vianet.ca>> wrote:

Marco wrote:
Hello,

I installed clamd server (0.98.7) with clamav-milter using RPM of EPEL.

With this installation, after every freshclam update session, clamd is
forced to read the DB:

2015-09-29T09:12:41.244383+02:00 av1 clamd[15201]: Reading databases
from /var/lib/clamav
2015-09-29T09:13:14.950256+02:00 av2 clamav-milter[11957]: Failed to
stream to clamd
2015-09-29T09:13:14.950546+02:00 av2 clamav-milter[11957]: Streaming failed
2015-09-29T09:13:20.593439+02:00 av1 clamd[15201]: Database correctly
reloaded (5342538 signatures)

During this time clamav-milter have a trouble and the SMTP server
experiences a delay receiving the mail. On a frontend MSA SMTP server
this delay is a problem.

I would like to know if there is a better way to configure the DB
update, without interruption on service.

Short of a patch to clamd to not discard the existing in-memory
signature data while reloading fresh data (or somewhat more complex;
replace signatures one-by-one during a reload), you are stuck with clamd
not responding for 2-5 seconds with the stock signatures, and possibly
up to 30 seconds even on modern hardware if you're using a lot of
third-party signatures.

This seems to come up every couple of months at least and it's been this
way for quite a long time;  is there any upstream interest in fixing
clamd one way or another so it doesn't suffer this outage while
reloading signatures?



Don’t want to speak for the ClamAV team, but I’m sure they’d be welcome with ideas and feedback if you file a bug in the bugzilla system

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com


More information about the clamav-users mailing list