I’m not a big fan of virus-scanning on the mailservers (I think you should bolt your email-sending computers right down so that viruses and spambots can’t send email), but it seems to be a necessity these days. So, I was a bit late starting on mailserver-antivirus and mainly pay attention to it when it goes badly wrong. I’ve got clamav installed where needed, but recently I’m seeing clamav hang, eat CPU and cause postfix to defer all emails while logging nothing useful. Often this seems to be soon after freshclam kicks in. Anyone else seen this problem? Moreover, anyone managed to narrow it down and fix it?
On some systems, instead of having freshclam, we have clamav-data from volatile which seems to work better, but are they missing out on anything by doing that? Does it lag a bit behind and download a bit more?
Is there a third option, either another way of feeding clamav, or an alternative debian package, which you think people should consider?
I have that problem with clamav, but it dissapeared using volatile’s version for clamav, and not just for clamav-data
The same problem has been reported by several users of the SaneSecurity signatures (check the list archives: http://www.freelists.org/archives/sanesecurity).
Up to now the ClamAV developers were not able to reproduce the crash, but a bug report has been opened: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1370
Amavis is pretty good, block inbound .pif’s/exe’s etc and instead of miltering/scanning everything and hang clamav from that to scan the remainder of files you do allow through.
We have no issues with clamav in such a setup (lenny).