ok I can reproduce, this occurs when you use the smtp of the server and you send an email that needs to be scanned by clamav (gets an attachment), if the email cannot be scanned by clamav then the smtp rejects it, you gets the error and you cannot send the email
The question now is, does your server is under load, or not, because normally the db reload occurs about by 4 hours time slot (something like this)
question you can find how time you failed
this is for example the number of time I failed to scan
FORCE_ACTION_CLAM_VIRUS_FAIL avg. weight 1.000, hits 33(1.818%):
Ham 81.818%, 27/1170 ( 2.308%)
Spam 6.061%, 2/244 ( 0.820%)
Junk 12.121%, 4/401 ( 0.998%)
Spam changes (ham/junk -> spam): 0/33 ( 0.000%)
Spam changes / total spam hits: 0/244 ( 0.000%)
Junk changes (ham -> junk): 2/33 ( 6.061%)
Junk changes / total junk hits: 2/401 ( 0.499%)
--------------------------------------------------------------------------------
how to find
rspamd_stats </var/log/maillog | less
then sort in less by CLAM_VIRUS_FAIL
you could find other interesting stats by
rspamc stat
for the record, we could disabled the outbound spam check for authenticated users, but my concern is if an authenticated user then send back an email with a virus (I tested with eicar) to an internal user or an external user 
authenticated {
priority = high;
authenticated = yes;
apply {
groups_disabled = ["antivirus"];
}
Should not be an option…
Or antivirus is enabled (and should check every message) or antivirus is disabled (so is Sysadmin concern manage risks and alternatives).
CLAMAV of course is not the best antivirus on the market but… it’s a start.
Yes I agree to not differentiate SMTP scan policies on authentication basis.
@xcod you could try @stephdl’s group_disabled workaround but I’d like to understand if this behavior originates from a performance issue. Maybe clamav takes too long to reload on your server and users hit the soft reject too frequently…
We could increase timeouts anyway. @stephdl do you think it’s possible?
yes it is possible, see the rate_limit in my first post
Has any sense have the capability to customize from Cockpit the timeout?
To internal and to external
an error occurs in both cases.
Also, the same error occurs when sending
from external users (another domain) to my users(in my server).
nethserver
sorry to bother you (we are devs) we need the full maillog to state, send it at stephdl (at) de-labrusse.fr
sent
subj: mail log
nothing 
edit in spam
what is your clam configuration please
ll /etc/clamd.d/
I can see you ping the clamav database every ten minutes, it is more often than me, and your server takes 45s to 1 minute to reload
For what I understand the timeout for task is only for the task_timeout of the worker-normal and we do not use it because we are on self-scan mode
with the worker-proxy the timeout is set to 120s, we could try something experimental on your server, and you could come back in few days to report please
add inside the clamav bracket in /etc/rspamd/local.d/antivirus.conf (it is a template)
clamav {
...
timeout = 15.0;
retransmits = 4;
...
}
then systemctl restart rspamd
cc @davidep
obviously if you save something in the filter panel, your changes will be removed
ll /etc/clamd.d/
-rw-r–r-- 1 root root 546 Oct 18 2018 amavisd.conf
-rw-r–r-- 1 root root 584 May 15 20:58 rspamd.conf
-rw-r–r-- 1 root root 23654 Mar 28 06:57 scan.conf
I do not have it on my server
rpm -qf /etc/clamd.d/amavisd.conf
rpm -qf /etc/clamd.d/amavisd.conf
amavisd-new-2.11.1-1.el7.noarch
ok you installed the old email stack, then you have migrated to rspamd ?
yes
yes
I would go to my trick, I bet we need it everywhere, maybe we could state on something like timout=10;retransmit=5
but what about to remove amavisd-new, maybe you could remove the 10 minutes setting to ping if the database must be reloaded, it could help
cc @davidep
I did.
I will watch it!