Clamav failed to scan email with an attachment in email

stephdl · May 24, 2019, 10:04am

I tested myself with a very very complex command to send an email, and I succeeded

kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5

then send an email with attachment during the command is executed in your terminal

xcod · May 24, 2019, 10:18am

me too
but I think I will still need to watch other users

stephdl · May 24, 2019, 10:19am

thank a lot for your willingness and your patience

xcod · May 24, 2019, 10:23am

no problem
thank you for you work

stephdl · May 24, 2019, 1:26pm

we would like to test something before to increase the timout and retransmits

each ten minutes you ping the clamav database and if one signature is new, then you reload the database. During 45s to 60s your server will soft reject email with attachment of your user and remote user.

In short during 10% of time your server is unable to scan email due to the database reload

To compare, I reload the database between two or four hours.

so first

systemctl status amavisd

We would like you remove amavisd-new

yum remove amavisd-new spamassassin

then check in your maillog if clamd reload each ten minutes the database, obviously it should be better to remove the trick you did in the antivirus.conf

stephdl · May 24, 2019, 4:34pm

never mind I got the same :')

Every ten minute I check if the database must be reloaded, so the fix we want to test is to stay the timout to 5 second but try to retransmits 10 times

xcod · May 27, 2019, 3:41am

ок

on friday i added in /etc/rspamd/local.d/antivirus.conf

clamav {
…
timeout = 15.0;
retransmits = 4;
…
}

and so far I don’t see “Soft reject”’

stephdl · May 27, 2019, 6:51am

Wait when your users will send email

xcod · May 27, 2019, 8:39am

My users work around the clock.
No weekends and holidays.

stephdl · May 27, 2019, 3:08pm

We will patch soon officially with these values

xcod · May 28, 2019, 4:00am

ok
i manually change it to

and will watch for rspamd

stephdl · May 29, 2019, 6:03pm

released as version 2.6.4, timeout=13s and retransmits=4x

if you just modify the file manually, the template will be overwritten by our settings

xcod · May 30, 2019, 4:00am

Hi!
Thank you for your work!
A few days im not see “Soft Reject”.

stephdl · June 7, 2019, 8:19am

how you users are complaining now @xcod, we have a ticket about some users that need to wait before to send emails

xcod · June 7, 2019, 10:36am

thank
my users no longer complain

stephdl · June 7, 2019, 10:45am

we will change the behaviour, we think your users won’t be impacted.

We want to keep the soft reject for external/remote smtp, so after 2 attempts of 5 seconds we soft reject the email if clamav is not reachable

For authenticated users via the server smtp, we try to contact clamav, if clamav does not answer during the default time, then we add the symbol of clamav failure scan, but we do not soft reject the email.

In short the human sender is complaining to wait at worse 53 seconds to send an email, but the machine doesn’t really care to wait

cc @filippo_carletti @davidep