Clamav failed to scan email with an attachment in email

I tested myself with a very very complex command to send an email, and I succeeded

kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5;kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5; kill -USR2 `cat /var/run/clamd@rspamd/clamav.pid`; sleep 5

then send an email with attachment during the command is executed in your terminal

me too
but I think I will still need to watch other users :grinning:

1 Like

thank a lot for your willingness and your patience

no problem
thank you for you work :grinning:

we would like to test something before to increase the timout and retransmits

each ten minutes you ping the clamav database and if one signature is new, then you reload the database. During 45s to 60s your server will soft reject email with attachment of your user and remote user.

In short during 10% of time your server is unable to scan email due to the database reload

To compare, I reload the database between two or four hours.

so first

systemctl status amavisd

We would like you remove amavisd-new

yum remove amavisd-new spamassassin

then check in your maillog if clamd reload each ten minutes the database, obviously it should be better to remove the trick you did in the antivirus.conf

1 Like

never mind I got the same :’)

Every ten minute I check if the database must be reloaded, so the fix we want to test is to stay the timout to 5 second but try to retransmits 10 times

1 Like

ок :grinning:

on friday i added in /etc/rspamd/local.d/antivirus.conf

clamav {

timeout = 15.0;
retransmits = 4;

}

and so far I don’t see “Soft reject”’

2 Likes

Wait when your users will send email

My users work around the clock.
No weekends and holidays.:grinning:

1 Like

We will patch soon officially with these values

1 Like

ok
i manually change it to

and will watch for rspamd

released as version 2.6.4, timeout=13s and retransmits=4x

if you just modify the file manually, the template will be overwritten by our settings

2 Likes

Hi! :grinning:
Thank you for your work!
A few days im not see “Soft Reject”.

2 Likes

how you users are complaining now @xcod, we have a ticket about some users that need to wait before to send emails

thank
my users no longer complain :grinning:

we will change the behaviour, we think your users won’t be impacted.

We want to keep the soft reject for external/remote smtp, so after 2 attempts of 5 seconds we soft reject the email if clamav is not reachable

For authenticated users via the server smtp, we try to contact clamav, if clamav does not answer during the default time, then we add the symbol of clamav failure scan, but we do not soft reject the email.

In short the human sender is complaining to wait at worse 53 seconds to send an email, but the machine doesn’t really care to wait

cc @filippo_carletti @davidep

1 Like