Calls to ClamAV have failed many times
Problem reported by Scarab - 9/27/2019 at 10:14 AM
Submitted
SM Enterprise Build 7188 (apparently problem has been ongoing since installation of 7093). This is happening on our Incoming Gateways.

We are getting the following errors in the Delivery Log:

    Unable to run Clam virus checks: ClamAV timeout | error
    Unable to run Clam virus checks: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. | error
    Unable to run Clam virus checks: No connection could be made because the target machine actively refused it 127.0.0.1:3310 | error
    Calls to ClamAV have failed many times.  Restarting the clamd process... 

Eventually the MailService.exe hangs entirely and stops accepting all connections. The service cannot be stopped/restarted normally. The hung process has to be forcibly stopped with a "Taskkill /IM "MailService.exe" /F" cmd. Everything runs for a about 2.5-3 days with @ 15,000 of the above errors per day until the MailService.exe hangs and stops accepting all connections again. 

We get about 64,000 new connections, 150,000 blocked connections, and 20,000 emails per day on each Incoming Gateway that has Dual Xeon X5550 2.67Ghz (8 Cores, 16 Threads) with 16GB RAM running Win2012R2. 

Settings for ClamAV are set to Timeout: 30 seconds Failures Before Disable: 5 (we just bumped those up to 180 seconds and 15 in hopes that it might remedy our situation).

We just had MailService.exe hang for 17 hours and refusing all Incoming connections before our Zabbix alerts were finally triggered (apparently system messages from SmarterMail were still being sent so Zabbix continued to think that everything was fine). Other than scripting out MailService.exe being forcibly restarted daily, any ideas on how to handle this?

Reply to Thread