HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Weird issue with clamav and ISPConfig 2.2.23 (http://www.howtoforge.com/forums/showthread.php?t=22704)

Norman 25th April 2008 08:38

Weird issue with clamav and ISPConfig 2.2.23
 
Ok. So I upgraded to the latest version of ISPConfig.
This had the effect that customers with tiny quotas and antivirus scan activated risk getting their diskspace full.

First of all. The first problem report was when I got bounces when I sent mail to a customer.

Code:

This is the mail system at host somesystem.xh.se.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<big124_username@somesystem.xh.se> (expanded from <username@custdomain.ext>):
    can't create user output file. Command output: /bin/cat: write error: Disk
    quota exceeded procmail: Program failure (1) of
    "/home/admispconfig/ispconfig/tools/clamav/bin/clamassassin" procmail:
    Rescue of unfiltered data succeeded [760] warn: bayes: bayes db version 0
    is not able to be used, aborting! at
    /home/admispconfig/ispconfig/tools/spamassassin/usr/share/perl/5.8.8/Mail/SpamAssassin/BayesStore/DBM.pm
    line 196. [760] warn: bayes: bayes db version 0 is not able to be used,
    aborting! at
    /home/admispconfig/ispconfig/tools/spamassassin/usr/share/perl/5.8.8/Mail/SpamAssassin/BayesStore/DBM.pm
    line 196. procmail: Quota exceeded while writing
    "/var/www/web124/Maildir/tmp/1209102960.747_0.somesystem.xh.se"

I checked the user and had his quota increased. Just to find out that it rapidly filled his quota space on disk.
With a quota of 100MB he was using 99MB but only 14MB was used under his /var/www/web124 directory .

A quick find / -name big124_username turned up a lot of clamav directories under /tmp

Turns out that when his initial quotaspace was small the clamav directory filled his quota on disk since clamav writes as the user of the recipient.

(Potential DoS - just send lots of big mails to be scanned)

The CLAMAV process fills his quotaspace and procmail is unable to deliver the files. So it just builds up more and more files under /tmp for clamav.

Any solution to this issue other than increasing quota of users where they dont risk getting filled up on clamav directories of antivirus scans?

I've manually removed clamav directories out of /tmp

Another problem is that postfix reports with a non quota full message and doesnt give correct smtp codes for quota full since it's later on in the pipeline of delivery.

till 25th April 2008 10:12

Thats a bug in ClamAV since 0.90. Instead of using the central token database clamav downlodas a new copy of the datbase and forgets to delete his temp files from time to time when the quota is not large enough.

The solution is to use clamd instead of clamscan:

http://www.howtoforge.com/forums/sho...=clamav+daemon


All times are GMT +2. The time now is 22:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.