Weird issue with clamav and ISPConfig 2.2.23

Discussion in 'General' started by Norman, Apr 25, 2008.

  1. Norman

    Norman Member HowtoForge Supporter

    Ok. So I upgraded to the latest version of ISPConfig.
    This had the effect that customers with tiny quotas and antivirus scan activated risk getting their diskspace full.

    First of all. The first problem report was when I got bounces when I sent mail to a customer.

    This is the mail system at host
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    For further assistance, please send mail to postmaster.
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
                       The mail system
    <[email protected]> (expanded from <[email protected]>):
        can't create user output file. Command output: /bin/cat: write error: Disk
        quota exceeded procmail: Program failure (1) of
        "/home/admispconfig/ispconfig/tools/clamav/bin/clamassassin" procmail:
        Rescue of unfiltered data succeeded [760] warn: bayes: bayes db version 0
        is not able to be used, aborting! at
        line 196. [760] warn: bayes: bayes db version 0 is not able to be used,
        aborting! at
        line 196. procmail: Quota exceeded while writing
    I checked the user and had his quota increased. Just to find out that it rapidly filled his quota space on disk.
    With a quota of 100MB he was using 99MB but only 14MB was used under his /var/www/web124 directory .

    A quick find / -name big124_username turned up a lot of clamav directories under /tmp

    Turns out that when his initial quotaspace was small the clamav directory filled his quota on disk since clamav writes as the user of the recipient.

    (Potential DoS - just send lots of big mails to be scanned)

    The CLAMAV process fills his quotaspace and procmail is unable to deliver the files. So it just builds up more and more files under /tmp for clamav.

    Any solution to this issue other than increasing quota of users where they dont risk getting filled up on clamav directories of antivirus scans?

    I've manually removed clamav directories out of /tmp

    Another problem is that postfix reports with a non quota full message and doesnt give correct smtp codes for quota full since it's later on in the pipeline of delivery.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page