OT: Re: How many people to admin a Cyrus system?

Ian G Batten ian.batten at uk.fujitsu.com
Tue Nov 13 10:12:13 EST 2007

On 13 Nov 07, at 1335, Adam Tauno Williams wrote:

>> 3. Can't handle high load very well, in fact it handles load  
>> horribly.
> I have a friend who works at a small shop who reports exactly the same
> issue with Zimbra, s..ll...ooo..wwww...
>> 3) ClamAV.  Do note how much email I said we dealt with a minute.  We
>> didn't get a great deal of email.  Maybe 2000 email a day?  Not  
>> overly
>> much.  However as the ClamAV database would grow, if you restarted
>> ClamAV or Zimbra eventually it would take too long for ClamAV to  
>> start
>> and would not listen on the port assigned and would make mail fail to
>> deliver.  (Ouch huh?)
> In defense of CLAMAV I can say that we run it on our SMTP server  
> (not on
> the IMAP or groupware server which seems like a bad idea).  It works
> well and is pretty stable.  If your CLAMAV was causing you this  
> problem
> then Zimbra must have boloxed the setup or you just had a bad version.

Clamav-milter works very well for sendmail shops, without any amavis  
involvement at all.  The slow startup bug is an artefact of one  
particular release: it now comes up in about 15 seconds.  Once it's  
running it's perfectly rapid enough to cope with our complete  
internal load.    clamd-milter can do the parsing of archives,  
breaking up of MIME etc at least as well as amavisd.

If you don't have an equivalent to clamav-filter for your MTA of  
choice, then you need to make sure that you start clamd, and then  
pass the material to be scanned with clamdscan (note the d).  clamd  
will need to be running as a user that can read the temporary files,  
because the best way to use clamd is to pass filenames over the  
AF_UNIX domain socket.

We in fact run clamav-milter with its built-in clamd support, for  
reasons I can't offhand remember.  So we fire up clamd, then clamav- 
milter, then clamav-milter passes temporary files to clamd.

If you have to use amavisd, make sure you tell it to use clamdscan  
rather than clamscan.  The latter does indeed take 10 seconds to fire  

clamd likes large pages, Solaris fans.

Our milter startup script: there is some local stuff in there.


case "$1" in
start) mv /var/clamav/clamd.log /var/clamav/clamd.log.old
       newtask -p clam /usr/local/sbin/clamd
       while [ $attempt -lt 5 ]; do
          if /usr/local/bin/clamdscan /etc/termcap; then
             attempt=`expr $attempt + 1`
             sleep=`expr $sleep + 5`
             echo sleeping for $sleep seconds, attempt $attempt
             sleep $sleep

#      --postmaster=igb at ftel.co.uk \
#      --postmaster-only \

       newtask -p milter /usr/local/sbin/clamav-milter \
       --dont-blacklist=`/usr/local/bin/fujitsuhosts` \
       --noreject \
       --dont-wait \
       --local \
       --outgoing \
       --quiet \
       --external \
       --pidfile=/var/clamav/milter.pid \
       --whitelist-file=/etc/mail/clamav-whitelist \

       newtask -p spam /usr/perl5/bin/spamd -s local6 -u spamd -x -d  
       su spamd << \ZZZ
       newtask -p milter /usr/local/sbin/spamassassin_milter -p inet: 
2002 &
       newtask -p milter /usr/local/sbin/mailarchive -u archive -p  
       newtask -p milter /usr/local/sbin/spamtrap -u spamtrap -p inet: 

stop) for i in /var/clamav/milter.pid /var/run/spamd.pid; do
          test -f $i && kill `cat $i`
       pkill -u spamd
       pkill -u clamav
       pkill -u archive
       pkill -u spamtrap

More information about the Info-cyrus mailing list