James at kyzo
Aug 27, 2003, 7:54 AM
Post #3 of 4
Thanks for the libclam SEGV fix. I haven't tried it, yet, but I will.
In the meantime, I have gone through our e-mail archives, which date
back to 2001. We have about 81,000 e-mails archived in total and so I
thought I'd run Clam against them all to see if I could find any others
that could make it crash.
There was - just one other. I have attached it (password "virus"). It
looks a lot like the first one that made libclam crash, in that it is an
attachment of an attachment, so I would expect the previous fix also
fixes this one.
The next thing I want to get onto is the memory leaking. "clamd" leaks
like mad, so I will try and pick out which messages make it leak worse
than others and put together a zip of them, if that would be helpful.
Here's an example of it scanning the messages for the last few days (the
two numbers are clamd's VSZ and RSS, respectively. As you can see the
number are just rising and rising. At the point the system ran out of
swap I would have to re-start "clamd"... (the "OK" means it hasn't crashed)!
Start - 7800 6980
./2003/08/16 - OK - 9260 8040
./2003/08/17 - OK - 14772 12936
./2003/08/18 - OK - 22168 19216
./2003/08/19 - OK - 23128 19224
./2003/08/20 - OK - 24348 19224
./2003/08/21 - OK - 30988 21948
./2003/08/22 - OK - 32040 21948
./2003/08/23 - OK - 32960 21948
./2003/08/24 - OK - 33472 21948
./2003/08/25 - OK - 34260 21948
./2003/08/26 - OK - 35184 21948
./2003/08/27 - OK - 35788 22076
What's interesting, is that some day's archives are obviously causing it
to leak more memory than others. Hence I want to investigate it further
and try and identify specific messages that cause a leak.
(FYI: the archives are directories full of EML files, logged by a
logging milter. I then use a bash script to feed them into "clamdscan"
to scan each file individually).
What's the plan on making a new release? 0.60 isn't really usable, but
20030720 is pretty good and would be even better if it included the new
SEGV fix, I assume 20030806 is as good. There was talk of a new version
soon after the transition to SourceForge ?