Clamav replacement for FreeBSD+postfix?

Eric Anderson anderson at freebsd.org
Thu Feb 15 18:44:31 UTC 2007 

On 02/15/07 12:12, Francisco Reyes wrote:
> Oliver Brandmueller writes:
> 
>> We're using clamav (clamd, together with exim) in our setup. Our setup 
>> consisting of currently four servers assigned to this task is processing 
>> around one million deliveries per day, around 3.5 million rejects in the 
> 
> :-)
> You get less spam than we do.
> We also get around 4 Million emails per day, but only about 500K are 
> accepted. (last I checked.. may be more volume now)
> 
> 
>> clamd processes, but for several months this setup is quite stable now. 
> 
> I had one machine that had been stable for months. Yesterday it just simply 
> stopped working. Upgraded to the latest clamav. Even worse. Copied another 
> version (older) from another machine. Working again.
> 
>> We're using FreeBSD 6, amd64. Servers have 4 GB of RAM, we needed to 
> 
> We are using FreeBSD 6 i386.
> Do you see better perfomance on the amd64 branch for this type of work?
> 
>> tune a bit in the config files of clamd so that it's leveld fine with 
>> our load.
> 
> Hm.. that config file is not that big. What variables did you set that were 
> helpfull? In particular no matter what I do I never see more than 4 threads 
> running.
> 
>>  Also we use it successfully with libthr instead of libpthred 
>> (through libmap.conf).
> 
> What was the procedure for that? Any pointers to docs appreciated.
> I am looking at /etc/libmap.conf, is it just an entry there?
> Wouldn't that be global? So all programs in the machine will use libthr 
> instead of libpthred?
> 
>> At least for a recent 6-STABLE, recent clamav and the given configs I 
>> cannot agree with you on missing stability.
> 
> Only thing I have not tried is amd64 and libthr.
> 
> However I am wondering if a process based virus scanner exists.
> Going over ports I see a handfull of virus scanners. I guess I will have to 
> setup a test machine and try them.
> 
> I suspsect the issue is FreeBSD's thread support, so your suggested thread 
> library  change may help until we find a process based antivirus (if there 
> is one that works well with FreeBSD). 

You can specify a lib mapping for a particular tool.  See libmap.conf(5) 
- here's the EXAMPLES section:


EXAMPLES
      # /etc/libmap.conf
      #
      # candidate             mapping
      #
      libc_r.so.6             libpthread.so.2 # Everything that uses 
'libc_r'
      libc_r.so               libpthread.so   # now uses 'libpthread'

      [/tmp/mplayer]          # Test version of mplayer uses libc_r
      libpthread.so.2         libc_r.so.6
      libpthread.so           libc_r.so

      [/usr/local/jdk1.4.1/]  # All Java 1.4.1 programs use libthr
                              # This works because "javavms" executes
                              # programs with the full pathname
      libpthread.so.2         libthr.so.2
      libpthread.so           libthr.so

      # Glue for Linux-only EPSON printer .so to be loaded into cups, etc.
      [/usr/local/lib/pips/libsc80c.so]
      libc.so.6               pluginwrapper/pips.so
      libdl.so.2              pluginwrapper/pips.so



Eric

More information about the freebsd-isp mailing list