Results 1 to 3 of 3

Thread: Amavisd spiking and mta not responding

  1. #1
    mailman.33's Avatar
    mailman.33 is offline Loyal Member
    Join Date
    Jun 2010
    Location
    India
    Posts
    82
    Rep Power
    5

    Exclamation Amavisd spiking and mta not responding

    I find this on my server.

    scenario : Used to get frequent load spikes on server, and Amavisd is the top consumer. Sometimes mta hangs and postfix goes wild, message gets queued, eventually zmmtactl had to be restarted.
    history : I am running 6.0.7, upgraded from 6.0.5
    findings :

    zmcontrol status shows all services running
    antispam Running
    antivirus Running
    convertd Running
    imapproxy Running
    ldap Running
    logger Running
    mailbox Running
    memcached Running
    mta Running
    snmp Running
    spell Running
    stats Running

    Checked logs simultaneously when load spikes and i found this from clamd.log
    -----------
    -> /opt/zimbra/data/amavisd/tmp/amavis-20100921T094036-20936/parts/p002: Trojan.Agent-171592 FOUND
    -> /opt/zimbra/data/amavisd/tmp/amavis-20100921T094036-20936/parts/p004: Trojan.Agent-171592 FOUND
    -> /opt/zimbra/data/amavisd/tmp/amavis-20100921T093929-19186/parts/p002: Trojan.Downloader-97250 FOUND
    -> /opt/zimbra/data/amavisd/tmp/amavis-20100921T094036-20936/parts/p002: Trojan.Downloader-97250 FOUND
    ----------

    I further gave this and found amavisd, antivirus and mtaconfigctl not running .. ?? weird
    Amavisd not working or what?
    ----
    [root@server]# /opt/zimbra/bin/zmantivirusctl status
    zmmtaconfigctl is not running
    zmamavisdctl is not running
    zmclamdctl is not running
    [root@server ]#
    ----
    or it shows only as zimbra user? su - zimbra?

    I am begining to wonder if my installation was broken. Did i miss something? was amavisd and antivirus not installed? I had no info about it on zmsetup.log.
    Last edited by mailman.33; 09-21-2010 at 01:15 AM.

  2. #2
    mailman.33's Avatar
    mailman.33 is offline Loyal Member
    Join Date
    Jun 2010
    Location
    India
    Posts
    82
    Rep Power
    5

    Default ??

    Can anyone tell me how amavisd works ?
    what measures should we take when clamd.log shows trojan found? How does amavisd prevent it?

    or normally is that an alert after precautionary measure from amavisd?

  3. #3
    mailman.33's Avatar
    mailman.33 is offline Loyal Member
    Join Date
    Jun 2010
    Location
    India
    Posts
    82
    Rep Power
    5

    Default

    gave a start to anitvirusctl and antivirus, mtaconfig, amavis and clamd were indeed running. seems i got messed with running as root user.

    I guess its part of zimbra quarantine process that clamd.log says trojan found. it reads from the db and after looking into zimbra.log, i can see those mails were discarded. But still thinking what could cause amavis to hang.

    * Confirmed, some mails with virus alerts, delivered to the account. Antivirus is missing something.
    Last edited by mailman.33; 09-21-2010 at 04:15 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •