[Mimedefang] clamd memory leak?
Kelsey Cummings
kgc at sonic.net
Fri Apr 16 23:24:04 EDT 2004
On Fri, Apr 16, 2004 at 07:07:01PM -0700, Jeffrey Goldberg wrote:
> On Fri, 16 Apr 2004, Kelsey Cummings wrote:
>
> > There are some outside cases where a 4mb message can make some versions of
> > clamd consume >gigs< of RAM. It's also decompressing files into RAM so a
> > 50 MB message that's compressed 2:1 will take at least 100MB of RAM. Add
> > to this the overhead for the scanner's structures and recursion it could
> > take a great deal more. Clamd can be DoS'd pretty easily right now. You
> > may want to consider tuning it, running something later than .70rc, running
> > it under ulimits and adding as much RAM to the server as you can afford or
> > will fit.
>
> I suspect that what can be done to Clamav can be done to others as well.
That's probably true but clamd has insane memory requirements for
processing deeply nested mime messages. (See the thread about this for
more information. David's hinted that he might patch the MIME module so
you can retrieve and nesting depth from it easily which could be used to
block excessively deep messages in MD.)
What we do is run clamd in foreground mode inside of a service loop that
set's ulimits on the process. This also keeps clamd running, which it
doesn't always like to do on it's own.
#!/bin/sh
ulmit blah
while [ 1 ]
do
clamd
sleep 1
done
For all of it's problems, clamd has been a life saver.
--
Kelsey Cummings - kgc at sonic.net sonic.net, inc.
System Administrator 2260 Apollo Way
707.522.1000 (Voice) Santa Rosa, CA 95407
707.547.2199 (Fax) http://www.sonic.net/
Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896
More information about the MIMEDefang
mailing list