From owner-freebsd-isp@FreeBSD.ORG  Thu Feb 15 18:44:31 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5388416A420
	for <freebsd-isp@freebsd.org>; Thu, 15 Feb 2007 18:44:31 +0000 (UTC)
	(envelope-from anderson@freebsd.org)
Received: from mh1.centtech.com (moat3.centtech.com [64.129.166.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 30C7213C4B4
	for <freebsd-isp@freebsd.org>; Thu, 15 Feb 2007 18:44:31 +0000 (UTC)
	(envelope-from anderson@freebsd.org)
Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220])
	by mh1.centtech.com (8.13.8/8.13.8) with ESMTP id l1FIRsGh080143;
	Thu, 15 Feb 2007 12:27:54 -0600 (CST)
	(envelope-from anderson@freebsd.org)
Message-ID: <45D4A62B.9030109@freebsd.org>
Date: Thu, 15 Feb 2007 12:27:55 -0600
From: Eric Anderson <anderson@freebsd.org>
User-Agent: Thunderbird 1.5.0.9 (X11/20070204)
MIME-Version: 1.0
To: Francisco Reyes <lists@stringsutils.com>
References: <cone.1171556679.453588.55347.1000@zoraida.natserv.net>	<20070215174129.GB20210@e-Gitt.NET>
	<cone.1171563142.426523.55347.1000@zoraida.natserv.net>
In-Reply-To: <cone.1171563142.426523.55347.1000@zoraida.natserv.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.88.4/2574/Thu Feb 15 10:10:18 2007 on
	mh1.centtech.com
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=8.0 tests=AWL,BAYES_00 autolearn=ham 
	version=3.1.6
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on mh1.centtech.com
Cc: FreeBSD ISP <freebsd-isp@freebsd.org>, Oliver Brandmueller <ob@e-Gitt.NET>
Subject: Re: Clamav replacement for FreeBSD+postfix?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2007 18:44:31 -0000

On 02/15/07 12:12, Francisco Reyes wrote:
> Oliver Brandmueller writes:
> 
>> We're using clamav (clamd, together with exim) in our setup. Our setup 
>> consisting of currently four servers assigned to this task is processing 
>> around one million deliveries per day, around 3.5 million rejects in the 
> 
> :-)
> You get less spam than we do.
> We also get around 4 Million emails per day, but only about 500K are 
> accepted. (last I checked.. may be more volume now)
> 
> 
>> clamd processes, but for several months this setup is quite stable now. 
> 
> I had one machine that had been stable for months. Yesterday it just simply 
> stopped working. Upgraded to the latest clamav. Even worse. Copied another 
> version (older) from another machine. Working again.
> 
>> We're using FreeBSD 6, amd64. Servers have 4 GB of RAM, we needed to 
> 
> We are using FreeBSD 6 i386.
> Do you see better perfomance on the amd64 branch for this type of work?
> 
>> tune a bit in the config files of clamd so that it's leveld fine with 
>> our load.
> 
> Hm.. that config file is not that big. What variables did you set that were 
> helpfull? In particular no matter what I do I never see more than 4 threads 
> running.
> 
>>  Also we use it successfully with libthr instead of libpthred 
>> (through libmap.conf).
> 
> What was the procedure for that? Any pointers to docs appreciated.
> I am looking at /etc/libmap.conf, is it just an entry there?
> Wouldn't that be global? So all programs in the machine will use libthr 
> instead of libpthred?
> 
>> At least for a recent 6-STABLE, recent clamav and the given configs I 
>> cannot agree with you on missing stability.
> 
> Only thing I have not tried is amd64 and libthr.
> 
> However I am wondering if a process based virus scanner exists.
> Going over ports I see a handfull of virus scanners. I guess I will have to 
> setup a test machine and try them.
> 
> I suspsect the issue is FreeBSD's thread support, so your suggested thread 
> library  change may help until we find a process based antivirus (if there 
> is one that works well with FreeBSD). 

You can specify a lib mapping for a particular tool.  See libmap.conf(5) 
- here's the EXAMPLES section:


EXAMPLES
      # /etc/libmap.conf
      #
      # candidate             mapping
      #
      libc_r.so.6             libpthread.so.2 # Everything that uses 
'libc_r'
      libc_r.so               libpthread.so   # now uses 'libpthread'

      [/tmp/mplayer]          # Test version of mplayer uses libc_r
      libpthread.so.2         libc_r.so.6
      libpthread.so           libc_r.so

      [/usr/local/jdk1.4.1/]  # All Java 1.4.1 programs use libthr
                              # This works because "javavms" executes
                              # programs with the full pathname
      libpthread.so.2         libthr.so.2
      libpthread.so           libthr.so

      # Glue for Linux-only EPSON printer .so to be loaded into cups, etc.
      [/usr/local/lib/pips/libsc80c.so]
      libc.so.6               pluginwrapper/pips.so
      libdl.so.2              pluginwrapper/pips.so



Eric