By default the service installation of Clamd has a limit in the file size of the email message that it can receive. If it receives a file too big HMS errors with Code: HM5406. This writeup details the two steps to prevent this situation.
In my installation of Clamd (found here: viewtopic.php?f=21&t=26829&p=164310#p164310) its default size limit is 25MB. (Your Clamd installation will also have a default if you have not specified one but may be a different value, maybe as low as 10MB.)
This value is in effect in absence of the following parameter from CLAMD.CONF:
By default Hmailserver has no limit set on the size of mail message that it will pass to ClamAV for scanning. This is set in Hmailserver - Settings - Antivirus, GENERAL tab and has a value of ZERO under 'Maximum Message Size To Scan'.
The problem is that if a message is passed to Clamd from HMS that exceeds the default (25MB in my case) then the following error will occur:
THE SOLUTION - HOW TO AVOID THIS ERROR
Code: Select all
"ERROR" 2416 "2016-01-28 12:46:58.525" "Severity: 3 (Medium), Code: HM5406, Source: ClamAVVirusScanner::Scan, Description: Unable to write data to stream port."
In order to ensure that this condition doesnt happen, HMS should be set to send no message with a size higher than that value that Clamd is set at.
First you must determine your current CLAMD default value. You can determine this by reading your Clamd.log file and in the entries just after startup of the service you should see:
note: 26214400 \1048576 = 25 MBThu Jan 28 13:29:23 2016* -> Limits: File size limit set to 26214400 bytes.
* (Tip: to get the 'date and timestamp' on your entries in your Clamd.log file, add "LogTime yes" to Clamd.conf. )
1, The same value should now then be set in HMS by entering the value in KILOBYTES calculated thus:
- value (M) * 1048576 / 1000 (rounded DOWN)
- 20 MB = (20*1048576/1000) = 20971
15 MB = 15728
25 MB = 26214
In CLAMD.CONF, enter the following line:
- StreamMaxLength 20M
You will need to restart the Clamd service for the new settings to take effect (and dont forget to reflect your new choice in HMS - (1) above.)
There are other message size restrictions also tailorable within HMS notably under:
SETTINGS - PROTOCOLS - SMTP - Max Message Size and
DOMAINS - 'Limits' tab - Max Message Size (this value overrides the above value).
Therefore it is possible that these values may be lower and will already limit the maximum size of a message. You should bear this in mind when deciding what size messages you want to receive and what sizes you want actually being scanned.