ClamAV timeouts - ORF Forums

ClamAV timeouts RSS Back to forum


I've just recently installed ClamAV, and i've had good results so far. However i'm receiving about 15-20 timeout errors daily. I've increased the timeout setting to 25 seconds, but don't really want to increase further.

Is there anything i can do to speed up the scanning so I don't see as many timeouts? What are people typically using for the timeout setting?

by kcit 4 months ago

Hello kcit,

I see that you left a message in the other clamav thread yesterday ( so I assume you have already added the "TCPAddr" line to the clamd.conf file.

To answer question, 20-30 seconds should be plenty for a scan to finish. If you see the timeout error logged occasionally, I guess it is nothing to worry about, however, if you see this logged for all emails, I recommend testing clamdscan.exe from command line using an EML file. You can download a test EML from the following location, it contains an Eicar antivirus test file:

password: virustest

Extract the EML file to the same folder where clamdscan resides (c:\clamav\ by default, if you followed the instructions in our article at and issue the following command from a command line:

clamdscan.exe --no-summary --stdout --config-file="c:\clamav\clamd.conf" eicar.eml

Does it time out this way?

In any case, I would suggest that you take a look at the ClamAV logs to see if you can find any explanation for the lengthy scan times. If logging is not enabled in your ClamAV installation, it must be enabled first in the clamd.conf file. For the clamd configuration options, please consult the following article: Look for the commands starting with ‘Log’ for the logging options.

I hope this helps.

by Daniel Novak (Vamsoft) 4 months ago

Thanks for the tips Daniel. Yes, i did get the loopback address added and that fixed the initial errors.

Logging was enabled. The only thing I see are warnings like this, which do correspond with the timeout errors:
Fri Feb 22 11:36:42 2019 -> WARNING: lstat() failed on: \\?\C:\ClamAV\temp\sce-887BCFB0C8E8353B8F810E1029D00AB9.eml
Fri Feb 22 12:40:33 2019 -> WARNING: lstat() failed on: \\?\C:\ClamAV\temp\sce-127BF4CB982F9D38CC391AE2A739083F.eml

This is not on every email. ClamAV seems to be scanning most things OK, and has even caught some things that ORF wasn't catching thanks to the 3rd party extensions.

Googling around seemed to suggest directory permissions. But clamd and the updater are running as local system, and system has full rights to the C:\ClamAV dir.

Any ideas?

by kcit 4 months ago

Do you have any antivirus installed on the ORF server? If so, you should double-check that the path configured for temporary email files (ORF Administration Tool: Blacklists > External Agents > "Path for temporary email files") is excluded from virus checking, otherwise the antivirus may lock/delete the file before ClamAV could scan it.

by Daniel Novak (Vamsoft) 4 months ago

Nope, no AV installed on the ORF server. I've increased the timeout to 30 secs, but i still get the occasional (2-3/day) timeout.

by kcit 4 months ago

I am seeing the same thing as kcit. No other AV on my server. Time out increased to 30 seconds also added the loopback ip to my configuration. Windows Defender has also been removed from my 2016 Server.

I ran the stand alone test with test file as Daniel suggested and it seemed to work just fine on it's own.

by shooker 2 months ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2