Hello Gordon,

On Fri, Feb 18, 2011 at 10:07:31AM -0500, Gordon Dickens wrote:
> That is quite strange especially since it only occurs sometimes. I can't
> say for sure but I suspect that this is most probably a ClamAV problem.
> Check to see if the clamd logs have any related entries that might yield
> a clue.
I checked the clamav.log and when the error occurs I find lines like:

Tue Feb 15 22:20:42 2011 -> /var/spool/exim4/scan/XXXX/XXXX.eml: Can't create temporary directory ERROR

Just like in exim's paniclog.

> I realize this is obvious but make sure that the Debian-exim
> user and clamav user both have read/write permission to the
> /var/spool/exim4/scan directory.
In fact the permissions to this directory are as follows:

ls -l /var/spool/exim4/ | grep scan
drwxr-x--- 2 Debian-exim Debian-exim 4096 Feb 18 12:54 scan

Before I checked this, but somehow was not noting the missing w for the
group.

So the Debian-exim group has NO write-permission. On another system
running exim4u (which I use as the primary MX) the permissions are
identical and I do not have any errors of this kind there.

Probably here lies the problem. But since I do not have any problems on
the other system, I would like to understand first, why I really need
write access here. How does virus scanning actually works? Which process
really needs access to this directory?

Then I would like to understand why there are no problems on my other
system.