exim on mendelevium (otrs machine) has been complaining about clamav errors, in this form:
2018-01-31 11:11:25 XXX malware acl condition: clamd: ClamAV returned: /var/spool/exim4/scan/XXX/XXX.eml: Can't open file or directory ERROR
Looking at lsof of clamav there are plenty of open file descriptors to deleted files in /tmp/, about 1024 of them so I suspect fds are leaking and hitting maximum open file descriptors.
clamd 569 clamav 12u REG 254,1 245 398903 /tmp/clamav-1fa9c98e831072097777091baae57b3e.tmp (deleted) clamd 569 clamav 13u REG 254,1 2271 398889 /tmp/clamav-2cfbf4fc5117d4fca6e3eaa6cd5afa0b.tmp (deleted) clamd 569 clamav 14u REG 254,1 974 398900 /tmp/clamav-d93e01b4f246690d2ca56997e3bf3b65.tmp (deleted) clamd 569 clamav 15u REG 254,1 974 398901 /tmp/clamav-f856655f9539b8513ca32917729ed2e4.tmp (deleted) clamd 569 clamav 16u REG 254,1 2271 398904 /tmp/clamav-ad84f017474ada33d99ac0481f3ec762.tmp (deleted) clamd 569 clamav 17u REG 254,1 391 398912 /tmp/clamav-fa43351caa95f4625b19f56d8447b25b.tmp (deleted) ... clamd 569 clamav 1022u REG 254,1 6180 404456 /tmp/clamav-edd137867aaa38b33afa79379f52768f.tmp (deleted) clamd 569 clamav 1023u REG 254,1 861 404457 /tmp/clamav-9847efae7c2e57fbccd4a830b2d7541b.tmp (deleted)