Richard Bishop wrote: > > Kevin, > > >>> Kevin Bailey wrote: >>> >>> >>>> On a server which deals with a few thousand emails per day and only has >>>> 500MB of RAM I'm getting errors related to >>>> >>>> >>>> >>>> >>> is clamav running as CLAMDSCAN? >>> (if you did 'top' did you see clamscan running, or CLAMDSCAN) >>> >>> >>> >> Yes. Is this the problem? >> >> And it's at 90%+ CPU usage. >> >> > > > You're not running on Debian by any chance are you? (I seem to remember > seeing one of your earlier posts which mentioned Debian). Yes I am.
> I know there was > a bug in the Debian package of ClamAV earlier in the year which caused it > to eat 90-100% of the CPU. This bug was repeatedly taking one of our > servers down until I found and fixed it - in our case nothing but a reboot > would resolve it. > > I forgot the specifics of the problem but the solution (and I'm very much > assuming that you are running Debian) is to add the volatile sources to > your /etc/apt/sources.list file and update the box (apt-get update | > apt-get upgrade). It seems that Debian's policy of not including software > builds until they are guaranteed stable doesn't really fit with software > which is constantly being updated - like AV software. See > http://www.debian.org/volatile/ for more info and details how to use > volatile. > > Thanks - will check it out. > One other thing - you are running Clam in daemon mode in your primary AV > scanners aren't you? (as opposed to calling clamscan for each file which > requires loading the signatures each time - and eats CPU time). If this is > the case then you'll be using the internal amavis socket connections for > submitting files to scan rather than scraping the output of the cmdline > scanner. > > Clamav-daemon was running. I've left everything set up as Debian default - and the anti-virus scanning has been enabled with @bypass_virus_checks_maps = ( \%bypass_virus_checks, \...@bypass_virus_checks_acl, \$bypass_virus_checks_re); in the /etc/amavis/15-content_filter_mode file. This is a Debian Etch box and everything is default Etch - I.e. amavis is at version 2.4.2-6.1 *How can I tell if amavisd-new is calling clamav-daemon rather than using the command-live version?* Also, it looks to me like if you want to use clamav-daemon you *really should* have volatile enabled. Will be checking into this further. Thanks, bailey86 > Hope this helps > > > Richard > > > -- *Kevin Bailey* Director/Programmer - Freeway Projects Limited Web: www.freewayprojects.com <http://www.freewayprojects.com/> Email: [email protected] <mailto:[email protected]> Phone: +44 (0)1752 267090 ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
