On Mon, Nov 2, 2009 at 1:45 PM, Tom Shaw <ts...@oitc.com> wrote: > At 4:10 PM -0600 11/2/09, Noel Jones wrote: > >> On 11/2/2009 1:42 PM, Avinash wrote: >> >>> Hi everyone, >>> >>> We are using Sanesecurity signatures in clamd for scanning mails. >>> Recently >>> we are seeing some load issues on clamd server due to sanesecurity >>> signatures (load is automatically decreasing when the sanesecurity sigs >>> are >>> removed) >>> >>> Does anyone face this issue before? Sanesecurity sigs are much needed to >>> catch spam, is these anyway that i can fix this issue? Please help me. >>> >>> >> Likely just one of the signature files is causing problems. Try disabling >> them one at a time until load comes down to an acceptable level. I'd start >> with winnow.complex.patterns.ldb. >> > > Just a question. Why disable a file that currently has only 2 rules in it? > Wouldn't you want to 1) determine what he has enabled? After all > safebrowsing is humongous, 2) what hardware configuration and scan volume he > is using and 3) what else is running on the machine? > > After all there are a lot of us using all sansecurity files and > safebrowsing with no issues which would lead one to believe that there is > not a signature file that is causing problems but more probably the > interaction of light hardware, higher data volume and other processes > running on the server coupled with a large number of signatures. > > Lets first look at what Avinash wrote. He said all was well with ClamAV and > SaneSecurity signatures until recently. >
clamd on our mail server started hogging 100% of both CPUs, and mail started backing up like crazy. This started last Thursday evening. I played with the Postfix, Amavisd-new, and Clamd settings all Friday morning trying to figure this out and clear out the backlog of messages. On a whim, I renamed the clamav database directory, ran freshclam to get just the basic signatures, and restarted clamd. Number of signatures went from 925,000+ to under 600,000, and CPU usage dropped to below 20%. Cleared out 1200 messages from the queue in under 15 minutes. Reran the script to download all the extra signature databases, putting the total back up over 700,000, and still the CPU usage is under 20%. Haven't had any issues since then, so can't really say if it was a corrupted database, a bad signature, or exactly what the issue was. Don't have any plans to test the old copies of the database files, as I don't want to mess with things now that they are working again. :) Something strange happened to the database files last week. This week, everything is fine. -- Freddie Cash fjwc...@gmail.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
