Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
On 3/25/04 2:26 PM, Jesse Guardiani [EMAIL PROTECTED] wrote: --- SCAN SUMMARY --- Known viruses: 20702 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 57.21 MB I/O buffer size: 131072 bytes Time: 11.989 sec (0 m 11 s) [13:[EMAIL PROTECTED]:[~]% clamdscan test-message.txt /usr/home/jesse/test-message.txt: OK --- SCAN SUMMARY --- Infected files: 0 Time: 89.334 sec (1 m 29 s) [13:[EMAIL PROTECTED]:[~]% I still think there is a bug out there somewhere when scanning mail files. Rarely we'll see clamd+clamdscan take quite a long time to process a mail message. It happens rarely, but sometimes a 4K message file can take a minute to scan. I can capture the message in question, but when I scan it again, it only takes a second. In our case it is VERY rare, on four servers running clamd it only happened once in about 250,000 scans, but still it happens from time to time. The one server that it happened on the resident size of the program was considerably larger than the others.. root3944 0.0 4.2 22460 21652 ?? Ss 18Mar04 53:03.64 root 98782 0.0 5.9 31240 30480 ?? Ss 18Mar04 21:17.28 root 51317 0.0 4.1 22104 21340 ?? Ss 18Mar04 21:31.03 root 20182 0.0 4.7 25032 24268 ?? Ss 18Mar04 20:48.46 I have not seen clamd go into a memory eating frenzy yet, and since the urandom workaround/fix I have not seen any hung threads where clamd chews up 100% of the CPU. Right now I'm just seeing some random mail files hang clamdscan at times for ~1 minute before it lets go.. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 NOTICE: alloc: /dev/null: filesystem full --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
On Thu, 25 Mar 2004 at 14:26:05 -0500, Jesse Guardiani wrote: [...] The only thing I still don't understand is why clamscan is so much faster than clamdscan, and why clamscan only uses 25M of process memory while clamdscan uses over 298M of process memory during the scan: --- SCAN SUMMARY --- Scanned files: 1 Infected files: 0 Data scanned: 57.21 MB I/O buffer size: 131072 bytes Time: 11.989 sec (0 m 11 s) [13:[EMAIL PROTECTED]:[~]% clamdscan test-message.txt /usr/home/jesse/test-message.txt: OK --- SCAN SUMMARY --- Infected files: 0 Time: 89.334 sec (1 m 29 s) [13:[EMAIL PROTECTED]:[~]% 1) When scanning a big file with clamdscan, a time savings thanks to _not_ loading the database at startup is little as compared with scanning time of the data itself. 2) clamdscan can be configured (in clamav.conf) to use more features than you requested for clamscan in command line (e.g. ScanMail). If so, scanning with clamdscan can require more resources than simple 'clamscan'. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
On Thu, 25 Mar 2004 14:26:05 -0500 Jesse Guardiani [EMAIL PROTECTED] wrote: Tomasz Kojm wrote: On Mon, 22 Mar 2004 15:54:18 -0500 Jesse Guardiani [EMAIL PROTECTED] wrote: Any ideas on how to avoid this in the future? I'm running with ScanArchive and ScanMail (because I want the binhex feature on). The problem may be connected with already discussed and fixed /dev/urandom issue. Please update to the latest CVS version. OK. After hashing through a couple of different tests with Nigel Horne on my FreeBSD 5.2.1-RELEASE laptop, my FreeBSD 4.8-RELEASE test and production servers, one of Nigel's FreeBSD 5.2 machines, and one of Nigel's linux machines of unknown type I finally gave the CVS version a try. I found that the CVS version works quite well and alleviates the problem of new clamdscan connections being rejected under high load. The only thing I still don't understand is why clamscan is so much faster than clamdscan, and why clamscan only uses 25M of process memory while clamdscan uses over 298M of process memory during the scan: clamdscan by default (see clamav.conf !) scans all directories recursively. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 26 03:48:58 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
On Tuesday 23 Mar 2004 3:06 pm, Jesse Guardiani wrote: No, it's strictly text and just a LOT of characters. I can send it zipped or a small sample if anyone is interested. It has a lot of repeating characters, so it aught to compress rather well. Yes, please e-mail me a copy. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE
Jesse Guardiani wrote: Tomasz Kojm wrote: The problem may be connected with already discussed and fixed /dev/urandom issue. Please update to the latest CVS version. I'll consider it. This is a production server, so I'm not incredibly keen on running CVS code. Actually, with ClamAV CVS versions are often more stable or better than stable preview versions due to rapid bugfix and improvements :) Read ChangeLog from CVS; you should find many interesting entries there. Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users