Re: [Clamav-users] load issues due to sanesecurity signatures
Hi everyone, We are using Sanesecurity signatures in clamd for scanning mails. Recently we are seeing some load issues on clamd server due to sanesecurity signatures (load is automatically decreasing when the sanesecurity sigs are removed) Hi Avinash, I guess as others have already asked, what databases were you using? These two databases are the largest: jurlbla.ndb INetMsg-SpamDomains-2m.ndb This one has the most logic in it, so perhaps this is the one causing you problems: scamnailer.ndb If you are using INetMsg-SpamDomains-2m.ndb and INetMsg-SpamDomains-2w.ndb together, you'll be using duplicate sigs. Hopefully we'll be able to help, once we get a database list from you. Thanks for the report. Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Fwd: [sanesecurity] x86_64 users: possible malformed database problems]
G.W. Haywood wrote: I suspect that rather than QA, what you do is just a lot of hap-hazard testing. That's why, whenever I see a new release of ClamAV, first I will suppress a groan and then, before I risk it on any of my servers, I'll wait a while and watch the users' list to see how much trouble it causes. This approach serves me well, although I can't say I'm proud of the fact that I'm letting a lot of poor innocents do my acceptance testing for me. Hi G.W. Haywood, My mail was about custom databases provided by 3rd parties, not about ClamAV release cycles. Besides, you miss another point: ClamAV is an open source software, consisting of roughly 150K lines of C code and 65 signatures, currently maintained by three full time developers, one and a half full time sigmakers and a system administrator. We ALWAYS ask our users to test the development head and provide feedbacks because we cannot do it all on our own: we lack the man power and we lack the infrastructure, but, most importantly we lack YOUR setup, YOUR deployment and YOUR envirnonment. With some very notable exceptions (which I would really like to thank), it is a fact that, despite the repeated requests, not many people test the code. You can look at the bugzilla being all quiet for weeks, then, as soon as we release a new version, it suddently gets flooded with tickets. So, to conclude, if you want to get better releases, do your bit. The only alternative is that we release what WE think is ok and we re-release when YOU tell us it's not. Thanks for the lesson, -aCaB ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
Steve, I see more and more custom db related issues on this list... Last week I offered some help to early diagnose possible problems before they hit the end users and I was trying to establish some cooperation with you and the other db providers in order to improve your QA process. Just in case you missed that mail... -aCaB ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
Last week I offered some help to early diagnose possible problems before they hit the end users and I was trying to establish some cooperation with you and the other db providers in order to improve your QA process. Hi sorry for not replying earlier... I'll email off-list with a few thoughts.. just need to sort a few things out first. Cheers, Steve Sanesecurity ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
Hi everyone, Thanks for the quick response. We are using the below 6 sanesecurity files. junk.ndb phish.ndb scam.ndb spear.ndb lott.ndb spam.ldb Some more info: I tried with adding these files one by one to clamd database, junk.ndb is causing more load among all. Phish.ndb, scam.ndb and spear.ndb are also contributing to the load. Just to note, only the 50k sanesecurity sigs are causing load (among all other 0.7 million sigs). Is there anyway that we can convert sanesecurity sigs to .cld (or .cvd) with a sigtool? (ignore if not relevant) We are running only clamd process on a Linux x86_64 server. Thanks, Avinash PS: My last reply was not updated in the thread :-( please ignore if it gets posted. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
At 9:32 PM +0530 11/3/09, Avinash wrote: Hi everyone, Thanks for the quick response. We are using the below 6 sanesecurity files. junk.ndb phish.ndb scam.ndb spear.ndb lott.ndb spam.ldb Some more info: I tried with adding these files one by one to clamd database, junk.ndb is causing more load among all. Phish.ndb, scam.ndb and spear.ndb are also contributing to the load. Just to note, only the 50k sanesecurity sigs are causing load (among all other 0.7 million sigs). Is there anyway that we can convert sanesecurity sigs to .cld (or .cvd) with a sigtool? (ignore if not relevant) We are running only clamd process on a Linux x86_64 server. Avinash I think you need to tell us more. We run clamd (0.95.2 and 3) on a small, old PPC machine under unix with all official and unofficial signatures with mail and other apps with no issues. Initially you said We are using Sanesecurity signatures in clamd for scanning mails. Recently we are seeing some load issues on clamd server due to sanesecurity signatures Can you explain what changed between the time all was fine and your recent load issues? Can you explain what are the load issues? What version of OS and clamd? The more information the easier it will be for us to help. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
Hi Tom, We are using clamav version 0.95.2 with both official and unofficial signatures. Last week we observed clamd is taking more time for scanning mails due to high load on the server. To fix the issue, installed older version 0.95.1, but there was no use (later came back to 0.95.2). After removing all unofficial signatures, we came to know that sanesecurity sigs are causing the problem. Will let you know the OS version asap (away from my pc now) Thanks, Avinash ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] load issues due to sanesecurity signatures
$$ uname -a Linux 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:32:02 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux $$ Thanks, Avinash ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml