Also, if I leave ScanArchive yes and set MaxThreads 1
then it seems to run Ok. Only problem then is that the exim processes
build up waiting for service.
Is there any possibility that the code used by whatever ScanArchive
enables is not thread safe?
> Hi
>
> Has anybody else noticed this.
>
> When running clamd with the ScanArchive config option set to yes, after a
> couple of minutes of running cpu usage will look like this:
>
> last pid: 2470; load averages: 6.43, 4.06, 2.71
> 12:16:16
> 77 processes: 75 sleeping, 2 on cpu
> CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap
> Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free
>
> PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
> 833 popuser 11 59 0 43M 40M cpu/2 8:50 91.13% clamd
> 234 root 9 59 0 47M 15M sleep 14:15 0.22% java
> 2220 root 1 59 0 2888K 1776K cpu/1 0:00 0.20% top
> 2381 popuser 1 59 0 3968K 2784K sleep 0:00 0.09% exim-4.52-1
> 1405 popuser 1 59 0 3464K 2664K sleep 0:00 0.09% exim-4.52-1
>
> A truss -p 833 reveals
>
> /6: lwp_park(0x00000000, 0) = 0
> /10: lwp_park(0x00000000, 0) = 0
> /3: lwp_unpark(10, 1) = 0
> /4: lwp_park(0x00000000, 0) = 0
> /6: lwp_park(0x00000000, 0) = 0
> /2: lwp_park(0x00000000, 0) = 0
> /3: lwp_unpark(4, 1) = 0
> /4: lwp_park(0x00000000, 0) = 0
> /8: lwp_unpark(6, 1) = 0
> /6: lwp_park(0x00000000, 0) = 0
> /2: lwp_park(0x00000000, 0) = 0
> /4: lwp_unpark(6, 1) = 0
> /6: lwp_park(0x00000000, 0) = 0
> /3: lwp_unpark(2, 1) = 0
> /8: lwp_unpark(4, 1) = 0
> /2: lwp_park(0x00000000, 0) = 0
> /6: lwp_unpark(2, 1) = 0
> /3: lwp_park(0x00000000, 0) = 0
> /8: lwp_unpark(3, 1) = 0
> /3: lwp_park(0x00000000, 0) = 0
> /2: lwp_unpark(3, 1) = 0
> /6: lwp_unpark(3, 1) = 0
> /3: lwp_park(0x00000000, 0) = 0
> /8: lwp_unpark(2, 1) = 0
> /2: lwp_park(0x00000000, 0) = 0
> /8: lwp_unpark(6, 1) = 0
> /3: lwp_unpark(2, 1) = 0
> /2: lwp_park(0x00000000, 0) = 0
> /6: lwp_park(0x00000000, 0) = 0
> /3: lwp_unpark(8, 1) = 0
> /8: lwp_park(0x00000000, 0) = 0
> /6: lwp_park(0x00000000, 0) = 0
> ^C/2: lwp_unpark(8, 1) = 0
> /10: lwp_unpark(6, 1) = 0
> /4: lwp_park(0x00000000, 0) = 0
> /8: lwp_park(0x00000000, 0) = 0
> /5: lwp_park(0x00000000, 0) = 0
> /9: lwp_park(0x00000000, 0) = 0
> /3: lwp_unpark(6, 1) = 0
> /11: lwp_unpark(5, 1) = 0
> /7: lwp_unpark(2, 1) = 0
>
> and that's all that seems to be happening - seems to be in an endless
> loop.
>
> The clamd log file has the following entries
>
> Wed Apr 11 12:11:30 2007 -> +++ Started at Wed Apr 11 12:11:30 2007
> Wed Apr 11 12:11:30 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH:
> sparc, CPU: sparc)
> Wed Apr 11 12:11:30 2007 -> Log file size limit disabled.
> Wed Apr 11 12:11:30 2007 -> Reading databases from /usr/local/share/clamav
> Wed Apr 11 12:11:46 2007 -> Loaded 107793 signatures.
> Wed Apr 11 12:11:46 2007 -> Unix socket file
> /usr/local/share/clamav/clamd.socket
> Wed Apr 11 12:11:46 2007 -> Setting connection queue length to 30
> Wed Apr 11 12:11:46 2007 -> Archive: Archived file size limit set to
> 7340032 bytes.
> Wed Apr 11 12:11:46 2007 -> Archive: Recursion level limit set to 5.
> Wed Apr 11 12:11:46 2007 -> Archive: Files limit set to 250.
> Wed Apr 11 12:11:46 2007 -> Archive: Compression ratio limit set to 250.
> Wed Apr 11 12:11:46 2007 -> Archive support enabled.
> Wed Apr 11 12:11:46 2007 -> Algorithmic detection enabled.
> Wed Apr 11 12:11:46 2007 -> Portable Executable support enabled.
> Wed Apr 11 12:11:46 2007 -> ELF support enabled.
> Wed Apr 11 12:11:46 2007 -> Mail files support enabled.
> Wed Apr 11 12:11:46 2007 -> Mail: Recursion level limit set to 64.
> Wed Apr 11 12:11:46 2007 -> OLE2 support enabled.
> Wed Apr 11 12:11:46 2007 -> PDF support disabled.
> Wed Apr 11 12:11:46 2007 -> HTML support enabled.
> Wed Apr 11 12:11:46 2007 -> Self checking every 1800 seconds.
> Wed Apr 11 12:11:51 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fq-6x/1HbZno-0000Fq-6x.eml: OK
> Wed Apr 11 12:11:51 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fq-6x/1HbZno-0000Fq-6x-00000: OK
> Wed Apr 11 12:11:51 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fq-6x/1HbZno-0000Fq-6x-00001: OK
> Wed Apr 11 12:11:51 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fq-6x/1HbZno-0000Fq-6x-00002: OK
> Wed Apr 11 12:11:51 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fo-A2/1HbZno-0000Fo-A2.eml: OK
> Wed Apr 11 12:11:52 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fo-A2/1HbZno-0000Fo-A2-00000: OK
> Wed Apr 11 12:11:52 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fo-A2/1HbZno-0000Fo-A2-00001: OK
> Wed Apr 11 12:11:52 2007 ->
> /var/spool/exim/scan/1HbZno-0000Fo-A2/1HbZno-0000Fo-A2-00002: OK
> Wed Apr 11 12:11:54 2007 ->
> /var/spool/exim/scan/1HbZnu-0000GO-9T/1HbZnu-0000GO-9T.eml: OK
> <cut>
> </cut>
> Wed Apr 11 12:20:04 2007 ->
> /var/spool/exim/scan/1HbZrl-0000cP-LA/1HbZrl-0000cP-LA-00009: OK
> Wed Apr 11 12:20:15 2007 ->
> /var/spool/exim/scan/1HbZsX-0000fD-Oz/1HbZsX-0000fD-Oz.eml: OK
> Wed Apr 11 12:20:16 2007 ->
> /var/spool/exim/scan/1HbZrh-0000bo-4G/1HbZrh-0000bo-4G-00001: OK
> Wed Apr 11 12:20:16 2007 -> +++ Started at Wed Apr 11 12:20:16 2007
> Wed Apr 11 12:20:16 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH:
> sparc, CPU: sparc)
> Wed Apr 11 12:20:16 2007 -> Log file size limit disabled.
> Wed Apr 11 12:20:16 2007 -> Reading databases from /usr/local/share/clamav
> Wed Apr 11 12:20:16 2007 ->
> /var/spool/exim/scan/1HbZrh-0000bo-4G/1HbZrh-0000bo-4G-00002: OK
> Wed Apr 11 12:20:18 2007 ->
> /var/spool/exim/scan/1HbZsX-0000fD-Oz/1HbZsX-0000fD-Oz-00000: OK
> Wed Apr 11 12:20:18 2007 ->
> /var/spool/exim/scan/1HbZsb-0000gN-UU/1HbZsb-0000gN-UU.eml: OK
> Wed Apr 11 12:20:22 2007 ->
> /var/spool/exim/scan/1HbZsm-0000gw-0m/1HbZsm-0000gw-0m.eml: OK
> Wed Apr 11 12:20:24 2007 ->
> /var/spool/exim/scan/1HbZt0-0000fg-1r/1HbZt0-0000fg-1r.eml: OK
> Wed Apr 11 12:20:26 2007 ->
> /var/spool/exim/scan/1HbZqN-0000UU-Ub/1HbZqN-0000UU-Ub.eml: OK
> Wed Apr 11 12:20:27 2007 ->
> /var/spool/exim/scan/1HbZsm-0000gh-J5/1HbZsm-0000gh-J5.eml: OK
> Wed Apr 11 12:20:31 2007 ->
> /var/spool/exim/scan/1HbZrq-0000ck-0x/1HbZrq-0000ck-0x-00000: OK
> Wed Apr 11 12:20:35 2007 -> Loaded 107793 signatures.
> Wed Apr 11 12:20:35 2007 -> ERROR: Socket file
> /usr/local/share/clamav/clamd.socket is in use by another process.
> Wed Apr 11 12:20:40 2007 ->
> /var/spool/exim/scan/1HbZsG-0000eH-2f/1HbZsG-0000eH-2f.eml: OK
> Wed Apr 11 12:20:40 2007 ->
> /var/spool/exim/scan/1HbZoe-0000Jk-6F/1HbZoe-0000Jk-6F.eml: OK
> Wed Apr 11 12:20:41 2007 -> Socket file removed.
> Wed Apr 11 12:20:41 2007 -> Pid file removed.
> Wed Apr 11 12:20:41 2007 -> --- Stopped at Wed Apr 11 12:20:41 2007
>
> Then you'd have to restart clamd and it will happen all over again.
>
> What caused
>>> Wed Apr 11 12:20:16 2007 -> +++ Started at Wed Apr 11 12:20:16 2007
> I didn't try to start it again at that time?
>
> If I disable the ScanArchive option in the config file and restart clamd
> it will run happily without any problems.....
>
> last pid: 8659; load averages: 0.56, 1.07, 2.12
> 12:32:06
> 87 processes: 83 sleeping, 1 zombie, 3 on cpu
> CPU states: 76.0% idle, 18.8% user, 4.8% kernel, 0.4% iowait, 0.0% swap
> Memory: 1536M real, 1139M free, 120M swap in use, 2053M swap free
>
> PID USERNAME LWP PRI NICE SIZE RES STATE TIME CPU COMMAND
> 6466 popuser 5 59 0 31M 29M sleep 1:17 7.95% clamd
> 8614 root 1 59 0 2888K 1776K cpu/1 0:00 0.43% top
>
> A truss -p 6466 then looks more normal as well
>
> /7: unlink("/tmp/clamav-b8db0dd7aa0a38d966b86d02aa2578e9/script.html")
> = 0
> /7: getdents64(12, 0x01F0E008, 8192) = 0
> /7: llseek(12, 0, SEEK_CUR) = 2
> /7: llseek(12, 0, SEEK_SET) = 0
> /7: stat("/tmp/clamav-b8db0dd7aa0a38d966b86d02aa2578e9", 0xFECFAF50) =
> 0
> /7: rmdir("/tmp/clamav-b8db0dd7aa0a38d966b86d02aa2578e9") = 0
> /7: close(12) = 0
> /7: lseek(9, 0, SEEK_SET) = 0
> /7: read(9, " < h t m l >\n < h e a d".., 131072) = 13628
> /7: read(9, 0x01B81F16, 117444) = 0
> /7: read(9, 0x01B81F16, 117444) = 0
> /7: lseek(9, 0, SEEK_SET) = 0
> /7: close(9) = 0
> /7: time() = 1176287680
> /7: write(4, " W e d A p r 1 1 1".., 93) = 93
> /7: write(1, " / v a r / s p o o l / e".., 65) = 65
> /7: getdents64(8, 0x01AC5488, 8192) = 0
> /7: close(8) = 0
> /7: send(17, " / v a r / s p o o l / e".., 42, 0) = 42
> /7: close(17) = 0
> /7: time() = 1176287680
> /10: read(11, " u u u v x u s j i 9 j a".., 131072) = 131072
> /10: read(11, " u k y y s y b s w j w p".., 131072) = 131072
> /1: accept(6, 0x00000000, 0x00000000, 1) (sleeping...)
> /10: read(11, " 9 r b i u i j v g g l l".., 131072) = 131072
> /10: read(11, " l 7 z l s b l 5 o o 3 a".., 131072) = 131072
> /10: read(11, " y p h t a f o 2 k 2 x a".., 131072) = 131072
> /7: lwp_park(0xFECFBE58, 0) (sleeping...)
> /10: read(11, " r 2 z k y 6 r d 7 m l a".., 131072) = 131072
> /10: read(11, " h i 9 q 6 c 1 l e r a p".., 131072) = 131072
> /10: read(11, " / / / / / / / / / / /".., 131072) = 51416
> /10: read(11, 0x01C0220A, 79656) = 0
> /10: read(11, 0x01C0220A, 79656) = 0
> /10: close(11)
>
> Is anybody else having these problems, or is it just me???
>
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
