[Clamav-users] Clamav-milter CPU usage
I recently upgraded ClamAV from .86 to .87. Today, I noticed that clamav-milter is running using 99.6 Cpu utilization. the odd thing is that 47.5% is listed as user, and 53.4% listed as system. I have tried restarting clamav-milter, no luck. It instantly goes back to 100% cpu. my /etc/sysconfig is as follows: CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --headers --max-children=10 --quiet --dont-log-clean --timeout=0 -lo local:/var/clamav/clmilter.socket I see nothing in the logs about errors. Any ideas? Thanks, Brian -- Brian Riffle System and Network Administrator Klamath Community College 7390 South 6th St Klamath Falls, OR 97603 Phone 541.880.2245 Fax 541.885.7758 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
On Wed, 28 Sep 2005, Brian Riffle wrote: I recently upgraded ClamAV from .86 to .87. Today, I noticed that clamav-milter is running using 99.6 Cpu utilization. the odd thing is that 47.5% is listed as user, and 53.4% listed as system. I have tried restarting clamav-milter, no luck. It instantly goes back to 100% cpu. my /etc/sysconfig is as follows: CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --headers --max-children=10 --quiet --dont-log-clean --timeout=0 -lo local:/var/clamav/clmilter.socket I see nothing in the logs about errors. Any ideas? Care to tell us what OS/distro you're running? I'm guessing it's redhat-related? It would probably be wise to strace the process to see what it's doing. Checking obvious stuff like full partitions would also be a good idea. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
Mine's doing the same. Solaris 9, clamav 0.87, blastwave build. I took a look with truss and it seems to be looping doing this over and over and over (I don't se any values changing here): /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 /2: fstat64(7, 0xFEEFBD00) = 0 /2: fcntl(7, F_SETFD, 0x0001) = 0 /2: getdents64(7, 0x0196E678, 8192) = 208 /2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 /2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 /2: getdents64(7, 0x0196E678, 8192) = 0 /2: close(7) = 0 /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 /2: fstat64(7, 0xFEEFBD00) = 0 /2: fcntl(7, F_SETFD, 0x0001) = 0 /2: getdents64(7, 0x0196E678, 8192) = 208 /2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 /2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 /2: getdents64(7, 0x0196E678, 8192) = 0 /2: close(7) = 0 /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 /2: fstat64(7, 0xFEEFBD00) = 0 /2: fcntl(7, F_SETFD, 0x0001) = 0 /2: getdents64(7, 0x0196E678, 8192) = 208 /2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 /2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 /2: getdents64(7, 0x0196E678, 8192) = 0 /2: close(7) = 0 /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 /2: fstat64(7, 0xFEEFBD00) = 0 /2: fcntl(7, F_SETFD, 0x0001) = 0 /2: getdents64(7, 0x0196E678, 8192) = 208 /2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 /2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 /2: getdents64(7, 0x0196E678, 8192) = 0 /2: close(7) = 0 /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 my clamav-milter flags: -q -lo --timeout 0 /opt/csw/share/clamav/clmilter.sock --sendmail-cf=/opt/csw/et c/mail/sendmail.cf ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
On Wed, 28 Sep 2005, Elizabeth Schwartz wrote: Mine's doing the same. Solaris 9, clamav 0.87, blastwave build. I took a look with truss and it seems to be looping doing this over and over and over (I don't se any values changing here): /2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 /2: fstat64(7, 0xFEEFBD00) = 0 /2: fcntl(7, F_SETFD, 0x0001) = 0 /2: getdents64(7, 0x0196E678, 8192) = 208 /2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 /2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 /2: getdents64(7, 0x0196E678, 8192) = 0 /2: close(7) = 0 my clamav-milter flags: -q -lo --timeout 0 /opt/csw/share/clamav/clmilter.sock --sendmail-cf=/opt/csw/etc/mail/sendmail.cf Interesting... looks to me like the watchdog thread is stuck in a tight loop. It's *supposed* to do that check when: - the milter goes idle - there are no free servers available - once every readTimeout-1 seconds Any chance you put ReadTimeout=0 or ReadTimeout=1 in your clamd.conf? The milter only makes sure it's non-negative, not that it's greater than 1. (This is probably a bug, though I haven't thought about it enough to be sure, so I'll leave that to Nigel.) If you didn't set ReadTimeout to 0 or 1, the next step is probably to enable debugging so we can get a better idea of exactly where it's looping, and possibly even why it's looping. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Elizabeth Schwartz wrote: |Mine's doing the same. Solaris 9, clamav 0.87, blastwave build. I took a |look with truss and it seems to be looping doing this over and over and over |(I don't se any values changing here): | | |/2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 |/2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 |/2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 |/2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat("/opt/csw/share/clamav/main.cvd", 0xFEEFBDF8) = 0 |/2: stat("/opt/csw/share/clamav/daily.cvd", 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open("/opt/csw/share/clamav", O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 | |my clamav-milter flags: | |-q -lo --timeout 0 /opt/csw/share/clamav/clmilter.sock |--sendmail-cf=/opt/csw/et |c/mail/sendmail.cf |___ |http://lurker.clamav.net/list/clamav-users.html What version of the kernel are you running? If you kill clamav-milter does the usage go down? I'm using Fedora FC1 with no problems. CLAMAV_FLAGS=" --quiet \ ~--dont-wait \ ~--timeout=0 \ ~--force-scan \ ~--dont-log-clean \ ~--server=localhost \ ~--sign - --signature-file=/etc/mail/clamav/clamav-signature \ ~--pidfile=/var/run/clamav/clamav-milter.pid \ ~local:/var/run/clamav/clamav-milter.sock \ ~" I have heard some of the newer kernels having problems with CPU usage But that may be fixed with the latest 2.6.13 or 14 releases. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOxGdkNLDmnu1kSkRAwK8AJ0dqF2wj08y+pu6J7Iuzf8pSAyKZACfSTy6 f4J+ft+qPryqdvvrly9hna4= =n73s -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
Interesting... looks to me like the watchdog thread is stuck in a tight loop. It's *supposed* to do that check when: - the milter goes idle - there are no free servers available - once every readTimeout-1 seconds Any chance you put ReadTimeout=0 or ReadTimeout=1 in your clamd.conf? The milter only makes sure it's non-negative, not that it's greater than 1. (This is probably a bug, though I haven't thought about it enough to be sure, so I'll leave that to Nigel.) I am running Redhat EL3 with kernel 2.4.213.32.0.1. I just changed the ReadTimeout =5 (was at 0) and that seems to have done the trick.. The config file says that 0 disables the timeout, so I had it there. Thank you for your help.. And thanks Elizabeth for being so quick with the trace.. I had just started it when you had posted it. Mine had the same loop.. Thanks, Brian -- Brian Riffle System and Network Administrator Klamath Community College 7390 South 6th St Klamath Falls, OR 97603 Phone 541.880.2245 Fax 541.885.7758 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Brian Riffle wrote: | |> |> Interesting... looks to me like the watchdog thread is stuck in a |> tight loop. It's *supposed* to do that check when: - the milter |> goes idle - there are no free servers available - once every |> readTimeout-1 seconds |> |> Any chance you put ReadTimeout=0 or ReadTimeout=1 in your |> clamd.conf? The milter only makes sure it's non-negative, not |> that it's greater than 1. (This is probably a bug, though I |> haven't thought about it enough to be sure, so I'll leave that to |> Nigel.) | | | I am running Redhat EL3 with kernel 2.4.213.32.0.1. I just changed | the ReadTimeout =5 (was at 0) and that seems to have done the | trick.. | | The config file says that 0 disables the timeout, so I had it | there. Thank you for your help.. And thanks Elizabeth for being so | quick with the trace.. I had just started it when you had posted | it. Mine had the same loop.. | | Thanks, Brian | Maybe it needs to check that ReadTimeout - 1 is non negative. I bet if it is negative, it is suppose to not-timeout and non-negative delays (waits) that many seconds before timing out. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOxQnkNLDmnu1kSkRAyGOAJ9P4QhW24uPhzTEzVWn5ho1mWI0XgCfX7l3 BBHFuBkrFX5xnAOVXZRQNqw= =xtjD -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
Thanks all, for the fast responses! I had indeed set ReadTimeout to 0 at some point in the dim past. I have changed it to a positive number and clamav-milter seems MUCH happier. ___ http://lurker.clamav.net/list/clamav-users.html