Re: [Clamav-users] 99% CPU load during boot, server freezing
Emanuel Nacht wrote: Okay, I think I found the evil-doer, and it's, gladly, not related to clamav. It appears there was an attack running towards one virtual host, which made the load skyrocket of the server - giving clamav only so much cpu time. It's still interesting that clamav showed up in top with 99% cpu: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 806 clamav25 0 16560 16m 692 R 96.7 1.6 0:04.05 ls I will keep an eye on this, and post a follow-up if this problem persists. Why would clamav ever run the 'ls' command? Something doesnt seem right.. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 99% CPU load during boot, server freezing
On Tue, 14 Jun 2005, Emanuel Nacht wrote: During boot-up, clamav spawns a process 'ls', which takes up 99% CPU and gradually eats up ram until the box freezes. The funny part is, when I disable clamav from startup during boot, and start it manually afterwards, all is going fine. I can see the CPU load through the Servermonitoring tool we're using, which manages to get a few lines of top before the server freezes. Certainly sounds interesting! How do you know that clamav spawned the 'ls' process? Any way to find out exactly what arguments 'ls' was called with? (Like, a 'ps aux' or looking in /proc to see its cwd or somesuch.) Given that it works after bootup, perhaps you need to move it later in your boot sequence? My guess, assuming this is really related to clamav, is that it's trying to find its database directory which is NFS mounted from another machine, before the NFS mount has had time to take place. But now I'm guessing about your network setup We'd probably need more details about that (and where this lies in your boot sequence) to debug further. Good luck! Damian Menscher [loves interesting problems] -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 99% CPU load during boot, server freezing
On 6/14/05, Damian Menscher [EMAIL PROTECTED] wrote: How do you know that clamav spawned the 'ls' process? Output from top that BigSister produces shows the process 'ls' belonging to the user 'clamav' Any way to find out exactly what arguments 'ls' was called with? (Like, a 'ps aux' or looking in /proc to see its cwd or somesuch.) unfortunately not, the box hangs when trying to start clamav and I have no chance to log into the system - the boot sequence doesn't complete and won't let me log in. Given that it works after bootup, perhaps you need to move it later in your boot sequence? I will give that a try as soon as possible, but as it's almost 3am here, I'll have to do that after I get some sleep. A further problem is, that I don't have physical access to the server. My guess, assuming this is really related to clamav, is that it's trying to find its database directory which is NFS mounted from another The Server doesn't mount anything over NFS (planned, but we aren't there yet) - it's all on the local disk. I was suspecting inconsistencies with the user/group files first, but they seem to be okay. What I'm going to try, which wil hopefully shed some light on this, is to have ptrace invoked when starting clamav in the boot sequence, this might help in debugging things. Thanks and Regards Emanuel Nacht ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 99% CPU load during boot, server freezing
Okay, I think I found the evil-doer, and it's, gladly, not related to clamav. It appears there was an attack running towards one virtual host, which made the load skyrocket of the server - giving clamav only so much cpu time. It's still interesting that clamav showed up in top with 99% cpu: PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 806 clamav25 0 16560 16m 692 R 96.7 1.6 0:04.05 ls I will keep an eye on this, and post a follow-up if this problem persists. Regards Emanuel ___ http://lurker.clamav.net/list/clamav-users.html