--
clamav-users@utdallas.edu said the following on 8/30/07 3:40 PM:
> On Thu, 30 Aug 2007, clamav-users@utdallas.edu wrote:
>
>> I'm noticing hang issues again with 0.91.2 on Solaris 10 x86. It doesn't
>> appear to be associated with a particularly malformed message because
>> when it starts hanging, if I restart it, things resume normally for a
>> while. The incoming queue clears out.
>
> Here's some more.
>
> [Switching to Thread 1 (LWP 1)]
> 0xfebf0857 in _so_accept () from /lib/libc.so.1
> (gdb) thread apply all bt
>
Hmm... previously I had this in the amavisd-new conf file:
@keep_decoded_original_maps = (new_RE(
qr'^MAIL$', # retain full original message
qr'^MAIL-UNDECIPHERABLE$',
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));
It's my understanding that the above was necessary in order to take
advantage of the SaneSecurity sigs. Well, after the earlier hangs, I
changed it back to this:
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$', # retain full original message
qr'^MAIL-UNDECIPHERABLE$',
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data', # don't trust Archive::Zip
));
and man the load on clamd has dropped enormously. I saw the remark about
having the '^MAIL$' line uncommented would be slower, but the difference
is so wildly extreme. Even when the traffic was rather low, before clamd
was always at the top in terms of cpu utilization. Now it's barely
taking any cpu time at all. Naturally the time of day is a factor, but
we'll see for sure tomorrow.
Amos
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
(text/plain)