The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP: clamav causing cpu overload

Discussion in 'General Discussion' started by Snowman30, Mar 24, 2004.

  1. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Im having a lot of trouble with clamav on a hyperthreaded 3Ghz server unning RH9 and the latest R of CPanel

    every day the highest loads on the server are:

    mailnull 64.10 3.46 0.0
    Top Process %CPU 99.9 /usr/bin/clamscan --unzip -r --disable-summary --stdout .
    Top Process %CPU 97.6 /usr/bin/clamscan --unzip -r --disable-summary --stdout .
    Top Process %CPU 94.0 /usr/bin/clamscan --unzip -r --disable-summary --stdout .

    im also getitng a lot of high loads like:

    mailnull 0 99.9 0.0 /usr/sbin/exim-bd-q60m


    anyideas what the cause could be or know of a way to fix it?

    any advice would be most appreciated.
     
    #1 Snowman30, Mar 24, 2004
    Last edited: Mar 24, 2004
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Presumably, you are running MailScanner with the virus scanner set to clamav?

    If so, you can greatly improve upon its performance by upgrading it to use the clamavmodule option:

    /scripts/perlinstaller Mail::ClamAV

    Then edit your MailScanner.conf, probably in:

    /usr/mailscanner/etc/MailScanner.conf

    and look for:

    Virus Scanners = clamav

    change it to:

    Virus Scanners = clamavmodule

    Then:

    killall MailScanner

    Wait a few seconds and make sure they're all stopped, then:

    /usr/mailscanner/bin/check_mailscanner
     
  3. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    hmm its stopped one error and created another

    i now get lots ofhighloads on:

    mailnull 0 99.9 0.0 /usr/sbin/exim-bd-q60m
    mailnull 0 32.2 0.0 0 MailScanner <

    and high loads like:

    mailnull 0 99.9 0.0 /usr/sbin/exim-bd-q60m
    mailnull 0 99.9 0.5 /usr/bin/perl-I/usr/mailscanner/lib/usr/mailscanner/bin/MailScanner/usr/mailscanner/etc/MailScanner.conf


    and also a lot of MailScanner <defunct> as well

    any ideas?
     
  4. synax

    synax Member

    Joined:
    Jun 24, 2002
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I run a couple of 5000-10000 user mailinglists and Mailscanner and ClamAV cause the server to reboot or come close to it daily now.

    I have tried changing to clamavmodule in MailScanner.conf, once I do this emails are not processed and I see a lot of "MailScanner <defunct>" showing up.


    Any ideas are appreciated.

    If I need to purchase some sort of mail scanning utility, I can do that. I just don't know what to do.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The MailScanner <defunt> processes are perfectly normal for the app and can be safely ignored.

    For the ClamAV module, have you installed the latest Mail::ClamAV and the latest (v.70) of the ClamAV software?
     
  6. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Hey chirpy,

    I get this every time I try to install it on an RH9 machine (tried 3 so far):

    I'm making do with an older version of mail::clamav for now, but do you know why I get this error?
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'll do some digging.

    I've seen this mentioned several times for RH9 servers. I've installed without problems (that couldn't be easily fixed, anyway) on RH7.3, RHE3 and Fedora. Unfortunately, I don't have access to an RH9 box.

    I'll let you know what I find.
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Since it seems to be failing when linking with the gdbm libraries, do you have both gdbm and gdbm_devel rpms installed?

    rpm -qa | grep gdbm

    should give you something like:

    gdbm-1.8.0-20
    gdbm-devel-1.8.0-20

    If you don't have gdbm-devel installed, usually this will do it for you:

    up2date -i gdbm-devel

    Then try Mail::ClamAV again. Let me know if this helps, or not.
     
  9. synax

    synax Member

    Joined:
    Jun 24, 2002
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Everything is up to date.

    /scripts/perlinstaller Mail::ClamAV
    Testing connection speed...(this could take a while)....Done
    Five usable mirrors located
    CPAN: Storable loaded ok
    Going to read /home/.cpan/Metadata
    Database was generated on Tue, 04 May 2004 22:33:39 GMT
    Mail::ClamAV is up to date.
    perlmod--Install done


    clamscan -V
    clamscan / ClamAV version 0.70-rc


    But if I change the mailscanner.conf to clamavmodule the emails do not get sent out and you cannot receive anything.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Have you checked your /var/log/maillog to make sure that MailScanner is not throwing up errors?
     
  11. synax

    synax Member

    Joined:
    Jun 24, 2002
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I don't see any errors. I found this a couple of times, looks to be happening reguarly though.


    May 2 11:06:44 mind MailScanner[28501]: Virus and Content Scanning: Starting
    May 2 11:06:45 mind MailScanner[28501]: Uninfected: Delivered 1 messages
    May 2 11:06:54 mind MailScanner[20014]: New Batch: Scanning 1 messages, 11897 bytes
    May 2 11:06:55 mind MailScanner[20014]: Virus and Content Scanning: Starting
    May 2 11:06:55 mind MailScanner[20014]: Uninfected: Delivered 1 messages
    May 2 11:06:55 mind MailScanner[20014]: MailScanner child dying of old age
    May 2 11:06:55 mind MailScanner[29700]: MailScanner E-Mail Virus Scanner version 4.22-5 starting...
    May 2 11:06:55 mind MailScanner[29700]: Using locktype = posix
    May 2 11:06:55 mind MailScanner[29700]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's a normal log for a normally running installation of MailScanner :confused:
     
  13. synax

    synax Member

    Joined:
    Jun 24, 2002
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Is there a way to test clamavmodule like you would clamscan?
     
  14. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Thanks for trying, but I've got both of those installed already. I've also tried forcing a reinstall of Inline, ExtUtils, and anything else I could think of.
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  16. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Thanks Jonathan,

    I just did. I'll let you know what he says...
     
  17. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    For Jonathan and anyone else having problems, I found out the cause...by accident. I had one of my servers set to upgrade perl. I got a perl update last night, and all of a sudden I was able to install mail::clamav on it. So the problem is an outdated perl.
    -------------
    [edit]
    It looks like that was not the problem. That worked for one server, but not the others. The others already had the latest perl...I have no idea now. The developer insists it's an old libclamav, but I have uninstalled previous versions and reinstalled the latest over and over again. I don't know why it would be old.
     
    #17 casey, May 7, 2004
    Last edited: May 7, 2004
  18. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I did a complete reinstall of perl on my test server, and mail::clamav still errors out with the same error. I have no idea. Obviously perl has nothing to do with it, so that was just a coincidence.
     
  19. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    casey,

    I wonder if you have libclamav in more than one location. Here's what I get on a RHE installation:
    Code:
    locate libclamav | xargs ls -la
    -rw-r--r--    1 root     root       344714 Apr 17 11:55 /usr/local/lib/libclamav.a
    -rwxr-xr-x    1 root     root          746 Apr 17 11:55 /usr/local/lib/libclamav.la
    lrwxrwxrwx    1 root     root           18 Apr 17 11:55 /usr/local/lib/libclamav.so -> libclamav.so.1.0.4
    lrwxrwxrwx    1 root     root           18 Apr 17 11:55 /usr/local/lib/libclamav.so.1 -> libclamav.so.1.0.4
    -rwxr-xr-x    1 root     root       237775 Mar 15 23:24 /usr/local/lib/libclamav.so.1.0.3
    -rwxr-xr-x    1 root     root       241594 Apr 17 11:55 /usr/local/lib/libclamav.so.1.0.4
    But on a Fedora installation (which admittedly does work OK):
    Code:
    locate libclamav | xargs ls -la
    -rw-r--r--  1 root root 572058 Apr 27 09:59 /usr/lib/libclamav.a
    -rwxr-xr-x  1 root root    734 Apr 27 09:59 /usr/lib/libclamav.la
    lrwxrwxrwx  1 root root     18 Apr 27 09:59 /usr/lib/libclamav.so -> libclamav.so.1.0.3
    lrwxrwxrwx  1 root root     18 Apr 27 09:59 /usr/lib/libclamav.so.1 -> libclamav.so.1.0.3
    -rwxr-xr-x  1 root root 301959 Apr 27 09:59 /usr/lib/libclamav.so.1.0.3
    -rw-r--r--  1 root root 751898 Apr 27 10:05 /usr/local/lib/libclamav.a
    -rwxr-xr-x  1 root root    746 Apr 27 10:05 /usr/local/lib/libclamav.la
    lrwxrwxrwx  1 root root     18 Apr 27 10:05 /usr/local/lib/libclamav.so -> libclamav.so.1.0.4
    lrwxrwxrwx  1 root root     18 Apr 27 10:05 /usr/local/lib/libclamav.so.1 -> libclamav.so.1.0.4
    -rwxr-xr-x  1 root root 389697 Mar 18 15:05 /usr/local/lib/libclamav.so.1.0.3
    -rwxr-xr-x  1 root root 395735 Apr 27 10:05 /usr/local/lib/libclamav.so.1.0.4
    It might be work considering removing clamav the libraries from /usr/lib/ (if you have duplicates as above and they're the older ones) and try Mail::ClamAV again.
     
  20. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    In fact, it does appear that with a normal upgrade install of clamav it does install into /usr/local/* instead of /usr/*, so you might want to (be v.careful!):
    Code:
    rm /usr/lib/*clamav*
    rm -R /usr/share/clamav/
    rm /usr/include/clamav.h
    (you can always re-install clamav if this causes any problems)
     
Loading...

Share This Page