Mark Pizzolato wrote: > I believe his app is timing out, and that is probably a good thing. > In clamav 0.83 the behavior of clamd would cause long delays when a > database reload was needed. > > See > http://article.gmane.org/gmane.comp.security.virus.clamav.devel/1646/match=less+stressful
Mark,
Thanks for this - I've got an idea what's going on.
[.. explaination of behavior of client app and clamd]
So....
Remember the (**) from above? For me, this marks Clam's weak point in the whole scheme, because the client has no way to indicate to Clam that it doesn't want the scan to complete. Clam will blindly issue the PORT response and then wait for activity on that port.
I suggest two fixes that should be easy enough to work in. First, the result of the write(...) in mdprintf (output.c) is not checked. If that was checked, and the PORT response was seen to fail, then the thread would know that it could abandon the scan and carry on with the next request.
That check would be a good idea. It should be implemented.
However, I think that, in general, it won't happen very often once the
thread pool doesn't have to be throttled back to load a new database (i.e how
the latest code behaves).
Similarly, before even issuing the PORT response the thread could check the connection to see if it is still open (I think that setting non-blocking I/O, reading 1 byte, and checking the result will do this - if you get a zero back, indicating EOF, then it's closed, otherwise you'll get EAGAIN indicating that the connection is still valid. But I may be wrong.) and, if not, abandon the scan. This would avoid the thread spending time waiting for a response that is guaranteed never to arrive, and will allow much better throughput under load.
I think that the first check will be sufficient to detect the delayed & abandoned
condition, since if the client has closed the connection, the above mdprintf will
fail. There is essentially 0 time delay between the mdwrite and this test.
- Mark Pizzolato
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
