On Sat, 11 Aug 2007, [EMAIL PROTECTED] wrote: > -- [EMAIL PROTECTED] said the following on 8/9/07 2:25 PM: >> I don't know if this might be pertinent. For a while on one Solaris 10 >> (x86) box the load has been fine. Just recently the following change was >> made to amavisd-new: >> >> @keep_decoded_original_maps = (new_RE( >> qr'^MAIL$', # retain full original message for virus checking (can >> be slow) >> >> >> Just now the clamd process on that box seemed to totally lock up. I had >> to do a 'kill -9' to get rid of it. Commented out that '^MAIL$' line >> above and have restarted things. We'll see how that goes. > > I guess that wasn't a factor. Things got hung up again and had to kill > it. Looks like I'm going to have to drop back to clamav-0.88.7. How do I > go back to the old fashioned sig files rather than these incremental > updates?
Sorry for all the replies to myself, but don't know if any of this info might be helpful. I thought I'd try to keep 0.91.1 going, and if it hosed again, run a dtrace (at least the dtruss script from the DTraceToolkit) to see what was going on. It hung again, but I don't know if any of this output is of any use. I saw a ton of lwp_park calls and nothing really else. Like this: PID/LWP RELATIVE ELAPSD CPU SYSCALL(args) = return 28211/9: 15801088 476 2 lwp_park(0x1, 0x2, 0xFEC294D0) = 0 0 28211/9: 15801898 8 2 lwp_park(0x1, 0x6, 0xFEC294D0) = 0 0 28211/9: 15802229 7 1 lwp_park(0x1, 0x6, 0xFEC294D0) = 0 0 28211/9: 15803729 14 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15806020 7 2 lwp_park(0x1, 0xA, 0xFEC294D0) = 0 0 28211/9: 15807994 12 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451872 7 1 lwp_park(0x1, 0x6, 0xFEC294D0) = 0 0 28211/9: 15807998 30 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451881 6 0 lwp_park(0x1, 0x9, 0xFEC294D0) = 0 0 28211/9: 15808001 30 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808005 13 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808009 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808013 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808017 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808021 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808025 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808028 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/2: 7733023 6 0 lwp_park(0x1, 0x9, 0xFEC294D0) = 0 0 28211/9: 15808032 30 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451884 200 1 yield(0x83B041B0, 0x1C3, 0x0) = 0 0 28211/9: 15808036 16 1 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808040 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808044 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451899 7 1 lwp_park(0x1, 0xA, 0xFEC294D0) = 0 0 28211/9: 15808048 28 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451907 6 0 lwp_park(0x1, 0x9, 0xFEC294D0) = 0 0 28211/9: 15808052 28 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/2: 7733026 160 1 yield(0x818636D0, 0x1C3, 0x0) = 0 0 28211/9: 15808055 16 1 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15808059 11 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/9: 15809465 13 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/2: 7733040 5 0 lwp_park(0x1, 0x9, 0xFEC294D0) = 0 0 28211/9: 15809468 28 2 lwp_park(0x0, 0x0, 0x0) = 0 0 28211/5: 8451910 1525 1 yield(0x83B041B0, 0x1C3, 0x0) = 0 0 Just that over and over again. What signal do I send to force a core dump? I forgot. I suppose that would have been more useful. Oh well. When I ran a dtruss while it was OK, I noticed there would be a flurry of these lwp_park around the accept call, but I'm guessing that's simply because the process did a context switch while waiting for more traffic from the network. Amos _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
