Jeff Thurston wrote: > > Please forgive my ignorance, I don't use strace very much... > > I assume it is as simple as waiting for the process to get stuck at 100% > again, then 'strace -p <clamd.pid>` and look for... what should I look for?
Yes, pretty much it. You should probably also use the -f (follow) switch to see what the kids are doing, too. You can also learn what files are currently open with lsof. When using these tools it's a good idea to see what the idle clamd is doing as well as what it is doing while processing files so that the results you see have a context. Use vmstat and iostat to see what the cpu and disks are doing before and during one of these events. The idea is to know what things should look like when the system is healthy for comparison for the times it is not. Timing is everything so you should also be aware of what freshclam is doing relative to these lockups. If it happens right after freshclam downloads a new database you can assume there's a relationship, for example. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
