On 2009-03-04 21:53, Jose-Marcio Martins da Cruz wrote: > Török Edwin wrote: > >> On 2009-03-04 19:44, Dennis Peterson wrote: >> > > >>>> >>>> >>> Is there not a "nice" way to do this? >>> >> 0.95rc1 does reload "nicer", in the sense that it accepts new >> connections while reloading the DB. >> Reloading the database should take about a second. Using anything less >> than 100% CPU wouldn't be possible, it would just make loading the >> database longer. >> > > Maybe I'm not interpreting this as it would... > > This is a Sun T2000 8 cores, with 8 GB memory. So, this isn't a very > small computer. > > From clamd logs, I have this. > > Wed Mar 4 11:59:36 2009 -> SelfCheck: Database modification detected. > Forcing reload. > Wed Mar 4 11:59:36 2009 -> Reading databases from /opt/clamav/db > Wed Mar 4 11:59:51 2009 -> Database correctly reloaded (514191 signatures) > Wed Mar 4 11:59:51 2009 -> WARNING: lstat() failed on: > /var/spool/jchkmail/49AE5F17.000.0000 >
Was your clamd heavily loaded at that time? How long does this take: $ time clamscan /dev/null It takes 0.68 seconds here (Intel Core 2 Quad Q9550 @2.83 Ghz). It also depends if you've got a .cvd or .cld file, .cld files are uncompressed, hence they load faster. Here's how long it takes to load .cvd: 1.2s On a Solaris10/sparc box (UltraSPARC-IIi 440Mhz) it takes 18s. > So, between 11:59:36 and 11:59:51, there are 17 seconds, and not 1 second. > > The next line, is interesting too - the one with a "lstat() failed". > That means : the clamd client (a milter) connected to clamd and wait 10 > seconds for an answer and gave up, removing the spool file. clamd in > fact accepted the connection, but when it tried to handle it, more than > 10 seconds later, it was too late and the file wasn't there any more. > > So, if I understood, clamd accept connections while reloading the > database, but handle them later. > 0.94.2 didn't accept new connections during a DB reload (they went into the TCP connection backlog), 0.95rc1 accepts new connections during the DB reload, but doesn't process the commands only after the DB has reloaded. However with 0.95rc1 clients shouldn't time out (since the connection was accepted), unless the client itself has a builtin timeout mechanism (clamdscan doesn't, it relies on TCP timeouts). Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
