On Fri, 20 Apr 2018, Chris Conn wrote:
Yeah, because 3.4.x implements maxhits.
So, should I disable the __GENERATE_LEADS family for < 3.4.0? I suspect it
would be prudent, but I am surprised the other tflags=multiple rules aren't
also problematic in the same manner...
Hello,
I don`t think I am in a position to comment on where to go from here for SA <
3.4.0 .
Ugh, I was unclear there. That was a general question directed at the list
members.
I am just glad I found the cause and was able to find and share a
workaround and findings to the mailing list.
Agreed, thanks!
This is perhaps one of many loops, I would have to check other emails;
however, over the last 2-3 weeks, we have noted that SA started to become a
huge memory and cpu hog, with a growing number of timeouts in emails not
completing within 300 seconds of scan and also occasionally servers running
out of RAM; this could be coincidence, or new rules in the sa-update?
Given your findings, I kinda suspect *all* of the tflags=multiple rules
are misbehaving from time to time under 3.3.1 - the compiled code may be
getting into an infinite loop somehow if the number if *real* hits on the
rule exceeds some value - I note there were 17 hits on "your business"
there.
In any case, here without Rule2XBody I am able to operate until I can
get 3.4.x deployed.
Please let us know whether that improves your *overall* memory/cpu hogging
and timeout problems.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
[For Earth Day] Obama flew a 747 all the way to the Everglades
then rode in a massive SUV motorcade to tell you
to cut carbon emissions. -- Twitter satirist @hale_razor
-----------------------------------------------------------------------
2 days until Earth Day
