On 2010-09-05 0:00, Chris wrote:
On Sat, 2010-09-04 at 08:42 -0500, Chris wrote:
I'm trying to figure out why I'm having ridiculous scan times such as
the above examples. Lower scan times such as in the 20 second range are
the exception rather than the rule. I'm running bind as a local caching
nameserver and it seems to be working correctly. I've just seen a ham
that has a scantime=172.2. Could there be something else on the system
that is affecting this?
Any advice as to troubleshooting would be appreciated.
I've started SA now with -D
OPTIONS="-d -D -c -H -m 4 --max-conn-per-child=3 --min-children=1"
While looking at my syslog I noticed the following:
Sep 4 16:21:46 localhost spamd[15797]: prefork: periodic ping from
spamd parent
Sep 4 16:21:46 localhost spamd[15800]: prefork: periodic ping from
spamd parent
Sep 4 16:21:46 localhost spamd[15800]: prefork: sysread(9) not ready,
wait max 300 secs
Sep 4 16:21:46 localhost spamd[15797]: prefork: sysread(8) not ready,
wait max 300 secs
I've got the debug output on a ham, just waiting for a spam to come
through then I'll post both to pastebin but the above doesn't look good.
When this is happening my drive light seems to stay on forever and the
system seems close to being unresponsive. Checking cpu usage when this
is happening it stays around 4% for user and 3-4% for system. Link for a
ham - http://pastebin.com/k55D79TL
spam - http://pastebin.com/28qW2nga
"Sep 4 16:32:31 localhost spamd[15797]: ClamAV: invoking
File::Scan::ClamAV, port/socket: /var/lib/clamav/clamd.socket"
You're using the SA ClamAV plugin which isn't the most effcient method
do do AV checks.
There are more efficient methods to interface with Clamd.
You may also want to remove legacy or inneficient rule files.
