Hosting Provided By

Re: [Clamav-users] 0.91 - high load under solaris

From: <clamav-users(at)utdallas.edu>
Date: Mon Sep 03 2007 - 18:08:24 EDT

Ian G Batten said the following on 9/3/07 10:50 AM: > On 30 Aug 2007, at 21:40, clamav-users@utdallas.edu wrote: >
>> On Thu, 30 Aug 2007, clamav-users@utdallas.edu wrote:
>>
>>> I'm noticing hang issues again with 0.91.2 on Solaris 10 x86. It
>>> doesn't
>>> appear to be associated with a particularly malformed message because
>>> when it starts hanging, if I restart it, things resume normally for a
>>> while. The incoming queue clears out.
>> Here's some more.
>>
>> [Switching to Thread 1 (LWP 1)]
>> 0xfebf0857 in _so_accept () from /lib/libc.so.1
>> (gdb) thread apply all bt
>>
>> Thread 22 (Thread 39 ):
>> #0 0xfebf047b in __lwp_park () from /lib/libc.so.1
>> #1 0xfebe9463 in mutex_lock_queue () from /lib/libc.so.1
>> #2 0xfebe9cff in slow_lock () from /lib/libc.so.1
>> #3 0xfebe9df5 in mutex_lock_impl () from /lib/libc.so.1
>> #4 0xfebe9f01 in pthread_mutex_lock () from /lib/libc.so.1
>> #5 0xfeb92f1d in malloc () from /lib/libc.so.1
>> #6 0xfebb400d in match_re_C () from /lib/libc.so.1
>> #7 0xfebb50e2 in match_re_C () from /lib/libc.so.1
>> #8 0xfebb5359 in match_re_C () from /lib/libc.so.1
> > Same problem I saw. The regexp built by the PhishingScanURLs option > appears to upset the Solaris regexp library, but not the Linux or OSX > versions. I've got a more serious look at the problem on my list of > jobs to do, but for now I just turned the option off.

I'm not sure why, but when I commented out the qr'^MAIL$' below, the problem went away. Hasn't reappeared since. Perhaps that option is only called when the full message is scanned? How are you calling clamd?

@keep_decoded_original_maps = (new_RE(

    qr'^MAIL$', # retain full original message
    qr'^MAIL-UNDECIPHERABLE$',
    qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip

));

Since I'm using amavisd-new, as Bill Landry stated I could always try $bypass_decode_parts=1 and leave the qr'^MAIL$' thing commented out. The downside, though, is that I couldn't do attachment / file type blocking using amavisd-new. So for now I have qr'^MAIL$' commented out and things seem to be stable.

Amos

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Received on Mon Sep 3 18:09:27 2007

This message: [ Message body ]
Next message: clamav-users(at)utdallas.edu: "Re: [Clamav-users] 0.91 - high load under solaris"
Previous message: Ian G Batten: "Re: [Clamav-users] 0.91 - high load under solaris"
In reply to: Ian G Batten: "Re: [Clamav-users] 0.91 - high load under solaris"
Next in thread: Kyle Lanclos: "Re: [Clamav-users] 0.91 - high load under solaris"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 07:57:00 EDT