SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000943: clamd and havp services using 100% CPU - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000943Endian FirewallOther Servicespublic2008-06-12 17:232008-10-08 13:30
Reporterjenea 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.1.2 
Target VersionFixed in Version2.2-rc3 
Customer Importance
Customer Occurrences
Queue
Summary0000943: clamd and havp services using 100% CPU
Descriptionjust installed the Endian.. on 1Ghz 256 ram....

Configured via gui such features as : dhcp server, proxy server with antivirus. Opened some ports (rdp,etc).
Connected a host, it wokred ok for about 30 minutes. And after that the connection with the internet was slowing down and then totally froze.....ping yahoo.com was ok.....

after I sshed into the firewall and did the top command it showed me that theses two (havp and clamd) were using 99% of the cpu... even though that there was no traffic at all.....

I just started to play with this product few days ago.. it worked ok in wmware...any suggestions?
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2008-06-12 17:23jeneaNew Issue
2008-06-13 14:01jeneaNote Added: 0001308
2008-06-25 13:58raphael-endianNote Added: 0001367
2008-06-25 13:58raphael-endianStatusnew => feedback
2008-06-30 10:21yxcvNote Added: 0001386
2008-06-30 10:21yxcvNote Edited: 0001386
2008-06-30 10:21yxcvNote Edited: 0001386
2008-07-05 00:15clauritaNote Added: 0001416
2008-07-05 00:16clauritaNote Edited: 0001416
2008-07-14 13:45yxcvNote Added: 0001439
2008-07-29 14:07yxcvNote Added: 0001477
2008-07-29 17:29peter-endianNote Added: 0001478
2008-07-29 17:29peter-endianStatusfeedback => resolved
2008-07-29 17:29peter-endianFixed in Version => 2.2-rc3
2008-07-29 17:29peter-endianResolutionopen => fixed
2008-07-29 17:29peter-endianAssigned To => peter-endian
2008-10-08 13:30peter-endianStatusresolved => closed

Notes
(0001308)
jenea   
2008-06-13 14:01   
added more memory..... replaced the hardrive ...... (not related though)....reinstalled the firewall.....

- again after the configuration (DHCP, proxy with antivirus).... the cpu goes to 100%.....

- another issue is that both times the squid service failed during the boot (the firewall stopped at "starting the squid".... and the only way to proceed was to use CTRL+C).......

Both times i didn't do any changes manually in the CLI.... everything was done via GUI.....

suggestions?!
(0001367)
raphael-endian   
2008-06-25 13:58   
Please check with Endian Firewall 2.2
(0001386)
yxcv   
2008-06-30 10:21   
have also 1GHz CPU with 256MB Ram with an 2.1.2 running here.

System isn't really frozen, but blocks http-proxytraffic by (re-)starting or update signatures of clamd.

need ~ 2 hrs of time for this procedure. (see it in systemdiagrams every day - daily update of clamd signatures)

adding additional 512MB of RAM "speed" it up a half hour ... so see every day just 1,5 hrs 100% CPU usage by update.

I wait for rc2 to make an update of the system. then i can give another feedback.
(0001416)
claurita   
2008-07-05 00:15   
I had the same problem after updating the signatures.
I resolved upgrading to 0.93.1 thanks to the rpms of Mike.
This is the script I used
The --nodeps is necessary as the perl-Mail still has a reference to a previous version of libclamav

#! /bin/sh
cp /etc/init.d/clamd /etc/init.d/clamd.old
rpm -Uhv --force --nodeps \
http://www.stellarcore.net/downloads/efw2-updates/clamav-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/clamav-db-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/clamav-devel-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/havp-0.88-1.endian8.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-0.20-1.endian0.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-extras-0.20-1.endian0.i386.rpm [^] \
cp /etc/init.d/clamd.old /etc/init.d/clamd
#-------------------------------------------------

You have to change the /etc/clamav/clamd.conf.tmpl and /etc/clamav/clamd.conf
The conf may be written automatically changing something in clamav configuration after modifying the template.
This is my new tmpl

##---------------------------------
LogTime yes

LogSyslog yes
LogFacility LOG_LOCAL4
LogFileMaxSize 2M

AllowSupplementaryGroups yes
TemporaryDirectory /tmp
LocalSocket /tmp/clamd
FixStaleSocket yes
TCPAddr 127.0.0.1
TCPSocket 3310
MaxConnectionQueueLength 30
StreamMaxLength 20M
MaxThreads 10
SelfCheck 600
User clamav
ScanPE yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanMail yes
ScanHTML yes
ScanArchive yes
#MailMaxRecursion 64
PhishingSignatures yes
MaxFileSize ${ARCHIVE_MAXFILESIZE}M
MaxRecursion ${ARCHIVE_MAXRECURSION}
MaxFiles ${ARCHIVE_MAXFILES}
PidFile /var/run/clamav/clamd.pid

#if $ARCHIVE_BLOCK_ENCRYPTED == 'on'
ArchiveBlockEncrypted True
#end if
##---------------------------------------

Claudio
(0001439)
yxcv   
2008-07-14 13:45   
Claudio's Tip doesn't solves it on my machine.

So I wait for rc2.

It's not urgent for me because the updatecycle is early in the morning when I'm sleep.

greetz
(0001477)
yxcv   
2008-07-29 14:07   
the problem does not exist anymore in 2.2rc2 on my system
(0001478)
peter-endian   
2008-07-29 17:29   
great
thank you for checking!