SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000943: clamd and havp services using 100% CPU - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000943Endian FirewallOther Servicespublic2008-06-12 17:232008-10-08 13:30
Reporterjenea 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.1.2 
Target VersionFixed in Version2.2-rc3 
Summary0000943: clamd and havp services using 100% CPU
Descriptionjust installed the Endian.. on 1Ghz 256 ram....

Configured via gui such features as : dhcp server, proxy server with antivirus. Opened some ports (rdp,etc).
Connected a host, it wokred ok for about 30 minutes. And after that the connection with the internet was slowing down and then totally froze.....ping yahoo.com was ok.....

after I sshed into the firewall and did the top command it showed me that theses two (havp and clamd) were using 99% of the cpu... even though that there was no traffic at all.....

I just started to play with this product few days ago.. it worked ok in wmware...any suggestions?
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001308)
jenea (reporter)
2008-06-13 14:01

added more memory..... replaced the hardrive ...... (not related though)....reinstalled the firewall.....

- again after the configuration (DHCP, proxy with antivirus).... the cpu goes to 100%.....

- another issue is that both times the squid service failed during the boot (the firewall stopped at "starting the squid".... and the only way to proceed was to use CTRL+C).......

Both times i didn't do any changes manually in the CLI.... everything was done via GUI.....

suggestions?!
(0001367)
raphael-endian (administrator)
2008-06-25 13:58

Please check with Endian Firewall 2.2
(0001386)
yxcv (reporter)
2008-06-30 10:21
edited on: 2008-06-30 10:21

have also 1GHz CPU with 256MB Ram with an 2.1.2 running here.

System isn't really frozen, but blocks http-proxytraffic by (re-)starting or update signatures of clamd.

need ~ 2 hrs of time for this procedure. (see it in systemdiagrams every day - daily update of clamd signatures)

adding additional 512MB of RAM "speed" it up a half hour ... so see every day just 1,5 hrs 100% CPU usage by update.

I wait for rc2 to make an update of the system. then i can give another feedback.

(0001416)
claurita (reporter)
2008-07-05 00:15
edited on: 2008-07-05 00:15

I had the same problem after updating the signatures.
I resolved upgrading to 0.93.1 thanks to the rpms of Mike.
This is the script I used
The --nodeps is necessary as the perl-Mail still has a reference to a previous version of libclamav

#! /bin/sh
cp /etc/init.d/clamd /etc/init.d/clamd.old
rpm -Uhv --force --nodeps \
http://www.stellarcore.net/downloads/efw2-updates/clamav-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/clamav-db-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/clamav-devel-0.93.1-0.endian5.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/havp-0.88-1.endian8.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-0.20-1.endian0.i386.rpm [^] \
http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-extras-0.20-1.endian0.i386.rpm [^] \
cp /etc/init.d/clamd.old /etc/init.d/clamd
#-------------------------------------------------

You have to change the /etc/clamav/clamd.conf.tmpl and /etc/clamav/clamd.conf
The conf may be written automatically changing something in clamav configuration after modifying the template.
This is my new tmpl

##---------------------------------
LogTime yes

LogSyslog yes
LogFacility LOG_LOCAL4
LogFileMaxSize 2M

AllowSupplementaryGroups yes
TemporaryDirectory /tmp
LocalSocket /tmp/clamd
FixStaleSocket yes
TCPAddr 127.0.0.1
TCPSocket 3310
MaxConnectionQueueLength 30
StreamMaxLength 20M
MaxThreads 10
SelfCheck 600
User clamav
ScanPE yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanMail yes
ScanHTML yes
ScanArchive yes
#MailMaxRecursion 64
PhishingSignatures yes
MaxFileSize ${ARCHIVE_MAXFILESIZE}M
MaxRecursion ${ARCHIVE_MAXRECURSION}
MaxFiles ${ARCHIVE_MAXFILES}
PidFile /var/run/clamav/clamd.pid

#if $ARCHIVE_BLOCK_ENCRYPTED == 'on'
ArchiveBlockEncrypted True
#end if
##---------------------------------------

Claudio

(0001439)
yxcv (reporter)
2008-07-14 13:45

Claudio's Tip doesn't solves it on my machine.

So I wait for rc2.

It's not urgent for me because the updatecycle is early in the morning when I'm sleep.

greetz
(0001477)
yxcv (reporter)
2008-07-29 14:07

the problem does not exist anymore in 2.2rc2 on my system
(0001478)
peter-endian (administrator)
2008-07-29 17:29

great
thank you for checking!

- Issue History
Date Modified Username Field Change
2008-06-12 17:23 jenea New Issue
2008-06-13 14:01 jenea Note Added: 0001308
2008-06-25 13:58 raphael-endian Note Added: 0001367
2008-06-25 13:58 raphael-endian Status new => feedback
2008-06-30 10:21 yxcv Note Added: 0001386
2008-06-30 10:21 yxcv Note Edited: 0001386
2008-06-30 10:21 yxcv Note Edited: 0001386
2008-07-05 00:15 claurita Note Added: 0001416
2008-07-05 00:16 claurita Note Edited: 0001416
2008-07-14 13:45 yxcv Note Added: 0001439
2008-07-29 14:07 yxcv Note Added: 0001477
2008-07-29 17:29 peter-endian Note Added: 0001478
2008-07-29 17:29 peter-endian Status feedback => resolved
2008-07-29 17:29 peter-endian Fixed in Version => 2.2-rc3
2008-07-29 17:29 peter-endian Resolution open => fixed
2008-07-29 17:29 peter-endian Assigned To => peter-endian
2008-10-08 13:30 peter-endian Status resolved => closed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker