SV: Messages in log unseen before.

Steen, Glenn Glenn.Steen at AP1.SE
Wed Jun 15 22:18:39 IST 2005 

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Suspiciously(sp?) regular intervals there... Look into what cronjobs you have running, and since you should be able to figure out when the next should be happening, perhaps try monitoring it closely (top, vmstat, iostat, netstat etc).

I was thinking you could just run the wrapper (as called from within MS) by hand, but perhaps thats not really needed...
The clamavmodule will not have any fork/exec penalty since it calls clamav library functions directly from perl. Well worth a go. But do look at the usual performance measurement tools too.

-- Glenn


-----Ursprungligt meddelande-----
Från:	MailScanner mailing list genom Ken Goods
Skickat:	on 2005-06-15 19:29
Till:	MAILSCANNER at JISCMAIL.AC.UK
Kopia:	
Ämne:	Re: Messages in log unseen before.
Steen, Glenn wrote:

<snip>
 
>> I upgraded clamav to 0.85.1 last Wednesday and I still get these
>> messages: 
>> 
>> Jun 14 08:25:09 gw-mail MailScanner[5408]: Commercial scanner clamav
>> timed out! Jun 14 08:25:09 gw-mail MailScanner[5408]: Virus
>> Scanning: Denial Of Service attack detected! 
>> 
>> I don't remember ever seeing these before and I couldn't find
>> anything with a google or ClamAV site/archive search.
>> 
>> Can anyone give me a clue as to what these are and whether I should
>> be concerned, or are these messages not even generated by
>> MailScanner? (in which case I'll post to the clamav list)
>> 
>> Thanks
>> Ken
>> 
> 
> Is it for every message, or for some? If you run the clamav-wrapper,
> does
> it take an inordinate time to finish?
> 
> -- Glenn

Doesn't seem to be hitting on every message. Seems to happen every 7-9
minutes. 

This output is from: grep timed maillog

Jun 15 03:55:38 gw-mail MailScanner[21501]: Commercial scanner clamav timed
out!
Jun 15 04:02:49 gw-mail MailScanner[21860]: Commercial scanner clamav timed
out!
Jun 15 04:11:14 gw-mail MailScanner[21951]: Commercial scanner clamav timed
out!
Jun 15 04:18:57 gw-mail MailScanner[21757]: Commercial scanner clamav timed
out!
Jun 15 04:27:11 gw-mail MailScanner[22314]: Commercial scanner clamav timed
out!
Jun 15 04:34:09 gw-mail MailScanner[22713]: Commercial scanner clamav timed
out!
Jun 15 04:41:09 gw-mail MailScanner[22838]: Commercial scanner clamav timed
out!
Jun 15 04:48:38 gw-mail MailScanner[23053]: Commercial scanner clamav timed
out!
Jun 15 04:56:26 gw-mail MailScanner[21809]: Commercial scanner clamav timed
out!
Jun 15 05:03:40 gw-mail MailScanner[21383]: Commercial scanner clamav timed
out!
Jun 15 05:10:59 gw-mail MailScanner[22939]: Commercial scanner clamav timed
out!
Jun 15 05:18:03 gw-mail MailScanner[23391]: Commercial scanner clamav timed
out!
Jun 15 05:25:27 gw-mail MailScanner[23304]: Commercial scanner clamav timed
out!
Jun 15 05:32:43 gw-mail MailScanner[23476]: Commercial scanner clamav timed
out!
Jun 15 05:39:52 gw-mail MailScanner[23578]: Commercial scanner clamav timed
out!
Jun 15 05:46:53 gw-mail MailScanner[23618]: Commercial scanner clamav timed
out!
Jun 15 05:54:08 gw-mail MailScanner[23207]: Commercial scanner clamav timed
out!
Jun 15 06:01:39 gw-mail MailScanner[23690]: Commercial scanner clamav timed
out!
Jun 15 06:08:44 gw-mail MailScanner[23801]: Commercial scanner clamav timed
out!
Jun 15 06:15:43 gw-mail MailScanner[23509]: Commercial scanner clamav timed
out!
Jun 15 06:23:17 gw-mail MailScanner[23937]: Commercial scanner clamav timed
out!
Jun 15 06:30:40 gw-mail MailScanner[23100]: Commercial scanner clamav timed
out!
Jun 15 06:38:09 gw-mail MailScanner[24120]: Commercial scanner clamav timed
out!
Jun 15 06:46:33 gw-mail MailScanner[24053]: Commercial scanner clamav timed
out!
Jun 15 06:53:29 gw-mail MailScanner[24387]: Commercial scanner clamav timed
out!
Jun 15 07:00:43 gw-mail MailScanner[23734]: Commercial scanner clamav timed
out!
Jun 15 07:08:18 gw-mail MailScanner[24253]: Commercial scanner clamav timed
out!
Jun 15 07:15:14 gw-mail MailScanner[24756]: Commercial scanner clamav timed
out!
Jun 15 07:23:25 gw-mail MailScanner[24509]: Commercial scanner clamav timed
out!
Jun 15 07:30:57 gw-mail MailScanner[24591]: Commercial scanner clamav timed
out!
Jun 15 07:38:09 gw-mail MailScanner[24948]: Commercial scanner clamav timed
out!
Jun 15 07:46:17 gw-mail MailScanner[25173]: Commercial scanner clamav timed
out!
Jun 15 07:53:19 gw-mail MailScanner[24895]: Commercial scanner clamav timed
out!
Jun 15 08:00:53 gw-mail MailScanner[25077]: Commercial scanner clamav timed
out!
Jun 15 08:08:33 gw-mail MailScanner[24322]: Commercial scanner clamav timed
out!
Jun 15 08:15:59 gw-mail MailScanner[25238]: Commercial scanner clamav timed
out!
Jun 15 08:23:18 gw-mail MailScanner[25485]: Commercial scanner clamav timed
out!
Jun 15 08:30:13 gw-mail MailScanner[25882]: Commercial scanner clamav timed
out!
Jun 15 08:37:57 gw-mail MailScanner[26077]: Commercial scanner clamav timed
out!
Jun 15 08:45:55 gw-mail MailScanner[26174]: Commercial scanner clamav timed
out!
Jun 15 08:53:41 gw-mail MailScanner[26398]: Commercial scanner clamav timed
out!
Jun 15 09:01:20 gw-mail MailScanner[25378]: Commercial scanner clamav timed
out!
Jun 15 09:09:39 gw-mail MailScanner[25703]: Commercial scanner clamav timed
out!
Jun 15 09:17:46 gw-mail MailScanner[26562]: Commercial scanner clamav timed
out!
Jun 15 09:25:20 gw-mail MailScanner[26732]: Commercial scanner clamav timed
out!
Jun 15 09:32:42 gw-mail MailScanner[26904]: Commercial scanner clamav timed
out!
Jun 15 09:40:15 gw-mail MailScanner[27267]: Commercial scanner clamav timed
out!
Jun 15 09:47:31 gw-mail MailScanner[27135]: Commercial scanner clamav timed
out!
Jun 15 09:55:47 gw-mail MailScanner[27448]: Commercial scanner clamav timed
out!
Jun 15 10:04:13 gw-mail MailScanner[25988]: Commercial scanner clamav timed
out!

I can't imagine what would be happening during that timeframe. This all
started a couple weeks ago and at the same time my load went from averaging
.3 to 1-2. I did not make any changes to the system and it has been running
well since the last MailScanner/Spamassassin/ClamAV upgrade a couple months
ago.

MailScanner does use the clamav-wrapper but I can't tell how long clamscan
is taking to complete. Is it more efficient to use the clamavmodule? If so
I'll look into getting it configured and running.

Any insight would be appreciated much.

Thanks,
Ken 


Ken Goods
Network Administrator
AIA Insurance, Inc.
MIS Dept.
111 Main St.
Lewiston, ID 83501
(208)799-9023
http://www.cropusainsurance.com
kgoods at aiainsurance.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list