EFW Support

I was looking into our firewall and clamav was sitting at the top of the top command continuously.

It was basically sending my CPU into 100% usage.

Is this happening to anyone else?

I have no idea what triggered it.

We're on EFW 3.2.0 alpha 1.

I started getting errors that my firewall was being reconfigured, and then I started getting ICAP protocol errors while trying to browse.

I had to restart the firewall.

Is any of this happening to anyone else?


Thanks.

Oh yeah, it's definitely crazy, in ntop it's sitting at the top eating up 74+% of the CPU.

I've disabled it from Proxy-Web Filter-Default Policy but it's still there.

If I kill it, it just comes back. If I reboot the firewall, it comes back again, eating up all of my CPU.

Why isn't this thing in the Services tab so that I could just turn it off????

How DO I turn it off? (aside from the default policy above, which only disables the scanning via the policy, but does not actually turn the processes of the antivirus off)

(Again, I'd love to share a screenshot with you guys, but the attachment directory on the server hosting this forum is still not writable to.)

This is so weird, I seem to only be allowed to edit my replies once.

In terms of the services tab, I meant a kill-switch for the antivirus, as there isn't one at the moment at all actually.

Wow, a miracle.

10 minutes later the porcess actually decided to finally shut down by itself.

Does it take that long for it to realize that it's no longer needed as per the web filtering policy?

And why did it keep coming back up from the dead when I used the kill switch with signal 15 in the top utility inside the web cli?

Well, I spoke to soon, it came back yet again, eating up all of my CPU.

Could someone please tell me how to completely disable it so that it doesn't start up by itself anymore?

I just want it off, why hasn't such a switch been placed in the UI already?

And now it closed again, all by itself without me or someone else doing anything, unless we've been hacked into, as I've seen a message at one point saying that our firewall is being reconfigured, when I'm actually the only one managing this firewall and I wasn't even logged in at all.

Could anyone please tell me why this is happening???

I never used antivirus on Endian, it's always a resource hog and speed down websurfing a lot. You need to remove it from http proxy, and on Service-Antivirus Engine reduce all values to 1 or 0 (the minimum value it lets you).
Besides that C-icap (the HTTP proxy) on default 3.0.5 was also broken, it uses less resources so web surfing became unresponsive. You need to tweak it to add more resources (it's somewhere on the forum).

Unfortunately Endian Firewall Community have many issues like that. It doesn't work correctly right under the box, you need to tweak it a lot to have it stable.

I know how to disable it, and I have, but not having it really makes the EFW less of an UTM if you know what I mean...