Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 01:30:45 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Clamav eating up CPU
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Clamav eating up CPU  (Read 19307 times)
escotland
Full Member
***
Offline Offline

Posts: 23


« on: Wednesday 09 March 2016, 05:19:31 am »

I was looking into our firewall and clamav was sitting at the top of the top command continuously.

It was basically sending my CPU into 100% usage.

Is this happening to anyone else?

I have no idea what triggered it.

We're on EFW 3.2.0 alpha 1.

I started getting errors that my firewall was being reconfigured, and then I started getting ICAP protocol errors while trying to browse.

I had to restart the firewall.

Is any of this happening to anyone else?


Thanks.
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #1 on: Wednesday 09 March 2016, 05:47:50 am »

Oh yeah, it's definitely crazy, in ntop it's sitting at the top eating up 74+% of the CPU.

I've disabled it from Proxy-Web Filter-Default Policy but it's still there.

If I kill it, it just comes back. If I reboot the firewall, it comes back again, eating up all of my CPU.

Why isn't this thing in the Services tab so that I could just turn it off?Huh

How DO I turn it off? (aside from the default policy above, which only disables the scanning via the policy, but does not actually turn the processes of the antivirus off)

(Again, I'd love to share a screenshot with you guys, but the attachment directory on the server hosting this forum is still not writable to.)
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #2 on: Wednesday 09 March 2016, 05:51:29 am »

This is so weird, I seem to only be allowed to edit my replies once.

In terms of the services tab, I meant a kill-switch for the antivirus, as there isn't one at the moment at all actually.
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #3 on: Wednesday 09 March 2016, 05:55:34 am »

Wow, a miracle.

10 minutes later the porcess actually decided to finally shut down by itself.

Does it take that long for it to realize that it's no longer needed as per the web filtering policy?

And why did it keep coming back up from the dead when I used the kill switch with signal 15 in the top utility inside the web cli?
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #4 on: Wednesday 09 March 2016, 06:02:28 am »

Well, I spoke to soon, it came back yet again, eating up all of my CPU.

Could someone please tell me how to completely disable it so that it doesn't start up by itself anymore?

I just want it off, why hasn't such a switch been placed in the UI already?
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #5 on: Wednesday 09 March 2016, 06:21:18 am »

And now it closed again, all by itself without me or someone else doing anything, unless we've been hacked into, as I've seen a message at one point saying that our firewall is being reconfigured, when I'm actually the only one managing this firewall and I wasn't even logged in at all.

Could anyone please tell me why this is happening???
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #6 on: Friday 11 March 2016, 02:50:54 am »

I never used antivirus on Endian, it's always a resource hog and speed down websurfing a lot. You need to remove it from http proxy, and on Service-Antivirus Engine reduce all values to 1 or 0 (the minimum value it lets you).
Besides that C-icap (the HTTP proxy) on default 3.0.5 was also broken, it uses less resources so web surfing became unresponsive. You need to tweak it to add more resources (it's somewhere on the forum).

Unfortunately Endian Firewall Community have many issues like that. It doesn't work correctly right under the box, you need to tweak it a lot to have it stable.
Logged
escotland
Full Member
***
Offline Offline

Posts: 23


« Reply #7 on: Friday 11 March 2016, 07:34:48 pm »

I know how to disable it, and I have, but not having it really makes the EFW less of an UTM if you know what I mean...

I never used antivirus on Endian, it's always a resource hog and speed down websurfing a lot. You need to remove it from http proxy, and on Service-Antivirus Engine reduce all values to 1 or 0 (the minimum value it lets you).
Besides that C-icap (the HTTP proxy) on default 3.0.5 was also broken, it uses less resources so web surfing became unresponsive. You need to tweak it to add more resources (it's somewhere on the forum).

Unfortunately Endian Firewall Community have many issues like that. It doesn't work correctly right under the box, you need to tweak it a lot to have it stable.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com