Results 1 to 8 of 8

Thread: [SOLVED] about clamscan

  1. #1
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default [SOLVED] about clamscan

    Clamscan seems to be kicking up every so often and burning cpu, even when there are no new messages. Is there a document on how clamscan is being used, exactly?


  2. #2
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default

    Bump? It's still doing exactly this.. pointless cpu expenditure every 85 seconds. I have outsourced antivirus/antispam.. I'd want to turn this off completely. How?

  3. #3
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    zcs doesn't use clamscan, messages are fed to clamd. If you want to disable antivirus/antispam just turn the services off.

    if clamscan is running i'd check for other services installed other then zimbra that are starting it. perhaps you have a crontab entry that is scanning the local filesystem every 85 seconds.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #4
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default no, it's zimbra

    Thanks for your response.

    Here's one of the processes.. about every 85 seconds it spawns 3 or 4 processes, some of which seem to be fairly compute-intensive.

    Code:
    zimbra    4783 64.6  1.4 498164 30552 ?        Rl   15:52   0:01 /opt/zimbra/jav
    a/bin/java -client -Xmx256m -Dzimbra.home=/opt/zimbra -Djava.library.path=/opt/z
    imbra/lib -Djava.ext.dirs=/opt/zimbra/java/jre/lib/ext:/opt/zimbra/lib/jars:/opt
    /zimbra/lib/ext-common:/opt/zimbra/lib/ext/clamscanner com.zimbra.cs.account.Pro
    vUtil -l gs goose.intranet.seamanpaper.com
    I might also note that this system is ripping through process ids at an insane rate. There is nothing other than zimbra running on it.

    How/where would one specify that clamd be disabled? And is there any document on this?
    Last edited by dreamgear; 08-19-2009 at 01:08 PM.

  5. #5
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    None of these have anything to do with virus scanning (ie clamd). They are part of the zmmtaconfig daemon that checks for config changes and rewrites configuration files. You can change the interval from 60 seconds to 5 minutes which will reduce the load on your box.

    Code:
    zmlocalconfig -e zmmtaconfig_interval=300
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default

    These? There was only one process listed. I may have edited it after you looked at it if you're getting them by email.

    It adds /opt/zimbra/lib/ext/clamscanner to ext.dirs so I figured it was safe to say it had something to do with the scanner.

    What you say makes sense but how is it that computationally expensive to re-write config files? This is pretty scary.

  7. #7
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default

    Changing the zmmtaconfig_interval did "solve" the problem. But I am not at all happy that it burns 60% of a 3.2Ghz Xeon for several seconds every time it has to rewrite its config files. That's pretty horrible.

  8. #8
    Join Date
    Jul 2009
    Posts
    34
    Rep Power
    6

    Default

    BTW, running process accounting for a few days was instructive. Zimbra runs "grep" almost two thousand times an hour, and this is with the zmmtaconfig_interval set to 10 minutes.

    I generally like unix-ish implementations but something tells me you could optimize the hell out of this thing.

Similar Threads

  1. SaneSecurity :: winnow Exploit Detection Signatures
    By uxbod in forum Administrators
    Replies: 3
    Last Post: 04-01-2009, 04:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •