Re: untote f-prots über amavis
Hallo Werner, hallo Liste,
Werner Detter schrieb:
...
Hi Andre,
ganz spontan würd ich dir dazu raten, amavis mal im Debug-Modus auf der
Kommandozeile
zu starten (/usr/sbin/amavisd-new debug).
s.u. den Debug-Output, mittlerweile habe ich auch gefunden, das amavis
ein eigenes Logfile in /var/log hat.
Beide Virenscanner, f-prot primär, clamscan sekundär werden ohne
Probleme erkannt (Output im letzten Viertel), das war aber auch vorher
so. Man sieht auch, dass 2 Children gebildet werden, bis hierhin nichts
Verdächtiges.
Nach längerem Warten taucht dann aber erst ein, dann zwei
f-prot-Prozesse auf:
15430 amavis 19 0 2404 1080 916 R 23.7 0.1 3:04.21 f-prot
17456 amavis 25 0 2404 1080 916 R 23.7 0.1 0:31.26 f-prot
der Debug-Output verlängert sich um einige Einträge, dann kommt:
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Checking:
<mysql-de-return-994-a.bischof=gmx.net@lists.mysql.com> ->
<frisco@localhost>
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_acl:
key="frisco@localhost", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_acl:
key="frisco@localhost", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Extracting mime
components
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Issued a new file
name: part-00001
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) mime_decode:
Content-type: text/plain, name:
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Charging 944 bytes
to remaining quota 1448500 (out of 1448500, (0%)) - by mime_decode
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) prolong_timer after
mime_decode-1: remaining time = 300 s
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Checking for banned
MIME types and names
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) check_for_banned -
mime-type: text/plain
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_RE:
key="text/plain", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_acl:
key="frisco@localhost", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) decode_parts:
level=1, #parts=1 : part-00001
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) run_command:
[17455] /usr/bin/file
/var/lib/amavis/amavis-20051012T124044-15408/parts/part-00001 </dev/null
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) File-type of
part-00001: ISO-8859 text; (.txt)
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_acl:
key="frisco@localhost", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Checking for banned
(contents-based) file types, 1 parts
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) check_for_banned
(part-00001) - file type: .txt
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_RE:
key=".txt", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) check_for_banned
(part-00001) - file type: ISO-8859 text
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_RE:
key="ISO-8859 text", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) decompose_part:
part-00001 - atomic
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) prolong_timer after
decoding: remaining time = 300 s
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) lookup_RE:
key="MAIL", no match
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) Using FRISK F-Prot
Antivirus: /usr/bin/f-prot -dumb -archive -packed
/var/lib/amavis/amavis-20051012T124044-15408/parts
Oct 12 12:40:44 linux amavisd-new[15408]: (15408-01) run_command:
[17456] /usr/bin/f-prot -dumb -archive -packed
/var/lib/amavis/amavis-20051012T124044-15408/parts </dev/null 2>&1
hier entstehen die beiden f-prot-Prozesse (s.a. obige letzten beiden
Zeilen), der Aufruf an sich ist aber doch unproblematisch, oder?
Immer noch keine Ahnung, was da schief läuft :( Jedenfalls verschwinden
die Prozesse nicht und verbrauchen ganz schön viel Leistung, merkwürdig.
Der Load steigt dabei auf ~3.5, und das bei einem AMD64 3200 mit 1 GB RAM.
Weitere Tipps?
Wenn dir das keine weiteren
Hinweise gibt,
ggf. mal die einzelnen Prozesse von amavis tracen (->strace).
du meinst "strace -e open /usr/sbin/amavis" oder was meinst du mit "die
einzelnen Prozesse"?
Viele Grüße
André
root@linux:/etc/amavis# /usr/sbin/amavisd-new -c
/etc/amavis/amavisd.conf_f-prot-aktiv debug
Oct 12 12:26:08 linux amavisd-new[15406]: starting. amavisd-new at
linux amavisd-new-20030616-p10, Unicode aware
Oct 12 12:26:08 linux amavisd-new[15406]: Perl version
5.008007
Oct 12 12:26:08 linux amavisd-new[15406]: Module Amavis::Conf 1.15
Oct 12 12:26:08 linux amavisd-new[15406]: Module Archive::Tar 1.26
Oct 12 12:26:08 linux amavisd-new[15406]: Module Archive::Zip 1.14
Oct 12 12:26:08 linux amavisd-new[15406]: Module Compress::Zlib 1.34
Oct 12 12:26:08 linux amavisd-new[15406]: Module Convert::TNEF 0.17
Oct 12 12:26:08 linux amavisd-new[15406]: Module Convert::UUlib 1.051
Oct 12 12:26:08 linux amavisd-new[15406]: Module DB_File 1.811
Oct 12 12:26:08 linux amavisd-new[15406]: Module MIME::Entity 5.417
Oct 12 12:26:08 linux amavisd-new[15406]: Module MIME::Parser 5.417
Oct 12 12:26:08 linux amavisd-new[15406]: Module MIME::Tools 5.417
Oct 12 12:26:08 linux amavisd-new[15406]: Module Mail::Header 1.62
Oct 12 12:26:08 linux amavisd-new[15406]: Module Mail::Internet 1.62
Oct 12 12:26:08 linux amavisd-new[15406]: Module Mail::SpamAssassin
3.000004
Oct 12 12:26:08 linux amavisd-new[15406]: Module Net::Cmd 2.26
Oct 12 12:26:08 linux amavisd-new[15406]: Module Net::SMTP 2.29
Oct 12 12:26:08 linux amavisd-new[15406]: Module Net::Server 0.87
Oct 12 12:26:08 linux amavisd-new[15406]: Module Time::HiRes 1.66
Oct 12 12:26:08 linux amavisd-new[15406]: Module Unix::Syslog 0.100
Oct 12 12:26:08 linux amavisd-new[15406]: Found myself:
/usr/sbin/amavisd-new -c /etc/amavis/amavisd.conf_f-prot-aktiv
Oct 12 12:26:08 linux amavisd-new[15406]: Lookup::SQL code NOT loaded
Oct 12 12:26:08 linux amavisd-new[15406]: Lookup::LDAP code NOT loaded
Oct 12 12:26:08 linux amavisd-new[15406]: AMCL-in protocol code NOT loaded
Oct 12 12:26:08 linux amavisd-new[15406]: SMTP-in protocol code loaded
Oct 12 12:26:08 linux amavisd-new[15406]: ANTI-VIRUS code loaded
Oct 12 12:26:08 linux amavisd-new[15406]: ANTI-SPAM code loaded
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server:
2005/10/12-12:26:08 Amavis (type Net::Server::PreForkSimple) starting!
pid(15406)
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Binding to TCP
port 10024 on host 127.0.0.1
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Setting gid to
"116 116"
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Setting uid to "115"
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Setting up
serialization via flock
Oct 12 12:26:08 linux amavisd-new[15406]: Found $file at /usr/bin/file
Oct 12 12:26:08 linux amavisd-new[15406]: Found $arc at /usr/bin/arc
Oct 12 12:26:08 linux amavisd-new[15406]: Found $gzip at /bin/gzip
Oct 12 12:26:08 linux amavisd-new[15406]: Found $bzip2 at
/usr/bin/bzip2
Oct 12 12:26:08 linux amavisd-new[15406]: Found $lzop at /usr/bin/lzop
Oct 12 12:26:08 linux amavisd-new[15406]: Found $lha at /usr/bin/lha
Oct 12 12:26:08 linux amavisd-new[15406]: Found $unarj at /usr/bin/arj
Oct 12 12:26:08 linux amavisd-new[15406]: Found $uncompress at
/bin/uncompress
Oct 12 12:26:08 linux amavisd-new[15406]: No $unfreeze, not using it
Oct 12 12:26:08 linux amavisd-new[15406]: Found $unrar at /usr/bin/rar
Oct 12 12:26:08 linux amavisd-new[15406]: Found $zoo at /usr/bin/zoo
Oct 12 12:26:08 linux amavisd-new[15406]: Found $cpio at /bin/cpio
Oct 12 12:26:08 linux amavisd-new[15406]: Found primary av scanner FRISK
F-Prot Antivirus at /usr/bin/f-prot
Oct 12 12:26:08 linux amavisd-new[15406]: Found secondary av scanner
Clam Antivirus - clamscan at /usr/bin/clamscan
Oct 12 12:26:08 linux amavisd-new[15406]: SpamControl: initializing
Mail::SpamAssassin
Oct 12 12:26:08 linux amavisd-new[15406]: SpamControl: done
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Beginning prefork
(2 processes)
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Starting "2" children
Oct 12 12:26:08 linux amavisd-new[15407]: Net::Server: Child Preforked
(15407)
Oct 12 12:26:08 linux amavisd-new[15408]: Net::Server: Child Preforked
(15408)
Oct 12 12:26:08 linux amavisd-new[15406]: Net::Server: Parent ready for
children.
Reply to: