In these tests i run 10 minutes of mailserver activity with and without JJencode.yar in signature
As you can see with JJencode.yar it takes more than 10 minutes of cpu and without it takes 1 minute !!!!
Now test 1st time CLAMD CPU USAGE IN 10 MINUTES JJencode.yar PRESENT
--------------------------------------------------------------------
echo "* t e s t s t a r t";echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar;echo "* stopping services";systemctl stop
clamd@scan.service;systemctl stop mailscanner;sleep 5;echo "* starting services";systemctl start
clamd@scan.service;systemctl start mailscanner;echo "* clamscan cpu after start";ps -ef | grep clamscan;echo "* sleep 10 minutes";sleep 600;echo "* clamscan cpu after 1 minute";ps -ef | grep clamscan;echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar
* t e s t s t a r t
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
* stopping services
* starting services
* clamscan cpu after start
clamscan 243476 1 0 09:50 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 244079 186146 0 09:50 pts/0 00:00:00 grep --color=auto clamscan
* sleep 10 minute
* clamscan cpu after 1 minute
clamscan 243476 1 99 09:50 ? 00:21:25 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 249184 186146 0 10:00 pts/0 00:00:00 grep --color=auto clamscan
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
in 10 minutes clamd used more that 21 minutes of cpu !
Now test 2nd time CLAMD CPU USAGE IN 10 MINUTES JJencode.yar PRESENT
--------------------------------------------------------------------
echo "* t e s t s t a r t";echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar;echo "* stopping services";systemctl stop
clamd@scan.service;systemctl stop mailscanner;sleep 5;echo "* starting services";systemctl start
clamd@scan.service;systemctl start mailscanner;echo "* clamscan cpu after start";ps -ef | grep clamscan;echo "* sleep 10 minutes";sleep 600;echo "* clamscan cpu after 1 minute";ps -ef | grep clamscan;echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar
* t e s t s t a r t
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
* stopping services
* starting services
* clamscan cpu after start
clamscan 249526 1 0 10:01 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 250129 186146 0 10:01 pts/0 00:00:00 grep --color=auto clamscan
* sleep 10 minute
* clamscan cpu after 1 minute
clamscan 249526 1 99 10:01 ? 00:15:10 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 255188 186146 0 10:11 pts/0 00:00:00 grep --color=auto clamscan
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
in 10 minutes clamd used more that 15 minutes of cpu !
When JJencode.yar PRESENT clamdtop have files that stays some seconds and sometimes lot of seconds
--------------------------------------------------------------------------------------------------
COMMAND QUEUEDSINCE FILE
MULTISCAN 200.440s
MULTISCANFILE 200.440s /var/spool/MailScanner/incoming/244221/4DGdRT5Gypz1LQPF5.message
IDLE 3.910s
IDLE 3.909s
When JJencode.yar PRESENT clamscan process can take more than 100% of a single cpu
----------------------------------------------------------------------------------
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
249526 clamscan 20 0 2714012 1.7g 6872 S 183.7 14.9 6:00.28 clamd
Now we remove JJencode.yar
--------------------------
systemctl stop
clamd@scan.service;systemctl stop mailscanner
mkdir /var/lib/clamav/park
mv /var/lib/clamav/JJencode.yar /var/lib/clamav/park/JJencode.yar
Now test 1st time CLAMD CPU USAGE IN 10 MINUTES JJencode.yar ABSENT
-------------------------------------------------------------------
echo "* t e s t s t a r t";echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar;echo "* stopping services";systemctl stop
clamd@scan.service;systemctl stop mailscanner;sleep 5;echo "* starting services";systemctl start
clamd@scan.service;systemctl start mailscanner;echo "* clamscan cpu after start";ps -ef | grep clamscan;echo "* sleep 10 minutes";sleep 600;echo "* clamscan cpu after 1 minute";ps -ef | grep clamscan;echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar
* t e s t s t a r t
* check if present JJencode.yar
ls: cannot access '/var/lib/clamav/JJencode.yar': No such file or directory
* stopping services
* starting services
* clamscan cpu after start
clamscan 256406 1 0 10:15 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 257006 186146 0 10:15 pts/0 00:00:00 grep --color=auto clamscan
* sleep 10 minutes
* clamscan cpu after 1 minute
clamscan 256406 1 11 10:15 ? 00:01:10 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 263011 186146 0 10:25 pts/0 00:00:00 grep --color=auto clamscan
* check if present JJencode.yar
ls: cannot access '/var/lib/clamav/JJencode.yar': No such file or directory
in 10 minutes clamd used about 1 minute of cpu, and consider that a lot of this is used when start !
Now test 2nd time CLAMD CPU USAGE IN 10 MINUTES JJencode.yar ABSENT
-------------------------------------------------------------------
echo "* t e s t s t a r t";echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar;echo "* stopping services";systemctl stop
clamd@scan.service;systemctl stop mailscanner;sleep 5;echo "* starting services";systemctl start
clamd@scan.service;systemctl start mailscanner;echo "* clamscan cpu after start";ps -ef | grep clamscan;echo "* sleep 10 minutes";sleep 600;echo "* clamscan cpu after 1 minute";ps -ef | grep clamscan;echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar
* t e s t s t a r t
* check if present JJencode.yar
ls: cannot access '/var/lib/clamav/JJencode.yar': No such file or directory
* stopping services
* starting services
* clamscan cpu after start
clamscan 263384 1 0 10:26 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 263987 186146 0 10:26 pts/0 00:00:00 grep --color=auto clamscan
* sleep 10 minutes
* clamscan cpu after 1 minute
clamscan 263384 1 7 10:26 ? 00:00:46 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 269333 186146 0 10:36 pts/0 00:00:00 grep --color=auto clamscan
* check if present JJencode.yar
ls: cannot access '/var/lib/clamav/JJencode.yar': No such file or directory
in 10 minutes clamd used less than 1 minute of cpu, and consider that a lot of this is used when start !
Now we restore JJencode.yar
----------------------------
systemctl stop
clamd@scan.service;systemctl stop mailscanner
mv /var/lib/clamav/park/JJencode.yar /var/lib/clamav/JJencode.yar
Now test 3rdnd time CLAMD CPU USAGE IN 10 MINUTES JJencode.yar PRESENT
--------------------------------------------------------------------
echo "* t e s t s t a r t";echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar;echo "* stopping services";systemctl stop
clamd@scan.service;systemctl stop mailscanner;sleep 5;echo "* starting services";systemctl start
clamd@scan.service;systemctl start mailscanner;echo "* clamscan cpu after start";ps -ef | grep clamscan;echo "* sleep 10 minutes";sleep 600;echo "* clamscan cpu after 1 minute";ps -ef | grep clamscan;echo "* check if present JJencode.yar";ls /var/lib/clamav/JJencode.yar
* t e s t s t a r t
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
* stopping services
* starting services
* clamscan cpu after start
clamscan 286388 1 0 11:10 ? 00:00:00 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 286991 186146 0 11:10 pts/0 00:00:00 grep --color=auto clamscan
* sleep 10 minutes
* clamscan cpu after 1 minute
clamscan 286388 1 99 11:10 ? 00:10:13 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 292047 186146 0 11:20 pts/0 00:00:00 grep --color=auto clamscan
* check if present JJencode.yar
/var/lib/clamav/JJencode.yar
in 10 minutes clamd used more that 10 minutes of cpu !