var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
CXS - massive CPU load - causing crash
Can someone please take a quick look at the following CXS config and please let me know if anything is wrong or can be improved?
i am running cpanel / centos 6.4 with 8GB ram + 6x e5-2630 cores on XEN.
There is under 10 cPanel accounts on the server right now and just someone uploading some content via ftp etc causing the server CPU to spike to the point where it becomes almost unresponsive.
Seems to be clamscan causing the high CPU
(/usr/sbin/cxs --allusers --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --fallback --filemax 0 --ignore /etc/cxs/cxs.ignore --mail --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/safe --quiet --sizemax 500000 --smtp --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 600 --Wrefresh 7 --Wsleep 3 --Wstart --www) [email protected]
Configure it to use --nofallback in /etc/cxs/cxswatch.sh and then restart cxswatch.
thanks for the quick reply.
I looked on http://configserver.com/cp/cxsdemo/cxs_help.html and could not see what that parameter does.. can you please confirm?
From the documentation with the latest version of cxs:
If clamd produces an error or is unavailable after a scan starts, this option will attempt to use clamscan from one of the following locations to scan files until clamd is available again (in order of preference):
If clamd is not running prior to the scan starting then this option will not apply as virus scanning will have been disabled.
Note: This can impose a significant performance hit during scanning but does mean that clamav scanning will still be performed.
great, thanks. This is my new config inside cxswatch.sh
/usr/sbin/cxs --Wstart --allusers --www --smtp --mail --quarantine /home/safe --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 600 [email protected]
whilst you are there, may i ask.. is it possible to change the priority of clamscan CPU? i.e. set a lower CPU priority?
Not really, no.
Originally Posted by
One more question regarding cxswatch, I just migrated an account into cpanel and was alerted by hundreds of seperate cxs emails.
i am wondering, is it possible to delay a scan of cxswatch to X seconds after it detects a new file/directory? i.e. set it to 15 seconds after upload?
You could try increasing --Wsleep to 15 seconds and then restart cxswatch. This will, of course, delay the detection of exploits.
just thinking of more ways to lower load and cycles of this service... is there any way (and do you recommend against it) to setup CXS watch so it ignores error_log (as for some accounts, this is constantly being filled).
By pads in forum Hosting Security and Technology
Last Post: 12-22-2010, 09:28 PM
By TheErratic in forum Dedicated Server
Last Post: 06-14-2007, 10:18 AM
By bidder in forum Hosting Security and Technology
Last Post: 06-28-2006, 02:44 PM
By xenoborg in forum Hosting Security and Technology
Last Post: 05-12-2003, 08:01 AM
By Eagle in forum Hosting Security and Technology
Last Post: 07-23-2001, 11:56 AM