Results 1 to 12 of 12
  1. #1
    Join Date
    Aug 2013
    Posts
    43

    CXS - massive CPU load - causing crash

    Can someone please take a quick look at the following CXS config and please let me know if anything is wrong or can be improved?

    i am running cpanel / centos 6.4 with 8GB ram + 6x e5-2630 cores on XEN.

    There is under 10 cPanel accounts on the server right now and just someone uploading some content via ftp etc causing the server CPU to spike to the point where it becomes almost unresponsive.

    Seems to be clamscan causing the high CPU

    Any ideas?

    (/usr/sbin/cxs --allusers --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --fallback --filemax 0 --ignore /etc/cxs/cxs.ignore --mail [email protected] --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/safe --quiet --sizemax 500000 --smtp --summary --sversionscan --timemax 30 --virusscan --Wloglevel 0 --Wmaxchild 3 --Wrateignore 600 --Wrefresh 7 --Wsleep 3 --Wstart --www)

  2. #2
    Configure it to use --nofallback in /etc/cxs/cxswatch.sh and then restart cxswatch.

  3. #3
    Join Date
    Aug 2013
    Posts
    43
    thanks for the quick reply.

    I looked on http://configserver.com/cp/cxsdemo/cxs_help.html and could not see what that parameter does.. can you please confirm?

  4. #4
    From the documentation with the latest version of cxs:
    --[no]fallback

    If clamd produces an error or is unavailable after a scan starts, this option will attempt to use clamscan from one of the following locations to scan files until clamd is available again (in order of preference):

    /usr/local/cpanel/3rdparty/bin/clamscan
    /usr/local/bin/clamscan
    /usr/bin/clamscan

    If clamd is not running prior to the scan starting then this option will not apply as virus scanning will have been disabled.

    Note: This can impose a significant performance hit during scanning but does mean that clamav scanning will still be performed.

  5. #5
    Join Date
    Aug 2013
    Posts
    43

  6. #6
    That looks fine.

  7. #7
    Join Date
    Aug 2013
    Posts
    43
    whilst you are there, may i ask.. is it possible to change the priority of clamscan CPU? i.e. set a lower CPU priority?

  8. #8
    Join Date
    Aug 2013
    Posts
    43
    edit.... sorry

  9. #9
    Quote Originally Posted by uRDeSIRE View Post
    whilst you are there, may i ask.. is it possible to change the priority of clamscan CPU? i.e. set a lower CPU priority?
    Not really, no.

  10. #10
    Join Date
    Aug 2013
    Posts
    43
    One more question regarding cxswatch, I just migrated an account into cpanel and was alerted by hundreds of seperate cxs emails.

    i am wondering, is it possible to delay a scan of cxswatch to X seconds after it detects a new file/directory? i.e. set it to 15 seconds after upload?

  11. #11
    You could try increasing --Wsleep to 15 seconds and then restart cxswatch. This will, of course, delay the detection of exploits.

  12. #12
    Join Date
    Aug 2013
    Posts
    43
    just thinking of more ways to lower load and cycles of this service... is there any way (and do you recommend against it) to setup CXS watch so it ignores error_log (as for some accounts, this is constantly being filled).

Similar Threads

  1. High CPU Load , what causing it ?
    By pads in forum Hosting Security and Technology
    Replies: 9
    Last Post: 12-22-2010, 09:28 PM
  2. Something causing massive MySQL load
    By TheErratic in forum Dedicated Server
    Replies: 2
    Last Post: 06-14-2007, 10:18 AM
  3. CPU usage keeps increasing causing httpd to crash
    By bidder in forum Hosting Security and Technology
    Replies: 11
    Last Post: 06-28-2006, 02:44 PM
  4. High CPU load -- how to figure out what's causing it?
    By xenoborg in forum Hosting Security and Technology
    Replies: 15
    Last Post: 05-12-2003, 08:01 AM
  5. Script causing ENORMOUS CPU load! :(
    By Eagle in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-23-2001, 11:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •