cancel
Showing results for 
Search instead for 
Did you mean: 
jwoodmls
Level 7

Anti-Malware Engine Overloaded

I realize there is another thread about this but I'm not sure my issue is the same since that one seems to refer to the engine.

I'm currently showing gw engine 70001.1202.1796, GW Dat 1998 Engine 5600 and DATs 7145.

Last night our gw appliance locked up.  Had to power off at the server.  Came back up fine, but gave no warning.  Today we started getting the "Anti-Malware engine overloaded message".  By the time I checked into it, I couldn't get a reboot out of it and ended up having to power off again.  My memory appeared to be maxing out which makes me think it may be related to the prior issue, but if I'm reading my DAT numbers right I don't think it should be.

My MWG-Core.errors.log shows the following (just a sampling):

http://i.imgur.com/sA7Y40q.png

5 Replies
McAfee Employee

Re: Anti-Malware Engine Overloaded

You will want to know what is being processed, to check for this you can run the following commands at the time of the issue:

# shows you what is currently being processed by the Gateway anti-malware

/opt/mwg/bin/mwg-antimalware -S threads

# shows you what is WAITING to be processed by Gateway anti-malware

/opt/mwg/bin/mwg-core -S AMQueue

You can run this from the MWG CLI.

Otherwise you can checkout the logs from that timeframe to see what requests were being made which may have filled the queue.

Best,

Jon

0 Kudos
jwoodmls
Level 7

Re: Anti-Malware Engine Overloaded

Thanks Jon, running /opt/mwg/bin/mwg-core -S AMQueue shows 0 items in AM queue.  What logs should I be looking at to find out the requests being made that would affect AM like that?

0 Kudos
McAfee Employee

Re: Anti-Malware Engine Overloaded

I expect that because you dont have the problem right now. The commands would be useful WHEN you are having the problem.

As far as the logs, the normal access logs will do.

Best,

jon

0 Kudos
jwoodmls
Level 7

Re: Anti-Malware Engine Overloaded

Unfortunately,  at the time the problem was happening, the sever was so busy it was hard to do much with it, though I will kep this in mind if it happens again.  I think there is the possibility that the problem was cause when our ISP had issues yesterday morning.  I wonder if somehow some requests got queued due to the slow internet connection and just never recovered.  In any case, we haven't had issues since.

In regards to our access logs, I went and tried to look back, but it appears that our access log limits are set to 100 Meg and it looks like we fill up one of those on a typical day in about 30 minutes or so, with it only retaining 8 logs, so I am only able to go back a few hours.  Not sure of those log settings need to be changed any or not for troubleshooting purposes.

0 Kudos
Troja
Level 14

Re: Anti-Malware Engine Overloaded

Hi,

just a question, is it possible to figure out the highes amount of scan threads MWG used?

What is the best way to figure out if MWG Shows a "Anti-Malware is overloaeded" message.

Cheers

0 Kudos