5 Replies Latest reply on Apr 25, 2016 7:10 AM by Troja

    Anti-Malware Engine Overloaded

    jwood.mls

      I realize there is another thread about this but I'm not sure my issue is the same since that one seems to refer to the engine.

       

      I'm currently showing gw engine 70001.1202.1796, GW Dat 1998 Engine 5600 and DATs 7145.

       

      Last night our gw appliance locked up.  Had to power off at the server.  Came back up fine, but gave no warning.  Today we started getting the "Anti-Malware engine overloaded message".  By the time I checked into it, I couldn't get a reboot out of it and ended up having to power off again.  My memory appeared to be maxing out which makes me think it may be related to the prior issue, but if I'm reading my DAT numbers right I don't think it should be.

       

      My MWG-Core.errors.log shows the following (just a sampling):

       

       

       

      http://i.imgur.com/sA7Y40q.png

        • 1. Re: Anti-Malware Engine Overloaded
          Jon Scholten

          You will want to know what is being processed, to check for this you can run the following commands at the time of the issue:

           

          # shows you what is currently being processed by the Gateway anti-malware

          /opt/mwg/bin/mwg-antimalware -S threads

           

          # shows you what is WAITING to be processed by Gateway anti-malware

          /opt/mwg/bin/mwg-core -S AMQueue

           

          You can run this from the MWG CLI.

           

          Otherwise you can checkout the logs from that timeframe to see what requests were being made which may have filled the queue.

           

          Best,

          Jon

          1 of 1 people found this helpful
          • 2. Re: Anti-Malware Engine Overloaded
            jwood.mls

            Thanks Jon, running /opt/mwg/bin/mwg-core -S AMQueue shows 0 items in AM queue.  What logs should I be looking at to find out the requests being made that would affect AM like that?

            • 3. Re: Anti-Malware Engine Overloaded
              Jon Scholten

              I expect that because you dont have the problem right now. The commands would be useful WHEN you are having the problem.

               

              As far as the logs, the normal access logs will do.

               

              Best,

              jon

              1 of 1 people found this helpful
              • 4. Re: Anti-Malware Engine Overloaded
                jwood.mls

                Unfortunately,  at the time the problem was happening, the sever was so busy it was hard to do much with it, though I will kep this in mind if it happens again.  I think there is the possibility that the problem was cause when our ISP had issues yesterday morning.  I wonder if somehow some requests got queued due to the slow internet connection and just never recovered.  In any case, we haven't had issues since.

                 

                In regards to our access logs, I went and tried to look back, but it appears that our access log limits are set to 100 Meg and it looks like we fill up one of those on a typical day in about 30 minutes or so, with it only retaining 8 logs, so I am only able to go back a few hours.  Not sure of those log settings need to be changed any or not for troubleshooting purposes.

                • 5. Re: Anti-Malware Engine Overloaded
                  Troja

                  Hi,

                  just a question, is it possible to figure out the highes amount of scan threads MWG used?

                   

                  What is the best way to figure out if MWG Shows a "Anti-Malware is overloaeded" message.

                  Cheers