Trend Micro InterScan 3.7 ishttpd problem

Trend Micro InterScan 3.7 ishttpd problem

Post by Kevi » Sun, 21 Jul 2002 02:44:28

Any help is greatly appreciated,

I've installed interscan viruswall 3.7 for solaris with the latest
scan engine (6150).  Since that time, Interscan has produced some
interesting log events, and at the same time my network has been
unusable because the interscan viruswall machine hangs and does not
pass traffic.

It seems that when my network becomes unusable, interscan viruswall is
logging the following:

Child(process number) created at 140
Child(process number) created at 141
Child(process number) created at 142
Child(process number) created at 143
Child(process number) created at 144
Child(process number) created at 147
Child(process number) created at 148
Child(process number) created at 149
Child(process number) created at 150

Trend Micro has been little help in solving the issue or providing
information, but I believe this logged event is tracking how many
child ishttpd processes are running on the machine.  My max number of
child processes is 150.  My issue, I could understand that the number
of child processes would start to grow as network traffic increased,
and may cause a bottleneck if the max limit is reached, but this is
happening when there is very little network traffic.  I have recorded
the network traffic to verify this.  During peak internet usage, I
usually don't have any problems with viruswall, in fact I've seen
Viruswall work correctly running 85 to 90 ishttpd processes.

Any help in solving why interscan would start creating child processes
for no reason would be great.

Also, Trend Micro does not have any recommendations on how to tune the
Solaris OS or TCP stack to help improve their performance.  Does
anyone have any recommendations on TCP stack parameters I should
change to improve the performance of Viruswall.  Running Solaris 2.8.


Trend Micro InterScan 3.7 ishttpd problem

Post by Kevi » Sat, 03 Aug 2002 22:21:32

Follow to original posting,

Trend Micro was thinking the reason I'm having issues with viruswall
is because of the network load being generated at night.  So in an
effort to see if Viruswall was the real reason for my porblems, last
night Viruswall was removed from the production environment, and I did
not experience any network outages.
My User's this morning also commented that web sites were loading 2 to
3 times faster then normal.  The interesting part, is these users made
a comment to me, and they did not know a machine was removed.

Also, Last night I noticed something interesting on the firewall logs,
which may explain way users had better performance this morning.  It
seems that if I bypass the viruswall and applet trap server, and
connect directly to the internet using my laptops network settings,
when this request passes the checkpoint firewall, 3 http requests are
logged.  However, when I set up my browser to proxy to the viruswall
machine to reach the internet, the same request for the same site
produces 16 http requests that are logged.  I really have no idea why.
 Does this sound right to you?

Trend Micro to date has been little help in solving the issue, if
anyone has Trend Micro running on solaris i would love to know the
version you are running


1. Trend Interscan Antivirus proxy on Debian Linux


I like to install Trend's Interscan Antivirus program on a Debian Linux
machine. Is there anybody out there who did this before ?
I managed to get it working at 99% but there are still some problems
(i.e. it looks for a nonexisting /etc/iscan/office_update).

If someone installed Interscan on Linux before, please contact me.
(further discussion will probably too specific for this group)



Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0

2. The save command

3. Buy Trend Micro Internet Security Pro Receive H&R Block TaxCut Premium Free!!


5. Trend Micro for AIX

6. Remapping Keys ???

7. Problem with dip-3.3.7-lilo-3.2 under Linux 1.0.0

8. User quotas

9. Compile Problem: TCPDUMP 3.7.{1,2}

10. DIP-3.3.7-uri tty_notlocal problem

11. Problems compiling ppp-2.3.7

12. DIP-3.3.7-uri dialin problem

13. DIP-3.3.7-uri (was Re: Bizzare DIP/CSLIP problem