unerklärliche Prozesse?

0etzi · Jul 13, 2007

folgende laufende Prozesse sind auf meinem Server, vor allem die Prozesse um vpopmail und qmail machen mich nachdenklich. Ich meine, da stimmt was nicht, aber ich bin zu unerfahren, hier einzugreifen, falls sich mein Gefühl bestätigt.
Was kann ich tun, falls hier jemand den Server missbraucht? Oder ist alles normal?
Hier die Prozessübersicht:

Code:

USER 	%CPU 	%MEM 	COMMAND
root 	0 	0 	init [3]
root 	0 	0 	[ksoftirqd/0]
root 	0 	0 	[events/0]
root 	0 	0 	[khelper]
root 	0 	0 	[kthread]
root 	0 	0 	[kacpid]
root 	0 	0 	[kblockd/0]
root 	0 	0 	[pdflush]
root 	0 	0 	[aio/0]
root 	0 	0 	[kswapd0]
root 	0 	0 	[kseriod]
root 	0 	0 	[ata/0]
root 	0 	0 	[kjournald]
root 	0 	0 	/sbin/udevd -d
root 	0 	0 	[hwscand]
root 	0 	0 	/sbin/resmgrd
root 	0 	0 	/sbin/dhcpcd -C -H -D -N -t 999999 -h linux eth0
root 	0 	0.1 	/sbin/syslog-ng
root 	0 	0.1 	/sbin/klogd -c 1 -x -x
root 	0 	0.1 	/bin/sh /usr/bin/mysqld_safe --user=mysql --pid-file=/var/lib
mysql 	0 	0.8 	/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --us
named 	0 	0.3 	/usr/sbin/named -t /var/lib/named -u named
root 	0 	0.1 	/usr/sbin/xinetd
root 	0 	0.2 	/usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root 	0 	0 	/usr/sbin/acpid -c /etc/acpi/events.ignore
root 	0 	0.1 	/usr/sbin/powersaved -d -x /usr/lib/powersave/scripts -a resm
root 	0 	0 	tcpserver -R -D 0 pop3 /var/qmail/bin/qmail-popup localhost /
root 	0 	0 	svscan
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	/usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root 	0 	0 	supervise qmail-send
root 	0 	0 	supervise log
root 	0 	0 	/usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrl
root 	0 	0 	/usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrl
root 	0 	0 	/usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrl
root 	0 	0 	supervise qmail-smtpd
root 	0 	0 	supervise log
qmails 	0 	0 	qmail-send
root 	0 	0 	/usr/lib/courier-imap/libexec/courierlogger imapd
root 	0 	0 	/usr/lib/courier-imap/libexec/courierlogger imapd-ssl
qmaill 	0 	0 	/usr/local/bin/multilog t /var/log/qmail
qmaild 	0 	0 	/usr/local/bin/tcpserver -R -D -v -p -x /etc/tcp.smtp.cdb -c
qmaill 	0 	0 	/usr/local/bin/multilog t /var/log/qmail/smtpd
root 	0 	0 	/usr/lib/courier-imap/libexec/courierlogger pop3d-ssl
root 	0 	0.5 	/usr/sbin/spamd -d -L -m 10 --vpopmail --username=vpopmail -r
qmaill 	0 	0 	splogger qmail
root 	0 	0 	qmail-lspawn ./Mailbox
qmailr 	0 	0 	qmail-rspawn
qmailq 	0 	0 	qmail-clean
ntp 	0 	0.5 	/usr/sbin/ntpd -p /var/lib/ntp/var/run/ntp/ntpd.pid -u ntp -i
vpopmail 	0 	0.4 	spamd child
root 	0 	0.2 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
root 	0 	0 	/usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas
wwwrun 	0 	0.5 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.8 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.5 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 	0 	0.1 	/usr/sbin/cron
vscan 	0 	0.2 	/usr/bin/freshclam -d
root 	0 	0.2 	/usr/sbin/nscd
root 	0 	0.2 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	0.3 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	0.3 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	0.3 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	1 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	0.3 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
root 	0 	0 	/sbin/mingetty --noclear tty1
root 	0 	0 	/sbin/agetty -L 57600 ttyS0
root 	0 	0.1 	/bin/sh /command/svscanboot
root 	0 	0 	svscan /service
root 	0 	0 	readproctitle service errors: ...............................
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
vpopmail 	0 	1 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail 	0 	0.3 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
wwwrun 	0 	1.2 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 	0 	0.4 	/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
vpopmail 	0 	0.4 	spamd child
root 	0 	0 	[pdflush]
vpopmail 	4.9 	4.5 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.9 	4.8 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.9 	5.1 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.9 	4.7 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.9 	4.9 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.9 	5 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.8 	5 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.8 	5 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.8 	5.2 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
vpopmail 	4.8 	5.2 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	4.8 	5.2 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	4.8 	5.1 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	5 	5.1 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	5 	1.4 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0.1 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	5.7 	1.2 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0.2 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	6.1 	1.2 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
qmaild 	0 	0 	/var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/tr
vpopmail 	0.3 	1.1 	/usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue
vpopmail 	5.5 	1.1 	/usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disab
root 	0 	0 	/usr/lib/courier-imap/sbin/imaplogin /usr/lib/courier-imap/li
vpopmail 	0 	0.1 	/bin/ps -eo user,pcpu,pmem,command --sort=-pmem

Vielen Dank
0etzi

marneus · Jul 13, 2007

Poste mal bitte die Ausgabe von

Code:

ps aufx

respektive

Code:

pstree

. Das ist deutlich einfacher zuzuordnen.

0etzi · Jul 13, 2007

Noch eine Verständnisfrage:
Falls ein php-script Schuld daran ist und ich dieses Script durch ein Passwort schütze (z.B. Formmailer) oder lösche, dann hört der Spamversand auf?

Hier die Ausgabe von ps aufx, wie vermeide ich, dass putty das abschneidet, was nicht ins Fenster passt? Die xxxxx habe ich eingefügt um die gehosteten Domains nicht zu veröffentlichen.

Code:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0    680    68 ?        S    Jul12   0:01 init [3]
root         2  0.0  0.0      0     0 ?        SN   Jul12   0:00 [ksoftirqd/0]
root         3  0.0  0.0      0     0 ?        S<   Jul12   0:00 [events/0]
root         4  0.0  0.0      0     0 ?        S<   Jul12   0:00 [khelper]
root         9  0.0  0.0      0     0 ?        S<   Jul12   0:00 [kthread]
root        19  0.0  0.0      0     0 ?        S<   Jul12   0:00  \_ [kacpid]
root        91  0.0  0.0      0     0 ?        S<   Jul12   0:02  \_ [kblockd/0]
root       131  0.0  0.0      0     0 ?        S    Jul12   0:00  \_ [pdflush]
root       134  0.0  0.0      0     0 ?        S<   Jul12   0:00  \_ [aio/0]
root       934  0.0  0.0      0     0 ?        S<   Jul12   0:00  \_ [ata/0]
root     19565  0.0  0.0      0     0 ?        S    16:09   0:00  \_ [pdflush]
root       133  0.0  0.0      0     0 ?        S    Jul12   0:09 [kswapd0]
root       726  0.0  0.0      0     0 ?        S    Jul12   0:00 [kseriod]
root      1105  0.0  0.0      0     0 ?        S    Jul12   0:02 [kjournald]
root      2028  0.0  0.0   1472   400 ?        S<s  Jul12   0:00 /sbin/udevd -d
root      2193  0.0  0.0   1460   304 ?        S<   Jul12   0:00 [hwscand]
root      4419  0.0  0.0   1496   372 ?        Ss   Jul12   0:00 /sbin/resmgrd
root      4649  0.0  0.0   1492   376 ?        Ss   Jul12   0:00 /sbin/dhcpcd -C -H -D -N -t 999999 -h linux eth0
root      4805  0.0  0.1   1852   704 ?        Ss   Jul12   0:03 /sbin/syslog-ng
root      4808  0.0  0.1   1604   576 ?        Ss   Jul12   0:00 /sbin/klogd -c 1 -x -x
root      4877  0.0  0.1   2444   892 ?        S    Jul12   0:00 /bin/sh /usr/bin/mysqld_safe --user=mysql --pid-file=/var/lib/mysql/mysqld.pid --socket=/var
mysql     4940  0.0  0.5 101476  2720 ?        Sl   Jul12   0:07  \_ /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/li
named     4953  0.0  0.1  30464   996 ?        Ssl  Jul12   0:00 /usr/sbin/named -t /var/lib/named -u named
root      4985  0.0  0.1   2152   732 ?        Ss   Jul12   0:00 /usr/sbin/xinetd
root      4986  0.0  0.1   4600   928 ?        Ss   Jul12   0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid
root     21628  0.1  0.4   8312  2368 ?        Ss   19:43   0:00  \_ sshd: root@pts/0
root     21631  0.0  0.3   3044  1732 pts/0    Ss   19:43   0:00      \_ -bash
root     21652  0.0  0.1   2720   848 pts/0    R+   19:44   0:00          \_ ps aufx
root      5028  0.0  0.0   1472   428 ?        Ss   Jul12   0:00 /usr/sbin/acpid -c /etc/acpi/events.ignore
root      5089  0.0  0.1   2852   592 ?        S    Jul12   0:00 /usr/sbin/powersaved -d -x /usr/lib/powersave/scripts -a resmgr -v 3
root      5090  0.0  0.0   1524   424 ?        S    Jul12   0:00 tcpserver -R -D 0 pop3 /var/qmail/bin/qmail-popup localhost /home/vpopmail/bin/vchkpw /var/q
root      5094  0.0  0.0   1492   308 ?        S    Jul12   0:00 svscan
root      5142  0.0  0.0   1328   252 ?        S    Jul12   0:00  \_ supervise qmail-send
qmails    5152  0.0  0.0   1504   364 ?        S    Jul12   0:01  |   \_ qmail-send
qmaill    5165  0.0  0.0   1468   408 ?        S    Jul12   0:00  |       \_ splogger qmail
root      5166  0.0  0.0   1472   256 ?        S    Jul12   0:00  |       \_ qmail-lspawn ./Mailbox
qmailr    5167  0.0  0.0   1468   316 ?        S    Jul12   0:00  |       \_ qmail-rspawn
qmailr   21648  0.0  0.0   1556   484 ?        S    19:43   0:00  |       |   \_ qmail-remote danenet.org  assailanthanged@danenet.org
qmailq    5168  0.0  0.0   1460   256 ?        S    Jul12   0:00  |       \_ qmail-clean
root      5143  0.0  0.0   1328   252 ?        S    Jul12   0:00  \_ supervise log
qmaill    5157  0.0  0.0   1472   288 ?        S    Jul12   0:00  |   \_ /usr/local/bin/multilog t /var/log/qmail
root      5150  0.0  0.0   1328   252 ?        S    Jul12   0:00  \_ supervise qmail-smtpd
qmaild    5158  0.0  0.0   1524   432 ?        S    Jul12   0:00  |   \_ /usr/local/bin/tcpserver -R -D -v -p -x /etc/tcp.smtp.cdb -c 20 -u 60004 -g 60003 0
qmaild   21392  0.0  0.0   1352   296 ?        S    19:24   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21393  0.0  1.1   8080  5836 ?        S    19:24   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21396  2.4  1.3  10988  7200 ?        R    19:24   0:29  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21404  0.0  0.0   1352   296 ?        S    19:26   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21405  0.0  1.1   8080  5836 ?        S    19:26   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21408  2.6  1.3  10988  7164 ?        R    19:26   0:28  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21468  0.0  0.0   1352   248 ?        S    19:30   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21469  0.0  0.9   8084  4752 ?        S    19:30   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21472  2.5  1.3  10724  6716 ?        R    19:30   0:21  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21489  0.0  0.0   1352   296 ?        S    19:31   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21490  0.0  1.1   8084  5836 ?        S    19:31   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21493  2.5  1.3  10724  6864 ?        R    19:31   0:20  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21504  0.0  0.0   1352   296 ?        S    19:31   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21507  0.0  1.1   8084  5840 ?        S    19:31   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21510  2.5  1.3  10724  6852 ?        R    19:31   0:19  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21530  0.0  0.0   1484   332 ?        S    19:32   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21531  0.0  1.1   8080  5836 ?        S    19:32   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21534  2.5  1.3  10592  6796 ?        R    19:32   0:19  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21541  0.0  0.0   1352   296 ?        S    19:34   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21542  0.0  1.1   8084  5840 ?        S    19:34   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21545  2.5  1.2  10460  6688 ?        R    19:34   0:15  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21553  0.0  0.0   1352   296 ?        S    19:36   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21554  0.0  1.1   8084  5840 ?        S    19:36   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21557  2.5  1.2  10328  6532 ?        R    19:36   0:12  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21559  0.0  0.0   1352   296 ?        S    19:37   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21560  0.0  1.1   8084  5840 ?        S    19:37   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21563  2.7  1.2  10328  6496 ?        R    19:37   0:12  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21575  0.0  0.0   1352   296 ?        S    19:39   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21576  0.1  1.1   8084  5840 ?        S    19:40   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21579  2.7  1.2  10064  6208 ?        R    19:40   0:07  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21581  0.0  0.0   1352   296 ?        S    19:40   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21582  0.1  1.1   8088  5840 ?        S    19:40   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21585  2.4  1.1   9800  6028 ?        R    19:41   0:04  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21595  0.0  0.0   1352   296 ?        S    19:43   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21597  0.5  1.1   8084  5840 ?        S    19:43   0:00  |       |   \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21600  2.5  1.1   9536  5736 ?        R    19:43   0:02  |       |       \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
qmaild   21596  0.0  0.0   1352   296 ?        S    19:43   0:00  |       \_ /var/qmail/bin/qmail-smtpd localhost /bin/cmd5checkpw /bin/true
vpopmail 21601  0.4  1.1   8080  5840 ?        S    19:43   0:00  |           \_ /usr/bin/perl -T /dev/fd/3//var/qmail/bin/qmail-scanner-queue.pl
vpopmail 21617  2.5  1.1   9536  5692 ?        R    19:43   0:01  |               \_ /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary
root      5151  0.0  0.0   1328   252 ?        S    Jul12   0:00  \_ supervise log
qmaill    5159  0.0  0.0   1472   308 ?        S    Jul12   0:00      \_ /usr/local/bin/multilog t /var/log/qmail/smtpd
root      5123  0.0  0.0   1916   460 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5137  0.0  0.0   1916   464 ?        S    Jul12   0:00  \_ /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5138  0.0  0.0   1916   464 ?        S    Jul12   0:00  \_ /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5139  0.0  0.0   1916   460 ?        S    Jul12   0:00  \_ /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5140  0.0  0.0   1916   460 ?        S    Jul12   0:00  \_ /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5141  0.0  0.0   1916   460 ?        S    Jul12   0:00  \_ /usr/lib/courier-imap/libexec/authlib/authdaemond.plain start
root      5145  0.0  0.0   1560   456 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/lib
root      5147  0.0  0.0   1560   392 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/lib
root      5149  0.0  0.0   1560   392 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/couriertcpd -address=0 -stderrlogger=/usr/lib/courier-imap/lib
root      5154  0.0  0.0   1456   416 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/courierlogger imapd
root      5156  0.0  0.0   1324   236 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/courierlogger imapd-ssl
root      5161  0.0  0.0   1324   236 ?        S    Jul12   0:00 /usr/lib/courier-imap/libexec/courierlogger pop3d-ssl
root      5164  0.0  0.4  27212  2096 ?        Ss   Jul12   0:03 /usr/sbin/spamd -d -L -m 10 --vpopmail --username=vpopmail -r /var/run/spamd.pid
vpopmail  5218  0.0  0.3  29920  1820 ?        S    Jul12   0:36  \_ spamd child
vpopmail 16658  0.0  0.3  28404  1796 ?        S    10:37   0:00  \_ spamd child
ntp       5175  0.0  0.5   2812  2812 ?        SLs  Jul12   0:00 /usr/sbin/ntpd -p /var/lib/ntp/var/run/ntp/ntpd.pid -u ntp -i /var/lib/ntp
root      5219  0.0  0.2  14244  1080 ?        Ss   Jul12   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root      5220  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxx.i
root      5221  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxx.e
root      5222  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxx.n
root      5223  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.o
root      5224  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.b
root      5225  0.0  0.0   1512   356 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.c
root      5226  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.d
root      5227  0.0  0.0   1512   356 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.de
root      5228  0.0  0.0   1512   356 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx
root      5229  0.0  0.0   1512   380 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx
root      5230  0.0  0.0   1512   380 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx/access_
root      5231  0.0  0.0   1512   380 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx
root      5232  0.0  0.0   1512   380 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx/acc
root      5233  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.de/acce
root      5234  0.0  0.0   1512   356 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxx.de/access_
root      5235  0.0  0.0   1512   356 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxx.de/access_
root      5236  0.0  0.0   1380   212 ?        S    Jul12   0:00  \_ /usr/local/visas/cronolog/cronolog --symlink=/usr/local/visas/logfiles/xxxxxxxx.de/acce
wwwrun    5237  0.0  0.3  17072  1980 ?        S    Jul12   0:05  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5238  0.0  0.4  16892  2532 ?        S    Jul12   0:07  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5239  0.0  0.3  16964  1996 ?        S    Jul12   0:04  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5240  0.0  0.3  16908  2056 ?        S    Jul12   0:04  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5241  0.0  0.4  16964  2504 ?        S    Jul12   0:04  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5595  0.0  0.3  17024  2048 ?        S    Jul12   0:02  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    5596  0.0  0.4  16960  2532 ?        S    Jul12   0:03  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun    9629  0.0  0.5  16984  2824 ?        S    Jul12   0:04  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   15775  0.0  0.6  16988  3236 ?        S    08:17   0:02  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun   15777  0.0  0.5  16888  2584 ?        S    08:17   0:01  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root      5253  0.0  0.1   1736   652 ?        Ss   Jul12   0:00 /usr/sbin/cron
vscan     5266  0.0  0.1   4180   968 ?        Ss   Jul12   0:00 /usr/bin/freshclam -d
root      5277  0.0  0.2  14900  1080 ?        Ssl  Jul12   0:00 /usr/sbin/nscd
root      5308  0.0  0.1  14368   960 ?        Ss   Jul12   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  5309  0.0  0.2  15360  1464 ?        S    Jul12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  5310  0.0  0.2  14636  1408 ?        S    Jul12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  5311  0.0  0.2  19388  1472 ?        S    Jul12   0:02  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  5312  0.0  0.2  15588  1472 ?        S    Jul12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  5313  0.0  0.2  19396  1472 ?        S    Jul12   0:02  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  7909  0.0  0.2  15408  1456 ?        S    Jul12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
vpopmail  7924  0.0  0.2  15500  1468 ?        S    Jul12   0:00  \_ /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.visas
root      5573  0.0  0.0   1908   512 tty1     Ss+  Jul12   0:00 /sbin/mingetty --noclear tty1
root      5574  0.0  0.0   1472   404 ttyS0    Ss+  Jul12   0:00 /sbin/agetty -L 57600 ttyS0
root      5575  0.0  0.1   2444   888 ?        Ss   Jul12   0:00 /bin/sh /command/svscanboot
root      5577  0.0  0.0   1492   292 ?        S    Jul12   0:00  \_ svscan /service
root      5578  0.0  0.0   1320   192 ?        S    Jul12   0:00  \_ readproctitle service errors: ..........................................................
vpopmail 21016  2.2  0.8  31128  4224 ?        R    18:37   1:28 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21021  2.2  0.8  31128  4224 ?        R    18:37   1:28 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21028  2.1  0.8  31128  4196 ?        R    18:38   1:27 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21036  2.2  0.8  31128  4212 ?        R    18:38   1:27 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21048  2.1  0.8  31128  4176 ?        R    18:39   1:25 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21054  2.2  0.8  31128  4200 ?        R    18:39   1:26 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21060  2.2  0.8  31128  4160 ?        R    18:40   1:24 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21077  2.1  0.7  31128  4116 ?        R    18:42   1:22 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21080  2.2  0.7  31128  4120 ?        R    18:42   1:22 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21086  2.2  0.7  31128  4116 ?        R    18:42   1:21 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21095  2.2  0.7  30996  4084 ?        R    18:44   1:20 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21100  2.2  0.7  30996  4096 ?        R    18:44   1:20 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21131  2.2  0.7  30996  4084 ?        R    18:45   1:19 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21140  2.2  0.7  30996  4044 ?        R    18:47   1:17 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21153  2.2  0.7  30996  4000 ?        R    18:49   1:15 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21164  2.3  4.8  30864 24900 ?        R    18:51   1:13 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21171  2.2  4.7  30864 24488 ?        R    18:53   1:10 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21175  2.3  4.8  30864 24768 ?        R    18:53   1:11 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21180  2.2  4.7  30864 24504 ?        R    18:53   1:09 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21192  2.3  4.7  30864 24464 ?        R    18:55   1:08 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21264  2.4  4.8  30600 25076 ?        R    19:02   1:01 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21281  2.3  4.9  30468 25692 ?        R    19:04   0:55 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21285  2.3  4.8  30600 25196 ?        R    19:04   0:56 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21345  2.5  4.9  30204 25484 ?        R    19:16   0:42 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21357  2.6  1.4  13496  7456 ?        R    19:20   0:37 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21368  2.4  1.4  11120  7316 ?        R    19:21   0:32 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -
vpopmail 21380  2.5  1.3  11120  7004 ?        R    19:23   0:32 /usr/bin/clamscan -r -m --unzip --unrar --unzoo --lha --disable-summary --max-recursion=10 -

und hier die Ausgabe von pstree:

Code:

initââ¬âacpid
     ââagetty
     ââauthdaemond.plaâââ5*[authdaemond.pla]
     ââ26*[clamscan]
     ââ3*[courierlogger]
     ââ3*[couriertcpd]
     ââcron
     ââdhcpcd
     ââevents/0
     ââfreshclam
     ââhttpd2-preforkââ¬â17*[cronolog]
     â                ââ10*[httpd2-prefork]
     ââhttpd2-preforkâââ7*[httpd2-prefork]
     ââhwscand
     ââkhelper
     ââkjournald
     ââklogd
     ââkseriod
     ââksoftirqd/0
     ââkswapd0
     ââkthreadââ¬âaio/0
     â         ââata/0
     â         ââkacpid
     â         ââkblockd/0
     â         ââ2*[pdflush]
     ââmingetty
     ââmysqld_safeâââmysqld
     âânamed
     âânscd
     âântpd
     ââpowersaved
     ââresmgrd
     ââspamdâââ2*[spamd]
     ââsshdâââsshdâââbashâââpstree
     ââsvscanââ¬âsuperviseâââqmail-sendââ¬âqmail-clean
     â        â                        ââqmail-lspawn
     â        â                        ââqmail-rspawn
     â        â                        ââsplogger
     â        ââ2*[superviseâââmultilog]
     â        ââsuperviseâââtcpserverâââ11*[qmail-smtpdâââperl5.8.6âââclamscan]
     ââsvscanbootââ¬âreadproctitle
     â            ââsvscan
     ââsyslog-ng
     ââtcpserver
     ââudevd
     ââxinetd

Huschi · Jul 14, 2007

0etzi said:
Ich meine, da stimmt was nicht

Hast Du einen bestimmten Grund anzunehmen, daß da was nicht stimmt?
Was kommt Dir daran seltsam vor?
Da Du in der Sektion "Mail" geschrieben hast, schau ich halt mal nur auf die Qmail-Prozesse. Dort sind tatsächlich ca 15 qmail-smtpd Prozesse, die sich seit geraumer Zeit im Speicher halten. Das sollte tatsächlich nicht der Fall sein.
Da sie alle im clamscan enden, tippe ich mal darauf, daß der Scanner spinnt.

Beende einfach mal alle clam-Scanner und schau halt was passiert.

huschi.

0etzi · Jul 14, 2007

Huschi said:
Hast Du einen bestimmten Grund anzunehmen, daß da was nicht stimmt?
Was kommt Dir daran seltsam vor?

Beende einfach mal alle clam-Scanner und schau halt was passiert.

Der Grund ist, dass ich noch nie so viele Prozesse rund um qmail und vpopmail hatte. Das kam mir seltsam vor. Ich tippte auf Spammer, wer sonst hat ein Interesse, sich eines Mailservers zu bedienen?

Heute sind alle Prozesse scheinbar wieder im normalen Bereich. Wenn ClamAV der Grund war, tippe ich auf einen Fehler in diesem, es kommt scheinbar zu einer Fehlermeldung, wenn Mails mit Anhang versendet werden.

Vielen Dank
0etzi

unerklärliche Prozesse?

0etzi

New Member

marneus

Registered User

0etzi

New Member

Huschi

Moderator

0etzi

New Member

We value your privacy