MalwareDetection load optimization

Estimated reading time: 1 min

If your server’s load is high while the MalwareDetection module is enabled, follow this troubleshooting guide to resolve the issue.

Find out what causes the issue.

Inotifywait process

We need to check if the load is increased by the Inotifywait process or the MalwareDetection process itself.
To do that, use the htop or top command.
Changing the Inotify process should resolve the load issue if it increases the load.
A step-by-step guide on that is available here.

Inotifywait process in htop

Initial malware scan

The load might be higher than it is usually if you run the first full malware scan as the module indexes the file system. You can check this from the Anti-Malware menu point or by issuing the following command in the terminal: bitninjacli --module=MalwareDetection --list-scans |grep scan_key

Active malware scan in progress
No active malware scan

If the initial scan causes issues with the service, we suggest canceling it and continuing when the server’s traffic is lower.
Cancel the scan from the Anti-Malware menu or the terminal with the following command:
bitninjacli --module=MalwareDetection --cancel
You can also try the following settings and retry.

The following scans after the file system is indexed will be much more load friendly, and they will be much faster as well.

None of the above

As a first step, we recommend decreasing the number of files pulled by the module:

If the corresponding variable is not present in the /etc/bitninja/MalwareDetection/config.ini the file, then add it manually under the [core] the section in the config file.

  1. Open the /etc/bitninja/MalwareDetection/config.ini file with nano:
    nano /etc/bitninja/MalwareDetection/config.ini
  2. Then add the variable file_path_pull_limit = 4
  3. Decrease the value to lower the module’s impact on the server’s load.
  4. Exit and save the changes
  5. Restart BitNinja with the service bitninja restart command.
We recommend setting the value to half the number of available CPU cores in the server.

If this does not solve the issue or you would have at least a 2.38.4 version of BitNinja or newer, then you have the option to increase scan_niceness variable in the config of the module.

The higher the value, the less impact the module has on the server’s load. It will also be slower.
Its range is from 0-1.

The scan_niceness can be changed in the /etc/bitninja/MalwareDetection/config.ini file.

  1. Open the /etc/bitninja/MalwareDetection/config.ini file with nano:
    nano /etc/bitninja/MalwareDetection/config.ini
  2. Then find the variable
  3. Increase the value to lower the module’s impact on the server’s load.
  4. Exit and save the changes
  5. Restart BitNinja with the service bitninja restart command.
Views: 61