TLDR: I had a network meltdown today and found the root cause to be that Sophos (version 9.315-2) was pegged at 100% CPU, resulting in a slew of routing failures.
top output reported that the process ipsfb (was the culprit. Even after reboots and manually killing the process via pkill, it returns every few minutes and CPU utilization spikes right to 100%. If I let it run for more than a few minutes, I start to see an increasing number of random network issues. In order to keep my network online, I've written a cronjob to kill the process every minute.
In poking around, I found /usr/local/bin/ipsfb to be a symlink over to /usr/lib/ipsfb/ipsfb.plc. It's a binary file, so I can't read it and thus, can't determine what it is/what it does.
I found some posts from 2013-ish that indicated a bug in a previous release caused this when IPS was monitoring external interfaces. This doesn't seem to match because 1) I assume a bug from 2013 was patched in a release and 2) I have IPS configured to only monitor my single internal network interface.
Does anyone have any idea what /usr/local/bin/ipsfb is or why it's endlessly eating CPU cycles? Sophos keeps spawning the process for some reason, so continuously killing it can't be a good thing [:S]
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
