Re: [clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

2017-03-28 Thread Antonio Pavletich 
Thanks for the tip, I found the issue, it was that clamav-daemon was
running out of memory, crashing & serviced was indeed restarting it (only
for it the crash again & so it went).


On 29 March 2017 at 00:58, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:

> On 28.03.17 22:33, Antonio Pavletich wrote:
>
>> Since upgrading I'm found clamd is spiking and staying put at 100%.
>>
>> I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
>> the same issue occur on the next inbound email?
>>
>
> top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19
>>
>
> note that some time after start, clamd loads, virus signatures from disk
> unpacks them and builds in-memory databse, so it is expected to eat 100% of
> CPU for a few minutes.
>
> logs spew out repeats of the below continuously?
>>
>> Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
>> Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017
>> Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017
>> Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.
>>
>
> this looks like either the clamav process is crashing, or there is an error
> related to how clamd is started from systemd, so systemd kills it and
> starts
> it repeatedly again  and again...
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
> "So does syphillis. Good thing we have penicillin." - Matthew Alton
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Ubuntu 16.04 - ClamAV with AMAVIS 100% CPU - very few Google results

2017-03-28 Thread Antonio Pavletich 
Hi,

I've used clam-av for for years but not kept up to date with the many
changes.

Since upgrading I'm found clamd is spiking and staying put at 100%.

I've deleted all files in /var/lib/clamav & re-ran freshclam only to have
the same issue occur on the next inbound email?
I followed the guide at
https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/2/

If any other information is needed to aid in identifying this please let me
know.

Antonio

eg:

root@host:/var/lib/clamav# clamd -V
ClamAV 0.99.2/23244/Tue Mar 28 04:33:34 2017
root@host:/

top - 11:07:58 up 3 days,  3:49,  2 users,  load average: 2.96, 4.30, 2.19
Tasks: 195 total,   2 running, 193 sleeping,   0 stopped,   0 zombie
%Cpu(s):  1.0 us,  0.3 sy,  0.0 ni, 98.2 id,  0.5 wa,  0.0 hi,  0.0 si,
0.0 st
KiB Mem :  1014372 total,11140 free,   836764 used,   166468 buff/cache
KiB Swap:0 total,0 free,0 used.67920 avail Mem

  PID USER  PR  NIVIRTRESSHR S %CPU %MEM TIME+
COMMAND
20406 clamav20   0  574844 405512   3684 R 93.8 40.0   0:06.33
clamd
1 root  20   0  185248   4296   2396 S  0.0  0.4   0:17.99
systemd
2 root  20   0   0  0  0 S  0.0  0.0   0:00.00
kthreadd
3 root  20   0   0  0  0 S  0.0  0.0   0:05.96
ksoftirqd/0

logs spew out repeats of the below continuously?

Tue Mar 28 11:20:19 2017 -> +++ Started at Tue Mar 28 11:20:19 2017
Tue Mar 28 11:20:19 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:19 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:19 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:19 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:19 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:19 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:19 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:27 2017 -> +++ Started at Tue Mar 28 11:20:27 2017
Tue Mar 28 11:20:27 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:27 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:27 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:27 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:27 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:27 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:27 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:33 2017 -> +++ Started at Tue Mar 28 11:20:33 2017
Tue Mar 28 11:20:33 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:33 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:33 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:33 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:33 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:33 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:33 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:42 2017 -> +++ Started at Tue Mar 28 11:20:42 2017
Tue Mar 28 11:20:42 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:42 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:42 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:42 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:42 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:42 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:42 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:52 2017 -> +++ Started at Tue Mar 28 11:20:52 2017
Tue Mar 28 11:20:52 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:52 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:52 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:52 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:52 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:52 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:52 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:20:59 2017 -> +++ Started at Tue Mar 28 11:20:59 2017
Tue Mar 28 11:20:59 2017 -> Received 1 file descriptor(s) from systemd.
Tue Mar 28 11:20:59 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
Tue Mar 28 11:20:59 2017 -> Running as user clamav (UID 117, GID 123)
Tue Mar 28 11:20:59 2017 -> Log file size limited to 1048576 bytes.
Tue Mar 28 11:20:59 2017 -> Reading databases from /var/lib/clamav
Tue Mar 28 11:20:59 2017 -> Not loading PUA signatures.
Tue Mar 28 11:20:59 2017 -> Bytecode: Security mode set to "TrustSigned".
Tue Mar 28 11:21:07 2017 -> +++ Started at Tue Mar 28 11:21:07 2017
___
clamav-users mailing list
clamav-users@lists.clamav.net