Re: [clamav-users] clamonacc high increase of disk usage
Hello @Andrew thanks for the tip. We tried what you suggested by running du without the -s when the issue re-occurred, however we did not see any difference when comparing the results with "diff" to the following files: - "disk_usage_before_restart.txt": du -h results when the disk usage is almost full - "disk_usage_after_restart.txt": du -h results after restarting "clamonacc" and disk space has been freed ~$ diff <(grep -v "/proc" disk_usage_before_restart.txt) <(grep -v "/proc" disk_usage_after_restart.txt) 85316a85317 > 36K /var/tmp 126817d126817 < 380K /var/tmp/folder/pdf-tmp 131004d131003 < 760K /var/tmp/folder 131193d131191 < 796K /var/tmp 134093d134090 < 1.8M /var/spool/rsyslog 134272d134268 < 1.9M /var/spool 134425a134422 > 2.1M /var/spool/rsyslog 134503a134501 > 2.2M /var/spool 136369a136368 > 42M /home/user 136371,136372c136370 < 43M /home/user < 44M /home --- > 43M /home --- Original Message --- On Friday, April 14th, 2023 at 2:33 PM, Andrew C Aitchison wrote: > 'du -h / | sort -h' - without the 's' - will show where the space is used. > > -- > Andrew C. Aitchison Kendal, UK > and...@aitchison.me.uk ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] clamonacc high increase of disk usage
Hello everyone, We are using ClamAV and have noticed a high increase of disk usage while running clamonacc real time scan on our server. Checking the current disk usage with "df -h" it shows: Filesystem Size Used Avail Use% Mounted on /dev/xvda1 99G 98G 0 100% / However, checking with "du -hs" it unfortunately does not show where all the space is being used: 49G var2.5G usr1.9G tmp535M opt79M boot We then restarted the "clamonacc" service, and after that it freed up the space that was not being shown with "du -hs". And after a while it happens again. These are the clamd configuration that we are using to scan the whole system (/): User root FollowDirectorySymlinks true FollowFileSymlinks true OnAccessMountPath / OnAccessExtraScanning yes OnAccessExcludeRootUID yes OnAccessExcludeUname clamav OnAccessExcludeUname clamdVirusEvent /opt/clamav-response In the clamonacc log file we only receive the following timeouts however it still works: ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server. ClamClient: Connection to clamd re-established. We are running ClamAV on the following server: - OS: Debian 11 (bullseye) - ClamAV version: 0.103.7+dfsg-0+deb11u1 Below is our system configuration for "clamonacc" process: /etc/systemd/system/clamonacc.service [Unit] Description=ClamAV On Access Scanner Requires=clamav-daemon.service After=clamav-daemon.service syslog.target network.target [Service] Type=simple User=root ExecStartPre=/bin/bash -c "while [ ! -S /var/run/clamav/clamd.ctl ]; do sleep 1; done" ExecStart=/usr/sbin/clamonacc -F --config-file=/etc/clamav/clamd.conf --log=/var/log/clamav/clamonacc.log Restart=on-failure RestartSec=120s [Install] WantedBy=multi-user.target Does anyone have an idea what we can do to scan the whole filesystem without having these issues? Thanks in advance!___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat