Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

2019-05-21 Thread G.W. Haywood via clamav-users 

Hi there,

On Tue, 21 May 2019, Clark Dunson wrote:


...
/usr/bin/clamscan -o -i -r --quiet /
...


Don't do that.  Search the list archives for explanations.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

2019-05-21 Thread Gian Carlo Stagni via clamav-users 
Il 2019-05-21 2:08 Clark Dunson via clamav-users ha scritto:

> Hello;  
> 
> Running for 525 minutes at >90% CPU seems not good.  Causes noticeable delay 
> in command line activity for all users. 
> 
> We've got this cronjob: 
> 
> 30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet / | 
> mail -s "Clam AV Scan Results for $(hostname -s)" itd...@domain.com

It looks like you are scanning the whole the system ("/"), thus
including "/dev", "/proc"... 
I believe this may result a hard work 

Obviously you can exclude any apparent hardware failure, can't you? 

Bye, 

Gian Carlo
___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

2019-05-21 Thread Arnaud Jacques 

Hello Clark,


Running for 525 minutes at >90% CPU seems not good.  Causes noticeable 
delay in command line activity for all users.


Could you please send us the result of these command lines :

cat /proc/cpuinfo

free -m

Thank you

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

2019-05-20 Thread Al Varnell via clamav-users 
I am not seeing any evidence of a duplicate database. It would appear that you 
have some event scheduled to update your definitions database around 3:14am. 
Probably no impact on your on-going scan at that time because there were no 
further updates at that time, but not certain. Normal practice would be to 
schedule a database update before a scheduled scan.

Lots of variables involved in determining how long a clamscan will require, 
especially when you say there are active Command Line users, but 8 hours does 
sound excessive. How long has this been going on?

Look into updating ClamAV to 0.101.2. You are coming up on a year behind and 
there have been multiple security related patches since 0.100.1 
>.

-Al-
macOS ClamXAV User

On Mon, May 20, 2019 at 05:08 PM, Clark Dunson via clamav-users wrote:
> Hello; 
> 
> Running for 525 minutes at >90% CPU seems not good.  Causes noticeable delay 
> in command line activity for all users.
> 
> We've got this cronjob:
> 
> 30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet / | 
> mail -s "Clam AV Scan Results for $(hostname -s)" itd...@domain.com 
> 
> 
> on this Linux:
> 
> # uname -a
> Linux server.domain.com  2.6.32-754.2.1.el6.x86_64 
> #1 SMP Fri Jul 13 12:50:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
> 
> Clamscan appeared as the busiest process in top, 8 hours after launch:
> 
> PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 
> 23043 root  20   0  765m 639m 2520 R 90.6 16.2 525:56.48 clamscan 
>   
>  
>  3071 mysql 20   0 2228m  50m 3552 S  2.3  1.3   4778:31 mysqld   
>   
>  
> 28772 apache20   0  349m  17m 5652 S  1.7  0.4   0:16.38 httpd
>   
>  
> 
> Producing these logs:
> --
> ClamAV update process started at Sun May 19 01:30:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 
> 
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
> sigmgr)
> Downloading daily-25454.cdiff [100%]
> daily.cld updated (version: 25454, sigs: 1574664, f-level: 63, builder: 
> raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
> [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and 
> /var/lib/clamav/main.cld, please manually remove one of them
> Database updated (6141007 signatures) from db.local.clamav.net 
>  (IP: 104.16.219.84)
> --
> ClamAV update process started at Sun May 19 03:14:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 
> 
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
> sigmgr)
> daily.cld is up to date (version: 25454, sigs: 1574664, f-level: 63, builder: 
> raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
> 
> Any help would be greatly appreciated!
> 
> Thank you -
> 
> Clarkman

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Duplicate database, 525 minutes to complete, >90% CPU

2019-05-20 Thread Clark Dunson via clamav-users 
Hello;

Running for 525 minutes at >90% CPU seems not good.  Causes noticeable
delay in command line activity for all users.

We've got this cronjob:

30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet /
| mail -s "Clam AV Scan Results for $(hostname -s)" itd...@domain.com

on this Linux:

# uname -a
Linux server.domain.com 2.6.32-754.2.1.el6.x86_64 #1 SMP Fri Jul 13
12:50:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Clamscan appeared as the busiest process in top, 8 hours after launch:

PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND

23043 root  20   0  765m 639m 2520 R 90.6 16.2 525:56.48 clamscan

 3071 mysql 20   0 2228m  50m 3552 S  2.3  1.3   4778:31 mysqld

28772 apache20   0  349m  17m 5652 S  1.7  0.4   0:16.38 httpd


Producing these logs:

--

ClamAV update process started at Sun May 19 01:30:01 2019

WARNING: Your ClamAV installation is OUTDATED!

WARNING: Local version: 0.100.1 Recommended version: 0.101.2

DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)

Downloading daily-25454.cdiff [100%]

daily.cld updated (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)

bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)

[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and
/var/lib/clamav/main.cld, please manually remove one of them

Database updated (6141007 signatures) from db.local.clamav.net (IP:
104.16.219.84)

--

ClamAV update process started at Sun May 19 03:14:01 2019

WARNING: Your ClamAV installation is OUTDATED!

WARNING: Local version: 0.100.1 Recommended version: 0.101.2

DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)

daily.cld is up to date (version: 25454, sigs: 1574664, f-level: 63,
builder: raynman)

bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)


Any help would be greatly appreciated!

Thank you -

Clarkman

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml