Mailing List Archive

Yes. Same here too...

On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez <
carlos.garcia@f-integra.org> wrote:

> Hello,
>
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]
>
>
>
> /home/vmail/antivirus/clamav/bin/freshclam -v --debug
> Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
> ClamAV update process started at Wed Mar 6 11:50:17 2019
> Using IPv6 aware code
> Max retries == 3
> Querying current.cvd.clamav.net
> TTL: 297
> Software version from DNS: 0.101.1
> main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
> sigmgr)
> daily.cvd version from DNS: 25380
> LibClamAV debug: in cli_untgz()
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/
> daily.info
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.wdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.crb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cdb
> LibClamAV debug: in cli_untgz_cleanup()
> Retrieving http://database.clamav.net/daily-25380.cdiff
> Trying to download http://database.clamav.net/daily-25380.cdiff (IP:
> 104.16.219.84)
> Downloading daily-25380.cdiff [100%]
>
>
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
> COMMAND
>
> 16952 clamav 20 0 103924 31384 4248 R 95,7 1,5 11:52.09
> freshclam
>
>
> Regards.
>
>
> Carlos
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
Cheers,
Vijay.

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Same here ..


On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
> Yes. Same here too...
>
> On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
> <carlos.garcia@f-integra.org <mailto:carlos.garcia@f-integra.org>> wrote:
>
> Hello,
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]
>
> /home/vmail/antivirus/clamav/bin/freshclam -v --debug
> Current working dir is
> /home/vmail/antivirus/clamav-0.101.1/share/clamav
> ClamAV update process started at Wed Mar  6 11:50:17 2019
> Using IPv6 aware code
> Max retries == 3
> Querying current.cvd.clamav.net <http://current.cvd.clamav.net>
> TTL: 297
> Software version from DNS: 0.101.1
> main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level:
> 60, builder: sigmgr)
> daily.cvd version from DNS: 25380
> LibClamAV debug: in cli_untgz()
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info
> <http://daily.info>
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.wdb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.crb
> LibClamAV debug: cli_untgz: Unpacking
> /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cdb
> LibClamAV debug: in cli_untgz_cleanup()
> Retrieving http://database.clamav.net/daily-25380.cdiff
> Trying to download
> http://database.clamav.net/daily-25380.cdiff (IP: 104.16.219.84)
> Downloading daily-25380.cdiff [100%]
>
>   PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+
> COMMAND
> 16952 clamav    20   0  103924  31384   4248 R 95,7 1,5  11:52.09
> freshclam
> Regards.
> Carlos
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> --
> Cheers,
> Vijay.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

I also am seeing the same thing.
Killing freshclam an starting it again reproduces the process (and locks up again).

You may have to delete daily.cld/cvd from your database directory in order to get past this.

For those who are interested in the code, it is caught in a loop here:
https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
I haven’t yet looked at it long enough to know why. I will continue to investigate and welcome any input from others who may have some insight.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Paul via clamav-users <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Wednesday, March 6, 2019 at 7:30 AM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: Paul <paul@netpresto.co.uk>
Subject: Re: [clamav-users] Problem with freshclam updating daily-25380.cdiff


Same here ..


On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
Yes. Same here too...

On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez <carlos.garcia@f-integra.org<mailto:carlos.garcia@f-integra.org>> wrote:
Hello,

When crontab execs freshclam
CPU server goes to 100%
Hanged finishing Downloading daily-25380.cdiff [100%]


/home/vmail/antivirus/clamav/bin/freshclam -v --debug
Current working dir is /home/vmail/antivirus/clamav-0.101.1/share/clamav
ClamAV update process started at Wed Mar 6 11:50:17 2019
Using IPv6 aware code
Max retries == 3
Querying current.cvd.clamav.net<http://current.cvd.clamav.net>
TTL: 297
Software version from DNS: 0.101.1
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 25380
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/COPYING
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.info<http://daily.info>
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cfg
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ign2
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ftm
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hdu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.hsu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.mdu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.msu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ndu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.ldu
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.idb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.fp
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.sfp
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.pdb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.wdb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.crb
LibClamAV debug: cli_untgz: Unpacking /home/vmail/antivirus/clamav-0.101.1/share/clamav/clamav-b47eccb1be8cc4bb74f44fee336d3954.tmp/clamav-283436edcb34976fc1e39e18893e4bb0.tmp/daily.cdb
LibClamAV debug: in cli_untgz_cleanup()
Retrieving http://database.clamav.net/daily-25380.cdiff
Trying to download http://database.clamav.net/daily-25380.cdiff (IP: 104.16.219.84)
Downloading daily-25380.cdiff [100%]


PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16952 clamav 20 0 103924 31384 4248 R 95,7 1,5 11:52.09 freshclam

Regards.


Carlos


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Cheers,
Vijay.



_______________________________________________



clamav-users mailing list

clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>

https://lists.clamav.net/mailman/listinfo/clamav-users





Help us build a comprehensive ClamAV guide:

https://github.com/vrtadmin/clamav-faq



http://www.clamav.net/contact.html#ml

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Seems like this has been fixed.
Remove /var/lib/clamav/daily.* (either cld or cvd) and run freshclam again. When freshclam failed to update, it was stuck on a .cld file. After removing it, it downloaded daily.cvd and could be updated afterwards.

 
Dennis Hermannsen
System administrator | cHosting ApS
site: chosting.dk [https://chosting.dk]
email: dennis@chosting.dk [mailto:dennis@chosting.dk]
address: Overgade 14E, 5000 Odense C
[https://facebook.com/cHosting]
[https://twitter.com/cHostingDK]
På 06-03-2019 15:08:02, Pierre Dehaen <dehaenp@drever.be> skrev:
Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its own? That is good news for all of the automated systems, even if this is a potentially terrible bug.

I'm still investigating the cause, and asking our signature management team if they have any additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



?On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen" <clamav-users-bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Yes Micah, it finished while I was checking the computer because of the messages received
on the mailing list.

$ tail -50 /var/log/freshclam.log
...
--------------------------------------
ClamAV update process started at Wed Mar 6 11:37:46 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
securiteinfo.hdb is up to date (version: custom database)
securiteinfo.ign2 is up to date (version: custom database)
Downloading javascript.ndb [*]
javascript.ndb updated (version: custom database, sigs: 45008)
securiteinfohtml.hdb is up to date (version: custom database)
securiteinfoascii.hdb is up to date (version: custom database)
securiteinfopdf.hdb is up to date (version: custom database)
Downloading spam_marketing.ndb [*]
spam_marketing.ndb updated (version: custom database, sigs: 24199)
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25380.cdiff [100%]
daily.cld updated (version: 25380, sigs: 1503528, f-level: 63, builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6139078 signatures) from db.be.clamav.net (IP: 104.16.219.84)
Clamd successfully notified about the update.

$ ls -l /var/log/freshclam.log
-rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51 /var/log/freshclam.log

It ran from 11:37 to 14:51. It might run faster on x86 computers though.

Pierre

On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:

Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its own? That is good news
for all of the automated systems, even if this is a potentially terrible bug.

I'm still investigating the cause, and asking our signature management team if they have any
additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen" <clamav-users-
bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Wed, 2019-03-06 at 14:20 +0000, Micah Snyder (micasnyd) via clamav-
users wrote:
> Pierre,
>
> So you're saying it actually did finish after 3 hours, 15 minutes on
> its own? That is good news for all of the automated systems, even if
> this is a potentially terrible bug.
>
> I'm still investigating the cause, and asking our signature
> management team if they have any additional details.
>
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
It took right at 57 minutes to update here:

Wed Mar 6 05:02:57 2019 -> Downloading daily-25380.cdiff [100%]
Wed Mar 6 05:57:24 2019 -> cdiff_apply: Parsed 771787 lines and
executed 771787 commands
Wed Mar 6 05:57:25 2019 -> Loading signatures from daily.cld
Wed Mar 6 05:57:30 2019 -> Properly loaded 1503528 signatures from new
daily.cld
Wed Mar 6 05:57:30 2019 -> daily.cld updated (version: 25380, sigs:
1503528, f-level: 63, builder: raynman)

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
09:09:31 up 16:15, 1 user, load average: 1.40, 0.90, 0.82
Description: Ubuntu 18.04.2 LTS, kernel 4.15.0-46-generic

I confirmed with our signature management team that the extended time processing daily-25380 is because this change is significantly larger than a standard update.
This update drops 768053 hash-based signatures for malware that is detected by other more efficient logical signatures. The net result will be a leaner database that should load a little faster and take up less memory.

The validation stage when creating the daily had estimated less than 26 minutes for the cdiff to apply. You may be correct that it's much faster on x86 than on Sparc. 3h15m is definitely worse than expected, and I apologize for the inconvenience.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


?On 3/6/19, 9:31 AM, "Pierre Dehaen" <dehaenp@drever.be> wrote:

Yes Micah, it finished while I was checking the computer because of the messages received
on the mailing list.

$ tail -50 /var/log/freshclam.log
...
--------------------------------------
ClamAV update process started at Wed Mar 6 11:37:46 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
securiteinfo.hdb is up to date (version: custom database)
securiteinfo.ign2 is up to date (version: custom database)
Downloading javascript.ndb [*]
javascript.ndb updated (version: custom database, sigs: 45008)
securiteinfohtml.hdb is up to date (version: custom database)
securiteinfoascii.hdb is up to date (version: custom database)
securiteinfopdf.hdb is up to date (version: custom database)
Downloading spam_marketing.ndb [*]
spam_marketing.ndb updated (version: custom database, sigs: 24199)
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25380.cdiff [100%]
daily.cld updated (version: 25380, sigs: 1503528, f-level: 63, builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6139078 signatures) from db.be.clamav.net (IP: 104.16.219.84)
Clamd successfully notified about the update.

$ ls -l /var/log/freshclam.log
-rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51 /var/log/freshclam.log

It ran from 11:37 to 14:51. It might run faster on x86 computers though.

Pierre

On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:

Pierre,

So you're saying it actually did finish after 3 hours, 15 minutes on its own? That is good news
for all of the automated systems, even if this is a potentially terrible bug.

I'm still investigating the cause, and asking our signature management team if they have any
additional details.

Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.



On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen" <clamav-users-
bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:

Here too: it took about 3 hours and 15 minutes to calm down (SPARC, Solaris 11,
v0.100.0)... without noticiable error in freshclam.log.

On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:

> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]

Just checked my server and it happened to me too! A little after 5am
central time. :(

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
clamscan, where a copy from February loads in <5 seconds.

safebrowsing data:
Old (fast): ClamAV-VDB:13 Feb 2019 13-16
-0500:48472:3041760:63:X:X:google:1550081775


New (slow): ClamAV-VDB:05 Mar 2019 19-20
-0500:48473:3229612:63:X:X:google:1551831615



Anyone know what might have changed in there to so drastically increased
the load time?

This happened after freshclam ran last night.

# /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
samples/clam_test.html
samples/clam_test.html: OK

----------- SCAN SUMMARY -----------
Known viruses: 3041760
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.423 sec (0 m 2 s)

# /opt/clamav/clamav/bin/clamscan -d
/opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
samples/clam_test.html: OK

----------- SCAN SUMMARY -----------
Known viruses: 3229612
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 64.429 sec (1 m 4 s)


On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I confirmed with our signature management team that the extended time
> processing daily-25380 is because this change is significantly larger than
> a standard update.
> This update drops 768053 hash-based signatures for malware that is
> detected by other more efficient logical signatures. The net result will
> be a leaner database that should load a little faster and take up less
> memory.
>
> The validation stage when creating the daily had estimated less than 26
> minutes for the cdiff to apply. You may be correct that it's much faster
> on x86 than on Sparc. 3h15m is definitely worse than expected, and I
> apologize for the inconvenience.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> ?On 3/6/19, 9:31 AM, "Pierre Dehaen" <dehaenp@drever.be> wrote:
>
> Yes Micah, it finished while I was checking the computer because of
> the messages received
> on the mailing list.
>
> $ tail -50 /var/log/freshclam.log
> ...
> --------------------------------------
> ClamAV update process started at Wed Mar 6 11:37:46 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> securiteinfo.hdb is up to date (version: custom database)
> securiteinfo.ign2 is up to date (version: custom database)
> Downloading javascript.ndb [*]
> javascript.ndb updated (version: custom database, sigs: 45008)
> securiteinfohtml.hdb is up to date (version: custom database)
> securiteinfoascii.hdb is up to date (version: custom database)
> securiteinfopdf.hdb is up to date (version: custom database)
> Downloading spam_marketing.ndb [*]
> spam_marketing.ndb updated (version: custom database, sigs: 24199)
> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
> builder: sigmgr)
> Downloading daily-25380.cdiff [100%]
> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
> builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
> builder: neo)
> Database updated (6139078 signatures) from db.be.clamav.net (IP:
> 104.16.219.84)
> Clamd successfully notified about the update.
>
> $ ls -l /var/log/freshclam.log
> -rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51
> /var/log/freshclam.log
>
> It ran from 11:37 to 14:51. It might run faster on x86 computers
> though.
>
> Pierre
>
> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users wrote:
>
> Pierre,
>
> So you're saying it actually did finish after 3 hours, 15 minutes on
> its own? That is good news
> for all of the automated systems, even if this is a potentially
> terrible bug.
>
> I'm still investigating the cause, and asking our signature management
> team if they have any
> additional details.
>
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
>
> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
> <clamav-users-
> bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:
>
> Here too: it took about 3 hours and 15 minutes to calm down
> (SPARC, Solaris 11,
> v0.100.0)... without noticiable error in freshclam.log.
>
> On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
>
> > When crontab execs freshclam
> > CPU server goes to 100%
> > Hanged finishing Downloading daily-25380.cdiff [100%]
>
> Just checked my server and it happened to me too! A little after
> 5am
> central time. :(
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Maarten,

Thanks for reporting that. There is an ordering difference of the content
in the latest GDB file which is affecting the load time, and we will be
fixing that in the next safebrowsing CVD version.

Dave R.

On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
clamav-users@lists.clamav.net> wrote:

> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
> clamscan, where a copy from February loads in <5 seconds.
>
> safebrowsing data:
> Old (fast): ClamAV-VDB:13 Feb 2019 13-16
> -0500:48472:3041760:63:X:X:google:1550081775
>
>
> New (slow): ClamAV-VDB:05 Mar 2019 19-20
> -0500:48473:3229612:63:X:X:google:1551831615
>
>
>
> Anyone know what might have changed in there to so drastically increased
> the load time?
>
> This happened after freshclam ran last night.
>
> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
> samples/clam_test.html
> samples/clam_test.html: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3041760
> Engine version: 0.100.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 2.423 sec (0 m 2 s)
>
> # /opt/clamav/clamav/bin/clamscan -d
> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
> samples/clam_test.html: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 3229612
> Engine version: 0.100.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 64.429 sec (1 m 4 s)
>
>
> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I confirmed with our signature management team that the extended time
>> processing daily-25380 is because this change is significantly larger than
>> a standard update.
>> This update drops 768053 hash-based signatures for malware that is
>> detected by other more efficient logical signatures. The net result will
>> be a leaner database that should load a little faster and take up less
>> memory.
>>
>> The validation stage when creating the daily had estimated less than 26
>> minutes for the cdiff to apply. You may be correct that it's much faster
>> on x86 than on Sparc. 3h15m is definitely worse than expected, and I
>> apologize for the inconvenience.
>>
>> Regards,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>> ?On 3/6/19, 9:31 AM, "Pierre Dehaen" <dehaenp@drever.be> wrote:
>>
>> Yes Micah, it finished while I was checking the computer because of
>> the messages received
>> on the mailing list.
>>
>> $ tail -50 /var/log/freshclam.log
>> ...
>> --------------------------------------
>> ClamAV update process started at Wed Mar 6 11:37:46 2019
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>> securiteinfo.hdb is up to date (version: custom database)
>> securiteinfo.ign2 is up to date (version: custom database)
>> Downloading javascript.ndb [*]
>> javascript.ndb updated (version: custom database, sigs: 45008)
>> securiteinfohtml.hdb is up to date (version: custom database)
>> securiteinfoascii.hdb is up to date (version: custom database)
>> securiteinfopdf.hdb is up to date (version: custom database)
>> Downloading spam_marketing.ndb [*]
>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
>> builder: sigmgr)
>> Downloading daily-25380.cdiff [100%]
>> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
>> builder: raynman)
>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>> builder: neo)
>> Database updated (6139078 signatures) from db.be.clamav.net (IP:
>> 104.16.219.84)
>> Clamd successfully notified about the update.
>>
>> $ ls -l /var/log/freshclam.log
>> -rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51
>> /var/log/freshclam.log
>>
>> It ran from 11:37 to 14:51. It might run faster on x86 computers
>> though.
>>
>> Pierre
>>
>> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users
>> wrote:
>>
>> Pierre,
>>
>> So you're saying it actually did finish after 3 hours, 15 minutes on
>> its own? That is good news
>> for all of the automated systems, even if this is a potentially
>> terrible bug.
>>
>> I'm still investigating the cause, and asking our signature
>> management team if they have any
>> additional details.
>>
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>>
>>
>>
>> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
>> <clamav-users-
>> bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:
>>
>> Here too: it took about 3 hours and 15 minutes to calm down
>> (SPARC, Solaris 11,
>> v0.100.0)... without noticiable error in freshclam.log.
>>
>> On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
>>
>> > When crontab execs freshclam
>> > CPU server goes to 100%
>> > Hanged finishing Downloading daily-25380.cdiff [100%]
>>
>> Just checked my server and it happened to me too! A little after
>> 5am
>> central time. :(
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
---
Dave Raynor
Talos Security Intelligence and Research Group
draynor@sourcefire.com

For once (?) we're not having any problem with this update. Maybe it's
because we're still running 0.100.2?


On Wed, 6 Mar 2019 14:05:30 +0000
"Micah Snyder \(micasnyd\) via clamav-users"
<clamav-users@lists.clamav.net> wrote:

> I also am seeing the same thing.
> Killing freshclam an starting it again reproduces the process (and
> locks up again).
>
> You may have to delete daily.cld/cvd from your database directory in
> order to get past this.
>
> For those who are interested in the code, it is caught in a loop here:
> https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
> I haven’t yet looked at it long enough to know why. I will continue
> to investigate and welcome any input from others who may have some
> insight.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf
> of Paul via clamav-users <clamav-users@lists.clamav.net> Reply-To:
> ClamAV users ML <clamav-users@lists.clamav.net> Date: Wednesday,
> March 6, 2019 at 7:30 AM To: "clamav-users@lists.clamav.net"
> <clamav-users@lists.clamav.net> Cc: Paul <paul@netpresto.co.uk>
> Subject: Re: [clamav-users] Problem with freshclam updating
> daily-25380.cdiff
>
>
> Same here ..
>
>
> On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
> Yes. Same here too...
>
> On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
> <carlos.garcia@f-integra.org<mailto:carlos.garcia@f-integra.org>>
> wrote: Hello,
>
> When crontab execs freshclam
> CPU server goes to 100%
> Hanged finishing Downloading daily-25380.cdiff [100%]


[remainder deleted]

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I spoke too soon! Although 0.100.2 didn't hang, it did have to download
25380 several times -- while claiming success each time!


On Wed, 6 Mar 2019 15:54:04 -0500
Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:

> For once (?) we're not having any problem with this update. Maybe it's
> because we're still running 0.100.2?
>
>
> On Wed, 6 Mar 2019 14:05:30 +0000
> "Micah Snyder \(micasnyd\) via clamav-users"
> <clamav-users@lists.clamav.net> wrote:
>
> > I also am seeing the same thing.
> > Killing freshclam an starting it again reproduces the process (and
> > locks up again).
> >
> > You may have to delete daily.cld/cvd from your database directory in
> > order to get past this.
> >
> > For those who are interested in the code, it is caught in a loop
> > here:
> > https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.102/shared/cdiff.c#L922
> > I haven’t yet looked at it long enough to know why. I will
> > continue to investigate and welcome any input from others who may
> > have some insight.
> >
> > Regards,
> > Micah
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> >
> > From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf
> > of Paul via clamav-users <clamav-users@lists.clamav.net> Reply-To:
> > ClamAV users ML <clamav-users@lists.clamav.net> Date: Wednesday,
> > March 6, 2019 at 7:30 AM To: "clamav-users@lists.clamav.net"
> > <clamav-users@lists.clamav.net> Cc: Paul <paul@netpresto.co.uk>
> > Subject: Re: [clamav-users] Problem with freshclam updating
> > daily-25380.cdiff
> >
> >
> > Same here ..
> >
> >
> > On 06/03/2019 11:31, Vijayakumar U via clamav-users wrote:
> > Yes. Same here too...
> >
> > On Wed, 6 Mar 2019 at 16:24, Carlos García Gómez
> > <carlos.garcia@f-integra.org<mailto:carlos.garcia@f-integra.org>>
> > wrote: Hello,
> >
> > When crontab execs freshclam
> > CPU server goes to 100%
> > Hanged finishing Downloading daily-25380.cdiff [100%]
>
>
> [remainder deleted]

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

From my local validation with ClamAV, I can confidently say that
safebrowsing CVD 48474 will load much faster than safebrowsing CVD 48473.
It's all in the ordering. We'll be keeping track of that going forward.

Safebrowsing 48474 is available from the mirror network now.

Dave R.

On Wed, Mar 6, 2019 at 12:19 PM David Raynor <draynor@sourcefire.com> wrote:

> Maarten,
>
> Thanks for reporting that. There is an ordering difference of the content
> in the latest GDB file which is affecting the load time, and we will be
> fixing that in the next safebrowsing CVD version.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
>> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
>> clamscan, where a copy from February loads in <5 seconds.
>>
>> safebrowsing data:
>> Old (fast): ClamAV-VDB:13 Feb 2019 13-16
>> -0500:48472:3041760:63:X:X:google:1550081775
>>
>>
>> New (slow): ClamAV-VDB:05 Mar 2019 19-20
>> -0500:48473:3229612:63:X:X:google:1551831615
>>
>>
>>
>> Anyone know what might have changed in there to so drastically increased
>> the load time?
>>
>> This happened after freshclam ran last night.
>>
>> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
>> samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 3041760
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 2.423 sec (0 m 2 s)
>>
>> # /opt/clamav/clamav/bin/clamscan -d
>> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 3229612
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 64.429 sec (1 m 4 s)
>>
>>
>> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> I confirmed with our signature management team that the extended time
>>> processing daily-25380 is because this change is significantly larger than
>>> a standard update.
>>> This update drops 768053 hash-based signatures for malware that is
>>> detected by other more efficient logical signatures. The net result will
>>> be a leaner database that should load a little faster and take up less
>>> memory.
>>>
>>> The validation stage when creating the daily had estimated less than 26
>>> minutes for the cdiff to apply. You may be correct that it's much faster
>>> on x86 than on Sparc. 3h15m is definitely worse than expected, and I
>>> apologize for the inconvenience.
>>>
>>> Regards,
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>> ?On 3/6/19, 9:31 AM, "Pierre Dehaen" <dehaenp@drever.be> wrote:
>>>
>>> Yes Micah, it finished while I was checking the computer because of
>>> the messages received
>>> on the mailing list.
>>>
>>> $ tail -50 /var/log/freshclam.log
>>> ...
>>> --------------------------------------
>>> ClamAV update process started at Wed Mar 6 11:37:46 2019
>>> WARNING: Your ClamAV installation is OUTDATED!
>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> securiteinfo.hdb is up to date (version: custom database)
>>> securiteinfo.ign2 is up to date (version: custom database)
>>> Downloading javascript.ndb [*]
>>> javascript.ndb updated (version: custom database, sigs: 45008)
>>> securiteinfohtml.hdb is up to date (version: custom database)
>>> securiteinfoascii.hdb is up to date (version: custom database)
>>> securiteinfopdf.hdb is up to date (version: custom database)
>>> Downloading spam_marketing.ndb [*]
>>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>>> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
>>> builder: sigmgr)
>>> Downloading daily-25380.cdiff [100%]
>>> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
>>> builder: raynman)
>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>>> builder: neo)
>>> Database updated (6139078 signatures) from db.be.clamav.net (IP:
>>> 104.16.219.84)
>>> Clamd successfully notified about the update.
>>>
>>> $ ls -l /var/log/freshclam.log
>>> -rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51
>>> /var/log/freshclam.log
>>>
>>> It ran from 11:37 to 14:51. It might run faster on x86 computers
>>> though.
>>>
>>> Pierre
>>>
>>> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users
>>> wrote:
>>>
>>> Pierre,
>>>
>>> So you're saying it actually did finish after 3 hours, 15 minutes on
>>> its own? That is good news
>>> for all of the automated systems, even if this is a potentially
>>> terrible bug.
>>>
>>> I'm still investigating the cause, and asking our signature
>>> management team if they have any
>>> additional details.
>>>
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>>
>>> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
>>> <clamav-users-
>>> bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:
>>>
>>> Here too: it took about 3 hours and 15 minutes to calm down
>>> (SPARC, Solaris 11,
>>> v0.100.0)... without noticiable error in freshclam.log.
>>>
>>> On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
>>>
>>> > When crontab execs freshclam
>>> > CPU server goes to 100%
>>> > Hanged finishing Downloading daily-25380.cdiff [100%]
>>>
>>> Just checked my server and it happened to me too! A little after
>>> 5am
>>> central time. :(
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> draynor@sourcefire.com
>


--
---
Dave Raynor
Talos Security Intelligence and Research Group
draynor@sourcefire.com

Hi Dave,
I noticed that the safebrowsing CVD was updated (I'm seeing version 48474
now) but the cdiff takes a VERY long time to apply and the new gdb file
takes about the same time to load.

Freshclam hangs at this point:
Wed Mar 6 16:03:05 2019 -> *Retrieving
http://db.US.clamav.net/safebrowsing-48474.cdiff
Wed Mar 6 16:03:05 2019 -> *Trying to download
http://db.US.clamav.net/safebrowsing-48474.cdiff (IP: 104.16.218.84)
Wed Mar 6 16:03:06 2019 -> Downloading safebrowsing-48474.cdiff [100%]

# /opt/clamav/clamav/bin/clamscan -d ./safebrowsing.gdb
/opt/scripts/signatures/samples/clam_test.html
/opt/scripts/signatures/samples/clam_test.html: OK

----------- SCAN SUMMARY -----------
Known viruses: 3229612
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 79.206 sec (1 m 19 s)

Looking at the gdb contents, the file is still sorted in the same way as
version 48473 (by the hash in the third field), rather than by the second
field (P / F). When I re-sort the file by the second field, it loads in
under 5 seconds.

--Maarten

On Wed, Mar 6, 2019 at 12:22 PM David Raynor <draynor@sourcefire.com> wrote:

> Maarten,
>
> Thanks for reporting that. There is an ordering difference of the content
> in the latest GDB file which is affecting the load time, and we will be
> fixing that in the next safebrowsing CVD version.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 10:42 AM Maarten Broekman via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> I'm not sure if the safebrowsing.cld is included in the daily cdiff, but
>> the current safebrowsing.cld takes between 50 and 70 seconds to *load* into
>> clamscan, where a copy from February loads in <5 seconds.
>>
>> safebrowsing data:
>> Old (fast): ClamAV-VDB:13 Feb 2019 13-16
>> -0500:48472:3041760:63:X:X:google:1550081775
>>
>>
>> New (slow): ClamAV-VDB:05 Mar 2019 19-20
>> -0500:48473:3229612:63:X:X:google:1551831615
>>
>>
>>
>> Anyone know what might have changed in there to so drastically increased
>> the load time?
>>
>> This happened after freshclam ran last night.
>>
>> # /opt/clamav/clamav/bin/clamscan -d ~/safebrowsing.cld
>> samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 3041760
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 2.423 sec (0 m 2 s)
>>
>> # /opt/clamav/clamav/bin/clamscan -d
>> /opt/clamav/var/lib/clamav/safebrowsing.cld samples/clam_test.html
>> samples/clam_test.html: OK
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 3229612
>> Engine version: 0.100.2
>> Scanned directories: 0
>> Scanned files: 1
>> Infected files: 0
>> Data scanned: 0.00 MB
>> Data read: 0.00 MB (ratio 0.00:1)
>> Time: 64.429 sec (1 m 4 s)
>>
>>
>> On Wed, Mar 6, 2019 at 10:17 AM Micah Snyder (micasnyd) via clamav-users <
>> clamav-users@lists.clamav.net> wrote:
>>
>>> I confirmed with our signature management team that the extended time
>>> processing daily-25380 is because this change is significantly larger than
>>> a standard update.
>>> This update drops 768053 hash-based signatures for malware that is
>>> detected by other more efficient logical signatures. The net result will
>>> be a leaner database that should load a little faster and take up less
>>> memory.
>>>
>>> The validation stage when creating the daily had estimated less than 26
>>> minutes for the cdiff to apply. You may be correct that it's much faster
>>> on x86 than on Sparc. 3h15m is definitely worse than expected, and I
>>> apologize for the inconvenience.
>>>
>>> Regards,
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>> ?On 3/6/19, 9:31 AM, "Pierre Dehaen" <dehaenp@drever.be> wrote:
>>>
>>> Yes Micah, it finished while I was checking the computer because of
>>> the messages received
>>> on the mailing list.
>>>
>>> $ tail -50 /var/log/freshclam.log
>>> ...
>>> --------------------------------------
>>> ClamAV update process started at Wed Mar 6 11:37:46 2019
>>> WARNING: Your ClamAV installation is OUTDATED!
>>> WARNING: Local version: 0.100.0 Recommended version: 0.101.1
>>> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
>>> securiteinfo.hdb is up to date (version: custom database)
>>> securiteinfo.ign2 is up to date (version: custom database)
>>> Downloading javascript.ndb [*]
>>> javascript.ndb updated (version: custom database, sigs: 45008)
>>> securiteinfohtml.hdb is up to date (version: custom database)
>>> securiteinfoascii.hdb is up to date (version: custom database)
>>> securiteinfopdf.hdb is up to date (version: custom database)
>>> Downloading spam_marketing.ndb [*]
>>> spam_marketing.ndb updated (version: custom database, sigs: 24199)
>>> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
>>> builder: sigmgr)
>>> Downloading daily-25380.cdiff [100%]
>>> daily.cld updated (version: 25380, sigs: 1503528, f-level: 63,
>>> builder: raynman)
>>> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63,
>>> builder: neo)
>>> Database updated (6139078 signatures) from db.be.clamav.net (IP:
>>> 104.16.219.84)
>>> Clamd successfully notified about the update.
>>>
>>> $ ls -l /var/log/freshclam.log
>>> -rw-r--r-- 1 clamav clamav 701634 Mar 6 14:51
>>> /var/log/freshclam.log
>>>
>>> It ran from 11:37 to 14:51. It might run faster on x86 computers
>>> though.
>>>
>>> Pierre
>>>
>>> On 6 Mar 2019 at 14:20, Micah Snyder (micasnyd) via clamav-users
>>> wrote:
>>>
>>> Pierre,
>>>
>>> So you're saying it actually did finish after 3 hours, 15 minutes on
>>> its own? That is good news
>>> for all of the automated systems, even if this is a potentially
>>> terrible bug.
>>>
>>> I'm still investigating the cause, and asking our signature
>>> management team if they have any
>>> additional details.
>>>
>>> Micah
>>>
>>> Micah Snyder
>>> ClamAV Development
>>> Talos
>>> Cisco Systems, Inc.
>>>
>>>
>>>
>>> On 3/6/19, 9:06 AM, "clamav-users on behalf of Pierre Dehaen"
>>> <clamav-users-
>>> bounces@lists.clamav.net on behalf of dehaenp@drever.be> wrote:
>>>
>>> Here too: it took about 3 hours and 15 minutes to calm down
>>> (SPARC, Solaris 11,
>>> v0.100.0)... without noticiable error in freshclam.log.
>>>
>>> On 6 Mar 2019 at 6:27, J.R. via clamav-users wrote:
>>>
>>> > When crontab execs freshclam
>>> > CPU server goes to 100%
>>> > Hanged finishing Downloading daily-25380.cdiff [100%]
>>>
>>> Just checked my server and it happened to me too! A little after
>>> 5am
>>> central time. :(
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> draynor@sourcefire.com
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>