Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Duplicate database, 525 minutes to complete, >90% CPU
clamav-users at lists
May 20, 2019, 5:08 PM
Post #1 of 5 (267 views)
Permalink
Hello;

Running for 525 minutes at >90% CPU seems not good. Causes noticeable
delay in command line activity for all users.

We've got this cronjob:

30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet /
| mail -s "Clam AV Scan Results for $(hostname -s)" itdept@domain.com

on this Linux:

# uname -a
Linux server.domain.com 2.6.32-754.2.1.el6.x86_64 #1 SMP Fri Jul 13
12:50:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Clamscan appeared as the busiest process in top, 8 hours after launch:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

23043 root 20 0 765m 639m 2520 R 90.6 16.2 525:56.48 clamscan

3071 mysql 20 0 2228m 50m 3552 S 2.3 1.3 4778:31 mysqld

28772 apache 20 0 349m 17m 5652 S 1.7 0.4 0:16.38 httpd


Producing these logs:

--------------------------------------

ClamAV update process started at Sun May 19 01:30:01 2019

WARNING: Your ClamAV installation is OUTDATED!

WARNING: Local version: 0.100.1 Recommended version: 0.101.2

DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)

Downloading daily-25454.cdiff [100%]

daily.cld updated (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)

bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)

[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and
/var/lib/clamav/main.cld, please manually remove one of them

Database updated (6141007 signatures) from db.local.clamav.net (IP:
104.16.219.84)

--------------------------------------

ClamAV update process started at Sun May 19 03:14:01 2019

WARNING: Your ClamAV installation is OUTDATED!

WARNING: Local version: 0.100.1 Recommended version: 0.101.2

DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)

daily.cld is up to date (version: 25454, sigs: 1574664, f-level: 63,
builder: raynman)

bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)


Any help would be greatly appreciated!

Thank you -

Clarkman
Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU [ In reply to ]
clamav-users at lists
May 20, 2019, 6:36 PM
Post #2 of 5 (266 views)
Permalink
I am not seeing any evidence of a duplicate database. It would appear that you have some event scheduled to update your definitions database around 3:14am. Probably no impact on your on-going scan at that time because there were no further updates at that time, but not certain. Normal practice would be to schedule a database update before a scheduled scan.

Lots of variables involved in determining how long a clamscan will require, especially when you say there are active Command Line users, but 8 hours does sound excessive. How long has this been going on?

Look into updating ClamAV to 0.101.2. You are coming up on a year behind and there have been multiple security related patches since 0.100.1 <https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html <https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html>>.

-Al-
macOS ClamXAV User

On Mon, May 20, 2019 at 05:08 PM, Clark Dunson via clamav-users wrote:
> Hello;
>
> Running for 525 minutes at >90% CPU seems not good. Causes noticeable delay in command line activity for all users.
>
> We've got this cronjob:
>
> 30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet / | mail -s "Clam AV Scan Results for $(hostname -s)" itdept@domain.com <mailto:itdept@domain.com>
>
> on this Linux:
>
> # uname -a
> Linux server.domain.com <http://server.domain.com/> 2.6.32-754.2.1.el6.x86_64 #1 SMP Fri Jul 13 12:50:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>
> Clamscan appeared as the busiest process in top, 8 hours after launch:
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 23043 root 20 0 765m 639m 2520 R 90.6 16.2 525:56.48 clamscan
> 3071 mysql 20 0 2228m 50m 3552 S 2.3 1.3 4778:31 mysqld
> 28772 apache 20 0 349m 17m 5652 S 1.7 0.4 0:16.38 httpd
>
> Producing these logs:
> --------------------------------------
> ClamAV update process started at Sun May 19 01:30:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav <https://www.clamav.net/documents/upgrading-clamav>
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> Downloading daily-25454.cdiff [100%]
> daily.cld updated (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
> [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
> Database updated (6141007 signatures) from db.local.clamav.net <http://db.local.clamav.net/> (IP: 104.16.219.84)
> --------------------------------------
> ClamAV update process started at Sun May 19 03:14:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav <https://www.clamav.net/documents/upgrading-clamav>
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> daily.cld is up to date (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
>
> Any help would be greatly appreciated!
>
> Thank you -
>
> Clarkman
Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU [ In reply to ]
webmaster at securiteinfo
May 20, 2019, 11:15 PM
Post #3 of 5 (266 views)
Permalink
Hello Clark,


> Running for 525 minutes at >90% CPU seems not good.  Causes noticeable
> delay in command line activity for all users.

Could you please send us the result of these command lines :

cat /proc/cpuinfo

free -m

Thank you

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU [ In reply to ]
clamav-users at lists
May 21, 2019, 3:36 AM
Post #4 of 5 (266 views)
Permalink
Il 2019-05-21 2:08 Clark Dunson via clamav-users ha scritto:

> Hello;
>
> Running for 525 minutes at >90% CPU seems not good. Causes noticeable delay in command line activity for all users.
>
> We've got this cronjob:
>
> 30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet / | mail -s "Clam AV Scan Results for $(hostname -s)" itdept@domain.com

It looks like you are scanning the whole the system ("/"), thus
including "/dev", "/proc"...
I believe this may result a hard work

Obviously you can exclude any apparent hardware failure, can't you?

Bye,

Gian Carlo
Re: [clamav-users] Duplicate database, 525 minutes to complete, >90% CPU [ In reply to ]
clamav-users at lists
May 21, 2019, 1:13 PM
Post #5 of 5 (262 views)
Permalink
Hi there,

On Tue, 21 May 2019, Clark Dunson wrote:

> ...
> /usr/bin/clamscan -o -i -r --quiet /
> ...

Don't do that. Search the list archives for explanations.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal