Mailing List Archive

Hello,

In the Message;

Subject : [clamav-users] 100% CPU usage in clamd
Message-ID : <CACRqGtbkbLor1N8z+3wY_axe+A1UrZ1xtPdogveTeN8Rrtr1wQ@mail.gmail.com>
Date & Time: Thu, 14 Mar 2024 12:08:39 +0900

[TI] == Taizo ITO via clamav-users <clamav-users@lists.clamav.net> has written:

TI> Hello,

TI> We got a high CPU usage problem with the latest signature database
TI> updated by freshclam.

TI> $ sigtool -i /var/lib/clamav/daily.cvd
TI> File: /var/lib/clamav/daily.cvd
TI> Build time: 13 Mar 2024 04:26 -0400
TI> Version: 27213
TI> Signatures: 2054946
TI> Functionality level: 90
TI> Builder: raynman
TI> MD5: 247b4b8948d88a3abb30920a0859f3a3
TI> Digital signature:
TI> puOEwfaisn0ckV/6814MK8rc0JlKSeRTQ2ZPAfO21r6p7eslW/BraTrZpi+LSAC3rItzPYgCl81zseY2L3ubPDe6M5c3p6pTXGDav+Ai5ud7ProjIFCmSi+VMuXslygj4nU2XnOPR2iLhtXrC/5qYA2OBg96N51yBLCN5bvkkOd
TI> Verification OK.

Which version are you using?

Best Regards.

---
$B(.(,(,(/WD(B $BLn5\(B $B8-(B mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B " Hassabis says that no one really knows for sure that AI will
become a major danger. But he is certain that if progress
continues at its current pace, there isn$B!G(Bt much time to develop
safeguards. "I can see the kinds of things we're building into
the Gemini series right, and we have no reason to believe that
they won't work," he says."

-- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hello,

Thank you for the reply.

Clamd version is, v1.3.0 but the issue also happened in v1.2.1.
My first question might have been wrong because the problem happened
with the latest virus database "Version: 27215" as well.
I'm using "clamdscan" to scan a file. Scanning 3 files in parallel
caused almost 300% in CPU workload.
Any help would be appreciated.

Regards,
Taizo

On Fri, Mar 15, 2024 at 7:20?PM Masaru Nomiya via clamav-users
<clamav-users@lists.clamav.net> wrote:
>
> Hello,
>
> In the Message;
>
> Subject : [clamav-users] 100% CPU usage in clamd
> Message-ID : <CACRqGtbkbLor1N8z+3wY_axe+A1UrZ1xtPdogveTeN8Rrtr1wQ@mail.gmail.com>
> Date & Time: Thu, 14 Mar 2024 12:08:39 +0900
>
> [TI] == Taizo ITO via clamav-users <clamav-users@lists.clamav.net> has written:
>
> TI> Hello,
>
> TI> We got a high CPU usage problem with the latest signature database
> TI> updated by freshclam.
>
> TI> $ sigtool -i /var/lib/clamav/daily.cvd
> TI> File: /var/lib/clamav/daily.cvd
> TI> Build time: 13 Mar 2024 04:26 -0400
> TI> Version: 27213
> TI> Signatures: 2054946
> TI> Functionality level: 90
> TI> Builder: raynman
> TI> MD5: 247b4b8948d88a3abb30920a0859f3a3
> TI> Digital signature:
> TI> puOEwfaisn0ckV/6814MK8rc0JlKSeRTQ2ZPAfO21r6p7eslW/BraTrZpi+LSAC3rItzPYgCl81zseY2L3ubPDe6M5c3p6pTXGDav+Ai5ud7ProjIFCmSi+VMuXslygj4nU2XnOPR2iLhtXrC/5qYA2OBg96N51yBLCN5bvkkOd
> TI> Verification OK.
>
> Which version are you using?
>
> Best Regards.
>
> ---
> ????? ?? ? mail-to: nomiya @ lake.dti.ne.jp
> ????
> ???? " Hassabis says that no one really knows for sure that AI will
> become a major danger. But he is certain that if progress
> continues at its current pace, there isn’t much time to develop
> safeguards. "I can see the kinds of things we're building into
> the Gemini series right, and we have no reason to believe that
> they won't work," he says."
>
> -- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat



--
Taizo Ito <taizo.ito@hennge.com>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hello,

Sorry for late reply.

In the Message;

Subject : Re: [clamav-users] 100% CPU usage in clamd
Message-ID : <CACRqGtb=+O8VHzOXC-LJk0h+Z2gZHeUdti9=E=58B0q1TysS9g@mail.gmail.com>
Date & Time: Fri, 15 Mar 2024 23:55:13 +0900

[TI] == Taizo ITO via clamav-users <clamav-users@lists.clamav.net> has written:

TI> Hello,

TI> Thank you for the reply.

TI> Clamd version is, v1.3.0 but the issue also happened in v1.2.1.
TI> My first question might have been wrong because the problem happened
TI> with the latest virus database "Version: 27215" as well.
TI> I'm using "clamdscan" to scan a file. Scanning 3 files in parallel
TI> caused almost 300% in CPU workload.
[...]

The daily.cvd is out of date, should be daily.cld now?
When you run freshclam, doesn't it say it's out of date?

Here is mine as of 1.3.0;

-rw-r--r-- 1 vscan vscan 1411072 2$B7n(B 28 06:28 bytecode.cld
-rw-r--r-- 1 vscan vscan 199960064 3$B7n(B 16 18:00 daily.cld
-rw-r--r-- 1 vscan vscan 69 5$B7n(B 5 2022 freshclam.dat
-rw-r--r-- 1 vscan vscan 170479789 5$B7n(B 5 2022 main.cvd
drwx------ 1 vscan vscan 192 7$B7n(B 18 2022 tmp.ce63819e4

and,

# sigtool -i /var/lib/clamav/daily.cld
File: daily.cld
Build time: 16 Mar 2024 04:30 -0400
Version: 27216
Signatures: 2055383
Functionality level: 90
Builder: raynman
Verification OK.

Best Regards.

---
$B(.(,(,(/WD(B $BLn5\(B $B8-(B mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B "Companies have come to view generative AI as a kind of monster that
must be fed at all costs$B!=(Beven if it isn$B!G(Bt always clear what exactly
that data is needed for or what those future AI systems might end up
doing."

-- Generative AI Is Making Companies Even More Thirsty for Your Data --
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hello,

it "should"?
Sometimes the CDN delivers an older definition as advertised and then you get cld and not cvd.
Unfortunaly clamav can't do something in this case.
Please read "The Magic behind cvd's, cld's and cdiff's": https://blog.clamav.net/2021/03/clamav-cvds-cdiffs-and-magic-behind.html
But you are right, clamav should normally detect the signatures as out-dated.

kind greetings
newcomer01


Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net>
An / To: Newcomer01 <mailto:newcomer01@posteo.de>
CC / CC: Masaru Nomiya <mailto:nomiya@lake.dti.ne.jp>
Gesendet / Sent: Samstag, März 16, 2024 um 12:04 (at 12:04 PM) +0100
Betreff / Subject: Re: [clamav-users] 100% CPU usage in clamd
> Hello,
>
> Sorry for late reply.
>
> In the Message;
>
> Subject : Re: [clamav-users] 100% CPU usage in clamd
> Message-ID : <CACRqGtb=+O8VHzOXC-LJk0h+Z2gZHeUdti9=E=58B0q1TysS9g@mail.gmail.com>
> Date & Time: Fri, 15 Mar 2024 23:55:13 +0900
>
> [TI] == Taizo ITO via clamav-users <clamav-users@lists.clamav.net> has written:
>
> TI> Hello,
>
> TI> Thank you for the reply.
>
> TI> Clamd version is, v1.3.0 but the issue also happened in v1.2.1.
> TI> My first question might have been wrong because the problem happened
> TI> with the latest virus database "Version: 27215" as well.
> TI> I'm using "clamdscan" to scan a file. Scanning 3 files in parallel
> TI> caused almost 300% in CPU workload.
> [...]
>
> The daily.cvd is out of date, should be daily.cld now?
> When you run freshclam, doesn't it say it's out of date?
>
> Here is mine as of 1.3.0;
>
> -rw-r--r-- 1 vscan vscan 1411072 2? 28 06:28 bytecode.cld
> -rw-r--r-- 1 vscan vscan 199960064 3? 16 18:00 daily.cld
> -rw-r--r-- 1 vscan vscan 69 5? 5 2022 freshclam.dat
> -rw-r--r-- 1 vscan vscan 170479789 5? 5 2022 main.cvd
> drwx------ 1 vscan vscan 192 7? 18 2022 tmp.ce63819e4
>
> and,
>
> # sigtool -i /var/lib/clamav/daily.cld
> File: daily.cld
> Build time: 16 Mar 2024 04:30 -0400
> Version: 27216
> Signatures: 2055383
> Functionality level: 90
> Builder: raynman
> Verification OK.
>
> Best Regards.
>
> ---
> ????? ?? ? mail-to: nomiya @ lake.dti.ne.jp
> ????
> ???? "Companies have come to view generative AI as a kind of monster that
> must be fed at all costs?even if it isn’t always clear what exactly
> that data is needed for or what those future AI systems might end up
> doing."
>
> -- Generative AI Is Making Companies Even More Thirsty for Your Data --
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Hello

Sorry for the late reply.
We still have "daily.cvd" instead of "daily.cld".

-rw-r--r-- 1 clamupdate clamupdate 69 Mar 18 10:58 freshclam.dat
-rw-r--r-- 1 clamupdate clamupdate 63025170 Mar 18 10:58 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 170479789 Mar 18 10:58 main.cvd
-rw-r--r-- 1 clamupdate clamupdate 289733 Mar 18 10:58 bytecode.cvd

```sh
$ clamd --version
ClamAV 1.3.0/27217/Sun Mar 17 17:24:26 2024

$ sigtool -i daily.cvd
File: daily.cvd
Build time: 17 Mar 2024 04:24 -0400
Version: 27217
Signatures: 2055524
Functionality level: 90
Builder: raynman
MD5: 2f216f146cc85b72cd0a97faacda0711
Digital signature:
3SoTa3rJRuGfLh1iyoC/EXiPFbaB01/hOhFZBbEkxiBzdP/REmwliJ4PFP2jk6iBKcKdLRKUh0NgZsnIlwoya8h3Ntdfn41nNgTGIFl/LqLHj/gqz567v8eMvvZd+UIbDDLOtuVnk7FZaGLrIizPseBzNi0237LAvIplXPzJpdh
Verification OK.
```
And freshclam said:
```
ClamAV update process started at Mon Mar 18 10:58:07 2024
daily database available for download (remote version: 27217)
Testing database:
'/var/lib/clamav/tmp.49306fec28/clamav-517978fea7c1c0d0464ae01ab1059969.tmp-daily.cvd'
...
Database test passed.
daily.cvd updated (version: 27217, sigs: 2055524, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Testing database:
'/var/lib/clamav/tmp.49306fec28/clamav-9eeebb384e54826560f7e619e8e27fe6.tmp-main.cvd'
...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 335)
Testing database:
'/var/lib/clamav/tmp.49306fec28/clamav-afa67dd02c535eda87dcddd24310674c.tmp-bytecode.cvd'
...
Database test passed.
bytecode.cvd updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
```

Regards,
Taizo

On Sat, Mar 16, 2024 at 8:04?PM Masaru Nomiya via clamav-users
<clamav-users@lists.clamav.net> wrote:
>
> Hello,
>
> Sorry for late reply.
>
> In the Message;
>
> Subject : Re: [clamav-users] 100% CPU usage in clamd
> Message-ID : <CACRqGtb=+O8VHzOXC-LJk0h+Z2gZHeUdti9=E=58B0q1TysS9g@mail.gmail.com>
> Date & Time: Fri, 15 Mar 2024 23:55:13 +0900
>
> [TI] == Taizo ITO via clamav-users <clamav-users@lists.clamav.net> has written:
>
> TI> Hello,
>
> TI> Thank you for the reply.
>
> TI> Clamd version is, v1.3.0 but the issue also happened in v1.2.1.
> TI> My first question might have been wrong because the problem happened
> TI> with the latest virus database "Version: 27215" as well.
> TI> I'm using "clamdscan" to scan a file. Scanning 3 files in parallel
> TI> caused almost 300% in CPU workload.
> [...]
>
> The daily.cvd is out of date, should be daily.cld now?
> When you run freshclam, doesn't it say it's out of date?
>
> Here is mine as of 1.3.0;
>
> -rw-r--r-- 1 vscan vscan 1411072 2? 28 06:28 bytecode.cld
> -rw-r--r-- 1 vscan vscan 199960064 3? 16 18:00 daily.cld
> -rw-r--r-- 1 vscan vscan 69 5? 5 2022 freshclam.dat
> -rw-r--r-- 1 vscan vscan 170479789 5? 5 2022 main.cvd
> drwx------ 1 vscan vscan 192 7? 18 2022 tmp.ce63819e4
>
> and,
>
> # sigtool -i /var/lib/clamav/daily.cld
> File: daily.cld
> Build time: 16 Mar 2024 04:30 -0400
> Version: 27216
> Signatures: 2055383
> Functionality level: 90
> Builder: raynman
> Verification OK.
>
> Best Regards.
>
> ---
> ????? ?? ? mail-to: nomiya @ lake.dti.ne.jp
> ????
> ???? "Companies have come to view generative AI as a kind of monster that
> must be fed at all costs?even if it isn’t always clear what exactly
> that data is needed for or what those future AI systems might end up
> doing."
>
> -- Generative AI Is Making Companies Even More Thirsty for Your Data --
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat



--
Taizo Ito <taizo.ito@hennge.com>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat