[clamav-users] High CPU load during startup/reload of sigs for a long time.

Thorsten Schöning tschoening at am-soft.de
Fri Dec 29 11:29:42 UTC 2017 

Guten Tag Steve Basford,
am Donnerstag, 28. Dezember 2017 um 20:48 schrieben Sie:

> Could you list the signatures in you clamav database folders.

The following is from the problematic VM, the non-problematic one has
practically the same. Only "bytecode.cvd" here is "bytecode.cld"
there, don't know the reason yet.

> 160246     48 -rw-r--r--  1 clamav clamav     47013 Dez 14 09:12 antidebug_antivm.yar
> 160153    100 -rw-r--r--  1 clamav clamav    100720 Dez 29 07:09 blurl.ndb
> 151851      4 -rw-r--r--  1 clamav clamav      1014 Dez 27 07:03 bofhland_cracked_URL.ndb
> 160208    104 -rw-r--r--  1 clamav clamav    106188 Dez 14 08:03 bofhland_malware_attach.hdb
> 137778      4 -rw-r--r--  1 clamav clamav       768 Dez 27 07:03 bofhland_malware_URL.ndb
> 160138      4 -rw-r--r--  1 clamav clamav      1822 Dez 28 07:03 bofhland_phishing_URL.ndb
> 283849    152 -rw-r--r--  1 clamav clamav    153228 Dez 14 09:00 bytecode.cvd
> 166794 126296 -rw-r--r--  1 clamav clamav 129320448 Dez 21 14:37 daily.cld
> 160511     12 -rw-r--r--  1 clamav clamav     10889 Dez 14 09:12 EK_Angler.yar
> 160544     16 -rw-r--r--  1 clamav clamav     14659 Dez 14 09:12 EK_Blackhole.yar
> 161103      4 -rw-r--r--  1 clamav clamav      3401 Dez 14 09:12 EK_BleedingLife.yar
> 161210      4 -rw-r--r--  1 clamav clamav      1349 Dez 14 09:12 EK_Crimepack.yar
> 161393      8 -rw-r--r--  1 clamav clamav      4688 Dez 14 09:12 EK_Eleonore.yar
> 161770     12 -rw-r--r--  1 clamav clamav      8268 Dez 14 09:12 EK_Fragus.yar
> 161777     20 -rw-r--r--  1 clamav clamav     16842 Dez 14 09:12 EK_Phoenix.yar
> 161780      4 -rw-r--r--  1 clamav clamav      1860 Dez 14 09:12 EK_Sakura.yar
> 161784     12 -rw-r--r--  1 clamav clamav      8488 Dez 14 09:12 EK_ZeroAcces.yar
> 161790      4 -rw-r--r--  1 clamav clamav      1435 Dez 14 09:12 EK_Zerox88.yar
> 162171      4 -rw-r--r--  1 clamav clamav       800 Dez 14 09:12 EK_Zeus.yar
> 159835    108 -rw-r--r--  1 clamav clamav    109375 Dez 15 10:13 foxhole_filename.cdb
> 160159     48 -rw-r--r--  1 clamav clamav     46442 Dez 14 11:11 foxhole_generic.cdb
> 160209     48 -rw-r--r--  1 clamav clamav     48176 Aug  5  2015 hackingteam.hsb
> 132551  17156 -rw-r--r--  1 clamav clamav  17564802 Dez 28 10:14 javascript.ndb
> 160156   6892 -rw-r--r--  1 clamav clamav   7054220 Dez 11 10:09 junk.ndb
> 160210    372 -rw-r--r--  1 clamav clamav    377760 Dez 29 03:09 jurlbl.ndb
> 283853 115136 -rw-r--r--  1 clamav clamav 117892267 Dez 14 09:27 main.cvd
> 160186     76 -rw-r--r--  1 clamav clamav     73808 Jun 29  2017 malwarehash.hsb
> 159694   7080 -rw-r--r--  1 clamav clamav   7248588 Dez 27 21:26 malwarepatrol.db
> 160139      4 -rw-r--r--  1 clamav clamav       624 Dez 21 18:38 mirrors.dat
> 148769   3924 -rw-r--r--  1 clamav clamav   4017956 Dez 18 15:06 phish.ndb
> 159844   3644 -rw-r--r--  1 clamav clamav   3730210 Dez 29 07:01 phishtank.ndb
> 166796     20 -rw-r--r--  1 clamav clamav     17631 Dez 29 07:01 porcupine.hsb
> 166710    232 -rw-r--r--  1 clamav clamav    237491 Dez 29 07:01 porcupine.ndb
> 160239   1036 -rw-r--r--  1 clamav clamav   1058255 Aug 25 18:01 rfxn.hdb
> 160237    436 -rw-r--r--  1 clamav clamav    443021 Aug 25 18:01 rfxn.ndb
> 159971    116 -rw-r--r--  1 clamav clamav    115846 Dez 28 14:08 rogue.hdb
> 160154     12 -rw-r--r--  1 clamav clamav     11098 Okt 18  2016 sanesecurity.ftm
> 160215      4 -rw-r--r--  1 clamav clamav      1462 Jul  1  2015 Sanesecurity_sigtest.yara
> 160216      4 -rw-r--r--  1 clamav clamav      1233 Feb 22  2016 Sanesecurity_spam.yara
> 160163   1852 -rw-r--r--  1 clamav clamav   1893963 Nov 16 16:53 scam.ndb
> 160137   8736 -rw-r--r--  1 clamav clamav   8944615 Dez 28 07:10 securiteinfoandroid.hdb
> 166708   7780 -rw-r--r--  1 clamav clamav   7963904 Dez 28 11:11 securiteinfoascii.hdb
> 148338 302704 -rw-r--r--  1 clamav clamav 309962774 Dez 28 16:44 securiteinfo.hdb
> 159746   3200 -rw-r--r--  1 clamav clamav   3276445 Dez 28 08:44 securiteinfohtml.hdb
> 159181     12 -rw-r--r--  1 clamav clamav      9977 Dez 19 15:18 securiteinfo.ign2
> 166858    176 -rw-r--r--  1 clamav clamav    178398 Dez 29 06:04 securiteinfopdf.hdb
> 160155      8 -rw-r--r--  1 clamav clamav      7581 Nov 17 19:56 sigwhitelist.ign2
> 160174      4 -rw-r--r--  1 clamav clamav      1391 Apr 28  2017 spamattach.hdb
> 160165     16 -rw-r--r--  1 clamav clamav     13832 Nov 28 12:03 spamimg.hdb
> 160197    516 -rw-r--r--  1 clamav clamav    526635 Dez 14 08:00 winnow.attachments.hdb
> 160198      4 -rw-r--r--  1 clamav clamav        66 Dez 14 08:00 winnow_bad_cw.hdb
> 131510     28 -rw-r--r--  1 clamav clamav     24767 Dez 29 07:00 winnow_extended_malware.hdb
> 160045     36 -rw-r--r--  1 clamav clamav     33118 Dez 29 07:00 winnow_malware.hdb
> 166774    596 -rw-r--r--  1 clamav clamav    608025 Dez 29 07:00 winnow_malware_links.ndb
> 160201      4 -rw-r--r--  1 clamav clamav      3782 Dez 14 08:00 winnow_malware.yara

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail: Thorsten.Schoening at AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/

Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow

More information about the clamav-users mailing list