[clamav-users] clamd using up all cpu on certain hosts
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Nov 20 15:06:11 UTC 2018
lukn,
Sorry about all the trouble. I wish I knew more about what was happening. I hope it's not a legitimate bug slipping by. Let us know if you end up finding anything else.
Regards,
Micah
On Nov 20, 2018, at 2:40 AM, lukn <lukn555 at gmail.com<mailto:lukn555 at gmail.com>> wrote:
Hi Micah and Henrik
I'm slowly getting to the conclusion that the old hosts are reaching EOL
which would explain the misbehaviour (just got a few unexplicable SSH
connection losses...).
grep -v '^$' clamd.conf | grep -v '^#'
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
TCPSocket 3310
TCPAddr 127.0.0.1
User clamav
As to Henrik's suggestion to use strace - now it gets really spooky.
Once excecuted under strace it took less than 2mins for clamd to start
up normally and then run as excpected without hogging the CPU. Of course :-/
I'd say: never mind those old boxes, gotta replace them anyway
eventually...
thx
lukn
On 16.11.18 20:45, Micah Snyder (micasnyd) wrote:
That is... bizarre. What does your clamd configuration look like? Specifically, do you have `ScanOnAccess` enabled and set to watch specific mount or directory paths?
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Nov 16, 2018, at 9:52 AM, lukn <lukn555 at gmail.com<mailto:lukn555 at gmail.com><mailto:lukn555 at gmail.com>> wrote:
Hello list
I'm having a weird CPU hogging issue here. I'm running some servers as
VM hosts based on CentOS7 with qemu/kvm. On these I'm running various
VMs with CentOS 7 and legacy CentOS 6 (all have latest updates
installed). All of them are running clamd 0.100.2 which got installed
from a self compiled RPM (built from official source, no patches), so
software on all hosts and VMs should be identical.
However, in VMs on one host machine, clamd is idling, on the other it's
running at 200-350% CPU (4 vcores) according to top - even when there is
nothing to be scanned.
If I migrate a VM from the "idle" to the "busy" host, their clamd starts
to spin too. If I migrate a VM from the "busy" to the "idle" host, clamd
remains quiet.
The only noticeable difference between clamd going nuts and clamd
staying calm is the CPU of the host system:
busy:
model name : Intel(R) Xeon(R) CPU E5645 @ 2.40GHz
idle:
model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz
As mentioned, clamd is installed from a self compiled rpm, this is the
%build section of the spec file, nothing fancy in there:
%build
./configure --prefix=%{_prefix} --enable-milter
make check
make
The issue only occured recently... maybe some borked signature?
Any ideas?
regards
lukn
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net><mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181120/3fbb5897/attachment.htm>
More information about the clamav-users
mailing list