[clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

Stefan Bauer cubewerk at googlemail.com
Thu Aug 1 05:42:58 EDT 2019


Hi,

it was indeed my wrong test. With clam*d*scan, result comes instant:

clamdscan scan335019041109350063746475.pdf.r00
/home/stefan/scan335019041109350063746475.pdf.r00:
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: *0.081 sec* (0 m 0 s)

Thank you!

Am Di., 30. Juli 2019 um 21:13 Uhr schrieb Reio Remma via clamav-users <
clamav-users at lists.clamav.net>:

> I suspect it's might be the same issue I had a few days back.
>
> Check out the thread "Clamd fails to start with daily.cvd".
>
> As suggested by user Axb:
>
> in file clamd.service
> to section:
> [Service]
> add
> TimeoutSec=900
>
> restart clamd service
>
> I personally increased the limit to 300 seconds. :)
>
> I suspect systemd is killing the process because it goes over the timeout
> threshold when loading the signatures.
>
> Good luck!
> Reio
>
>
> On 30.07.2019 21:58, Robert Kudyba wrote:
>
> rpm -qa clamav-milter
> clamav-milter-0.101.2-2.fc30.x86_64
> rpm -qa clamd
> clamd-0.101.2-2.fc30.x86_64
>
> See some logs and statuses below. clamd takes up all of the CPU. clamd
> does appear to start based on the ps command but you can see the status
> shows no running;
>
>   PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+
> COMMAND
> 26618 root      20   0  214188 207576   7996 R  99.0   0.4   0:10.76 clamd
>
> Tue Jul 30 14:30:17 2019 -> WARNING: No clamd server appears to be
> available
> Tue Jul 30 14:31:16 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:31:16 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:31:16 2019 -> WARNING: No clamd server appears to be
> available
> Tue Jul 30 14:32:15 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:32:15 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:32:15 2019 -> WARNING: No clamd server appears to be
> available
>
>  ps -auwx|grep clam
> clamav    2538  0.0  0.0  18348  3156 ?        Ss   Jul29   0:00
> /usr/bin/freshclam -d -c 4
> clamav   24692  0.0  0.0  19852 10044 ?        Ss   14:10   0:00
> /usr/lib/systemd/systemd --user
> clamav   24697  0.0  0.0 181296  5200 ?        S    14:10   0:00 (sd-pam)
> clamav   24717  0.0  0.0 113064  3312 ?        Ss   14:10   0:00 /bin/sh
> -c [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash
> /usr/local/sbin/clamav-unofficial-sigs.sh > /dev/null
> clamav   24718  0.0  0.0 113848  3908 ?        S    14:10   0:00
> /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh
> clamilt  26222  0.0  0.0  88488   588 ?        Ssl  14:18   0:00
> /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
> root     26227 99.6  0.5 263348 251924 ?       Rs   14:18   0:20
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
> clamav   26360  1.8  0.0 126316 12992 ?        S    14:18   0:00
> /usr/bin/wget --no-check-certificate --quiet --connect-timeout=60
> --random-wait --tries=3 --timeout=180
> --output-document=/var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.hdb
> https://www.securiteinfo.com/get/signatures/6651194e2baf9979742029c715d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1/securiteinfo.hdb\
>
> systemctl  status clamd at scan.service
> * clamd at scan.service - Generic clamav scanner daemon
>    Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; enabled;
> vendor preset: disabled)
>    Active: inactive (dead) since Mon 2019-07-29 13:24:11 EDT; 24h ago
>      Docs: man:clamd(8)
>            man:clamd.conf(5)
>            https://www.clamav.net/documents/
>
> Jul 29 13:24:09 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 29 13:24:11 ourdomain.edu systemd[1]: clamd at scan.service: Control
> process exited, code=killed, status=15/TERM
> Jul 29 13:24:11 ourdomain.edu systemd[1]: clamd at scan.service: Succeeded.
> Jul 29 13:24:11 ourdomain.edu systemd[1]: Stopped Generic clamav scanner
> daemon.
> Jul 30 04:53:06 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 30 11:13:50 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 30 11:19:10 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 30 14:05:05 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 30 14:05:07 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
> Jul 30 14:05:08 ourdomain.edu systemd[1]:
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are
> deprecated, and support for them will be removed in a future version of
> systemd. Please use drop-in files instead.
>
> systemctl status clamav-milter
> * clamav-milter.service - Milter module for the Clam Antivirus scanner
>    Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled;
> vendor preset: disabled)
>    Active: active (running) since Mon 2019-07-29 13:23:46 EDT; 24h ago
>  Main PID: 4350 (clamav-milter)
>     Tasks: 3 (limit: 4915)
>    Memory: 2.6M
>    CGroup: /system.slice/clamav-milter.service
>            `-4350 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
>
> Jul 29 13:23:45 ourserver systemd[1]: Starting Milter module for the Clam
> Antivirus scanner...
> Jul 29 13:23:46  ourserver  systemd[1]: Started Milter module for the Clam
> Antivirus scanner.
>
> Tue Jul 30 14:20:11 2019 -> +++ Started at Tue Jul 30 14:20:11 2019
> Tue Jul 30 14:20:11 2019 -> Received 0 file descriptor(s) from systemd.
> Tue Jul 30 14:20:11 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH:
> x86_64, CPU: x86_64)
> Tue Jul 30 14:20:11 2019 -> Log file size limited to 1048576 bytes.
> Tue Jul 30 14:20:11 2019 -> Reading databases from /var/lib/clamav
> Tue Jul 30 14:20:11 2019 -> Not loading PUA signatures.
> Tue Jul 30 14:20:11 2019 -> Bytecode: Security mode set to "TrustSigned".
>
> The uncommented directives in /etc/clamd.d/scan.conf are:
> LogFile /var/log/clamd.scan
> LogTime yes
> LogSyslog yes
> DatabaseDirectory /var/lib/clamav
> TCPSocket 3310
> TCPAddr 127.0.0.1
>
> I had to disable it in sendmail where I had this in sendmail.mc:
> INPUT_MAIL_FILTER(`clamav-milter', `S=inet:6666 at 127.0.0.1, F=,
> T=S:4m;R:4m')dnl
>
> This all starting happening after a reboot. Any ideas what may be wrong?
>
>
> _______________________________________________
>
> clamav-users mailing listclamav-users at lists.clamav.nethttps://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190801/a199fda0/attachment.html>


More information about the clamav-users mailing list