[clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

Reio Remma reio at mrstuudio.ee
Tue Jul 30 19:11:36 UTC 2019 

I suspect it's might be the same issue I had a few days back.

Check out the thread "Clamd fails to start with daily.cvd".

As suggested by user Axb:

in file clamd.service
to section:
[Service]
add
TimeoutSec=900

restart clamd service

I personally increased the limit to 300 seconds. :)

I suspect systemd is killing the process because it goes over the 
timeout threshold when loading the signatures.

Good luck!
Reio


On 30.07.2019 21:58, Robert Kudyba wrote:
> rpm -qa clamav-milter
> clamav-milter-0.101.2-2.fc30.x86_64
> rpm -qa clamd
> clamd-0.101.2-2.fc30.x86_64
>
> See some logs and statuses below. clamd takes up all of the CPU. clamd 
> does appear to start based on the ps command but you can see the 
> status shows no running;
>
>   PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM TIME+ COMMAND
> 26618 root      20   0  214188 207576   7996 R  99.0   0.4 0:10.76 clamd
>
> Tue Jul 30 14:30:17 2019 -> WARNING: No clamd server appears to be 
> available
> Tue Jul 30 14:31:16 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:31:16 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:31:16 2019 -> WARNING: No clamd server appears to be 
> available
> Tue Jul 30 14:32:15 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:32:15 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:32:15 2019 -> WARNING: No clamd server appears to be 
> available
>
>  ps -auwx|grep clam
> clamav    2538  0.0  0.0  18348  3156 ?        Ss   Jul29 0:00 
> /usr/bin/freshclam -d -c 4
> clamav   24692  0.0  0.0  19852 10044 ?        Ss   14:10 0:00 
> /usr/lib/systemd/systemd --user
> clamav   24697  0.0  0.0 181296  5200 ?        S    14:10 0:00 (sd-pam)
> clamav   24717  0.0  0.0 113064  3312 ?        Ss   14:10 0:00 /bin/sh 
> -c [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash 
> /usr/local/sbin/clamav-unofficial-sigs.sh > /dev/null
> clamav   24718  0.0  0.0 113848  3908 ?        S    14:10 0:00 
> /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh
> clamilt  26222  0.0  0.0  88488   588 ?        Ssl  14:18 0:00 
> /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
> root     26227 99.6  0.5 263348 251924 ?       Rs   14:18 0:20 
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
> clamav   26360  1.8  0.0 126316 12992 ?        S    14:18 0:00 
> /usr/bin/wget --no-check-certificate --quiet --connect-timeout=60 
> --random-wait --tries=3 --timeout=180 
> --output-document=/var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.hdb 
> https://www.securiteinfo.com/get/signatures/6651194e2baf9979742029c715d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1/securiteinfo.hdb\
>
> systemctl  status clamd at scan.service
> * clamd at scan.service - Generic clamav scanner daemon
>    Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; 
> enabled; vendor preset: disabled)
>    Active: inactive (dead) since Mon 2019-07-29 13:24:11 EDT; 24h ago
>      Docs: man:clamd(8)
>            man:clamd.conf(5)
> https://www.clamav.net/documents/
>
> Jul 29 13:24:09 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 29 13:24:11 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> clamd at scan.service: Control process exited, code=killed, status=15/TERM
> Jul 29 13:24:11 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> clamd at scan.service: Succeeded.
> Jul 29 13:24:11 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> Stopped Generic clamav scanner daemon.
> Jul 30 04:53:06 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 30 11:13:50 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 30 11:19:10 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 30 14:05:05 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 30 14:05:07 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
> Jul 30 14:05:08 ourdomain.edu <http://ourdomain.edu> systemd[1]: 
> /usr/lib/systemd/system/clamd at scan.service:1: .include directives are 
> deprecated, and support for them will be removed in a future version 
> of systemd. Please use drop-in files instead.
>
> systemctl status clamav-milter
> * clamav-milter.service - Milter module for the Clam Antivirus scanner
>    Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; 
> enabled; vendor preset: disabled)
>    Active: active (running) since Mon 2019-07-29 13:23:46 EDT; 24h ago
>  Main PID: 4350 (clamav-milter)
>     Tasks: 3 (limit: 4915)
>    Memory: 2.6M
>    CGroup: /system.slice/clamav-milter.service
>            `-4350 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
>
> Jul 29 13:23:45 ourserver systemd[1]: Starting Milter module for the 
> Clam Antivirus scanner...
> Jul 29 13:23:46  ourserver  systemd[1]: Started Milter module for the 
> Clam Antivirus scanner.
>
> Tue Jul 30 14:20:11 2019 -> +++ Started at Tue Jul 30 14:20:11 2019
> Tue Jul 30 14:20:11 2019 -> Received 0 file descriptor(s) from systemd.
> Tue Jul 30 14:20:11 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH: 
> x86_64, CPU: x86_64)
> Tue Jul 30 14:20:11 2019 -> Log file size limited to 1048576 bytes.
> Tue Jul 30 14:20:11 2019 -> Reading databases from /var/lib/clamav
> Tue Jul 30 14:20:11 2019 -> Not loading PUA signatures.
> Tue Jul 30 14:20:11 2019 -> Bytecode: Security mode set to "TrustSigned".
>
> The uncommented directives in /etc/clamd.d/scan.conf are:
> LogFile /var/log/clamd.scan
> LogTime yes
> LogSyslog yes
> DatabaseDirectory /var/lib/clamav
> TCPSocket 3310
> TCPAddr 127.0.0.1
>
> I had to disable it in sendmail where I had this in sendmail.mc 
> <http://sendmail.mc>:
> INPUT_MAIL_FILTER(`clamav-milter', `S=inet:6666 at 127.0.0.1 
> <mailto:inet%3A6666 at 127.0.0.1>, F=, T=S:4m;R:4m')dnl
>
> This all starting happening after a reboot. Any ideas what may be wrong?
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190730/8957c693/attachment.htm>

More information about the clamav-users mailing list