[clamav-users] Duplicate database, 525 minutes to complete, >90% CPU
Al Varnell
alvarnell at mac.com
Tue May 21 01:36:37 UTC 2019
I am not seeing any evidence of a duplicate database. It would appear that you have some event scheduled to update your definitions database around 3:14am. Probably no impact on your on-going scan at that time because there were no further updates at that time, but not certain. Normal practice would be to schedule a database update before a scheduled scan.
Lots of variables involved in determining how long a clamscan will require, especially when you say there are active Command Line users, but 8 hours does sound excessive. How long has this been going on?
Look into updating ClamAV to 0.101.2. You are coming up on a year behind and there have been multiple security related patches since 0.100.1 <https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html <https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html>>.
-Al-
macOS ClamXAV User
On Mon, May 20, 2019 at 05:08 PM, Clark Dunson via clamav-users wrote:
> Hello;
>
> Running for 525 minutes at >90% CPU seems not good. Causes noticeable delay in command line activity for all users.
>
> We've got this cronjob:
>
> 30 1 * * * /usr/bin/freshclam 2>&1 && /usr/bin/clamscan -o -i -r --quiet / | mail -s "Clam AV Scan Results for $(hostname -s)" itdept at domain.com <mailto:itdept at domain.com>
>
> on this Linux:
>
> # uname -a
> Linux server.domain.com <http://server.domain.com/> 2.6.32-754.2.1.el6.x86_64 #1 SMP Fri Jul 13 12:50:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>
> Clamscan appeared as the busiest process in top, 8 hours after launch:
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> 23043 root 20 0 765m 639m 2520 R 90.6 16.2 525:56.48 clamscan
> 3071 mysql 20 0 2228m 50m 3552 S 2.3 1.3 4778:31 mysqld
> 28772 apache 20 0 349m 17m 5652 S 1.7 0.4 0:16.38 httpd
>
> Producing these logs:
> --------------------------------------
> ClamAV update process started at Sun May 19 01:30:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav <https://www.clamav.net/documents/upgrading-clamav>
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> Downloading daily-25454.cdiff [100%]
> daily.cld updated (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
> [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
> Database updated (6141007 signatures) from db.local.clamav.net <http://db.local.clamav.net/> (IP: 104.16.219.84)
> --------------------------------------
> ClamAV update process started at Sun May 19 03:14:01 2019
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.1 Recommended version: 0.101.2
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav <https://www.clamav.net/documents/upgrading-clamav>
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> daily.cld is up to date (version: 25454, sigs: 1574664, f-level: 63, builder: raynman)
> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
>
> Any help would be greatly appreciated!
>
> Thank you -
>
> Clarkman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190520/923adeef/attachment.htm>
More information about the clamav-users
mailing list