Author Topic: CPU 100% clamd  (Read 1942 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CPU 100% clamd
« on: January 22, 2018, 04:25:33 PM »
When I use this command
service clamd stop
rm -f /var/run/clamd.amavisd/clamd.sock
service clamd start
Work for some min only...
Where I can find logs or something??

Offline
*
Re: CPU 100% clamd
« Reply #1 on: January 22, 2018, 06:13:10 PM »
The same problem.

Centos 7. CWP version: 0.9.8.427
When ClamAV is enabled one of core hit to 100% CPU

htop shows:
user: amavis
cpu: 100%
command: /user/sbin/clamd -c /etc/clamd/amavisd.conf --foreground=yes

when I disable ClamAV - everything is ok.

On Centos 6 with old CWP I do not have this problem.
« Last Edit: January 22, 2018, 06:17:41 PM by cwp »

Offline
****
Re: CPU 100% clamd
« Reply #2 on: January 22, 2018, 06:23:21 PM »
Do you see anything suspicious in log file of clamd?

Offline
*
Re: CPU 100% clamd
« Reply #3 on: January 22, 2018, 07:40:09 PM »
Jan 22 21:36:18 server1 clamd[24183]: Received 0 file descriptor(s) from systemd.
Jan 22 21:36:18 server1 clamd[24183]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 22 21:36:18 server1 clamd[24183]: Running as user amavis (UID 989, GID 987)
Jan 22 21:36:18 server1 clamd[24183]: Log file size limited to 1048576 bytes.
Jan 22 21:36:18 server1 clamd[24183]: Reading databases from /var/lib/clamav
Jan 22 21:36:18 server1 clamd[24183]: Not loading PUA signatures.
Jan 22 21:36:18 server1 clamd[24183]: Bytecode: Security mode set to "TrustSigned".
Jan 22 21:36:29 server1 clamd[24183]: Loaded 6392552 signatures.
Jan 22 21:36:31 server1 clamd[24183]: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.

Offline
****
Re: CPU 100% clamd
« Reply #4 on: January 22, 2018, 07:43:54 PM »
Are you getting very frequent emails or can you check your RAM usage.

Offline
*
Re: CPU 100% clamd
« Reply #5 on: January 23, 2018, 05:16:40 AM »
I have all the time big logs and I can't open... out of memory...

Offline
*
Re: CPU 100% clamd
« Reply #6 on: February 13, 2018, 07:34:10 PM »
Do you see anything suspicious in log file of clamd?

Same problem for me

Offline
*
Re: CPU 100% clamd
« Reply #7 on: February 14, 2018, 12:04:32 AM »
try to run this command
Code: [Select]
sh /scripts/clamd_fix_100_cpu_usage
« Last Edit: February 22, 2018, 10:04:33 PM by Administrator »
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: CPU 100% clamd
« Reply #8 on: March 04, 2018, 11:42:13 AM »
Hi,
I just share my experience and my possible solution on this problem:

CWPpro version: 0.9.8.528 on CentOS 7.4.1708 (Core)

Symptom:
Obviously the constant 100% CPU usage on clamd

Log in /var/log/messages
Mar  4 11:25:30 vps6 clamd: ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.

But I also experienced database duplication as well. Deleting the one not in use or older did not solve the problem. Also I saw solutions removing the serviced scripts.

I found that there are two entries trying to start clamd and this must be somehow not right.

My solution is to clean up first and then activate the clamd/amavis in CentOS Web panel.
1. In CWP, mail Server Manager - Switch off the ClamAV/AMAVIS/Spamassassin and rebuild Mail server. This suppose to remove clamav. After this process you can still see the Clamd and Amavis entries on the Dashboard.
2. Check the installed packages with 'yum list installed' - amavisd-new and clamav still there. Remove them with 'yum remove'. I did remove only: amavisd-new, clamav, clamav-server, clamav-data.
3. Dashboard still shows ClamAV row. No sense. Remove /usr/lib/systemd/system/ clamd-scan.service clamd.service
4. Reloading Dashboard should not show clamd or amavis status etc.
5. Now in CWP switch ON ClamD/Amavis/Spamassassin support. This will install the related services and dependencies.

From now on the antivirus system works and clamd is back to normal. Tried in two servers.
The question is what stage the original clamav installed originally? Is it because an earlier CWP built?

I tried the SH script and did not help in my situation.
I hope it is a solution for some of you.



Offline
*
Re: CPU 100% clamd
« Reply #9 on: March 12, 2018, 10:49:06 AM »
gerasandor method and clamd_fix_100_cpu_usage does not work for me. anyone have another solution?

Offline
*
Re: CPU 100% clamd
« Reply #10 on: April 01, 2018, 02:31:06 PM »
I have had this problem a couple of times now. It seems to occur following a Yum Update.

The first time petrosvels solution worked for me:

# systemctl stop clamd.service
# rm -f /var/run/clamd.amavisd/clamd.sock
# systemctl start clamd.service


The problem is in the error message from the postfix log (var/log/maillog) - ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process. Deleting the file clamd.sock is what is required to fix the problem.

The above didn't fix the problem straight away on the most recent occasion, so what I did was:

  • From the CWP Dashboard - stop ClamAV
  • stop AMaViS (A Mail Virus Scanner)
  • Waited until USER amavis no longer appeared in the Top 5 Processes list and the 1 minute load average dropped back to normal levels (below 0.1 in my case). This is probably not necessary, but I did it anyway to be absolutely sure amavis/clamd were not running.
  • Open Filemanager and browse to the folder /var/run/clamd.amavisd. Delete the file clamd.sock. It was an empty file (0 bytes)
  • From the CWP Dashboard Start AMaViS
  • Start ClamAV

If that does not fix the problem, check the postfix log for other possible causes:

# tail -100 var/log/maillog | grep clamd