Author Topic: CPU 100% clamd  (Read 63070 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Re: CPU 100% clamd
« Reply #15 on: January 10, 2020, 12:17:58 AM »
alternative solution

- admin panel
- mail services
- ClamAV
- Stop
- File Manager
- /var/run/clamd.amavisd/
- clamd.sock permission 755
-  back admin panel
-  mail services
- ClamAV
- Start

Well done!
  • Spamassassin: config and scan per mailbox
  • Clustering manager
  • Mail Space Usage
  • All Space Usage + = Disk Space Usage
  • Mail Scanner
    hopeful fourth year

Offline
*
Re: CPU 100% clamd
« Reply #16 on: April 20, 2020, 07:51:14 PM »
Same issue.
Tried script above - didn't help.

Then I tried the alternate solution above - also failed.
There is no clamd.sock file in /var/run/clamd.amavisd/.
Anyway I've assigned 755 to /var/run/clamd.amavisd/ and to /var/run/clamd.scan/ that didn't help.

Then I checked /var/log/messages:

It has cycled error:
Apr 20 23:19:01 cwp systemd: Started clamd scanner () daemon.
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: **************************************************
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: ***  The virus database is older than 7 days!  ***
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: ***   Please update it as soon as possible.    ***
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: **************************************************
Apr 20 23:19:09 cwp clamd: LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_ac_addpatt: Can't allocate memory for new->trans
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_parse_add(): Problem adding signature (3).
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Problem parsing database at line 64534
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Can't load daily.ldb: Can't allocate memory
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_tgzload: Can't load daily.ldb
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
Apr 20 23:19:09 cwp clamd: ERROR: Malformed database
Apr 20 23:19:09 cwp systemd: clamd.service: main process exited, code=exited, status=1/FAILURE
Apr 20 23:19:09 cwp systemd: Unit clamd.service entered failed state.
Apr 20 23:19:09 cwp systemd: clamd.service failed.
Apr 20 23:19:10 cwp systemd: clamd.service holdoff time over, scheduling restart.
Apr 20 23:19:10 cwp systemd: Stopped clamd scanner () daemon.

From it it's clear that it fails to extract signature database daily.ldb because it Can't allocate memory.
The same I see in the usage resources (I have 1 GB RAM on VPS) - normally 0.5 GB is consumed, after ClamAV start it raises from 0.5 to max and restarts.

Is there any way to load the db file on 1 GB RAM?
« Last Edit: April 20, 2020, 08:27:30 PM by Hardoman »

Offline
*****
Re: CPU 100% clamd
« Reply #17 on: April 21, 2020, 10:00:11 AM »
you need to wait for a little after running the script.

Offline
*
Re: CPU 100% clamd
« Reply #18 on: April 21, 2020, 10:27:55 AM »
Do I need to stop services before running a script?

Offline
****
Re: CPU 100% clamd
« Reply #19 on: April 21, 2020, 06:04:52 PM »
The one thing none of you are posting is your system specs.  If you only have a 1 core 1ghz process you really can't run ClamV.  I personally wouldn't run a mail server on anything less than 2 cores, preferabble 4 cores.
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: CPU 100% clamd
« Reply #20 on: May 07, 2020, 07:59:21 PM »
I have had this problem a couple of times now. It seems to occur following a Yum Update.

The first time petrosvels solution worked for me:

# systemctl stop clamd.service
# rm -f /var/run/clamd.amavisd/clamd.sock
# systemctl start clamd.service


The problem is in the error message from the postfix log (var/log/maillog) - ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process. Deleting the file clamd.sock is what is required to fix the problem.

The above didn't fix the problem straight away on the most recent occasion, so what I did was:

  • From the CWP Dashboard - stop ClamAV
  • stop AMaViS (A Mail Virus Scanner)
  • Waited until USER amavis no longer appeared in the Top 5 Processes list and the 1 minute load average dropped back to normal levels (below 0.1 in my case). This is probably not necessary, but I did it anyway to be absolutely sure amavis/clamd were not running.
  • Open Filemanager and browse to the folder /var/run/clamd.amavisd. Delete the file clamd.sock. It was an empty file (0 bytes)
  • From the CWP Dashboard Start AMaViS
  • Start ClamAV

If that does not fix the problem, check the postfix log for other possible causes:

# tail -100 var/log/maillog | grep clamd

Thank you all
                              ================//============

PS.*[I leave an administration idea]*
      [ I leave here an Idea, It would be good to have a premium for those who help more in the forum]


 [And a big hug to MR. rcschaff Because it is an excellent support in the Forum, for aselha (difficulties) like me.]
                             
                              ===============//=============


My server CentOS Linux release 7.8.2003 (Core)   CWPpro version: 0.9.8.971

very good | five start***** Tutorial

Your tutorial helped me a lot thanks ***(RESOLVED)***

« Last Edit: May 07, 2020, 08:32:45 PM by jony »
Jony Host

Re: CPU 100% clamd
« Reply #21 on: May 07, 2020, 09:57:41 PM »
Edit /usr/lib/systemd/system/clamd.service

Code: [Select]
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes
# Reload the database
ExecReload = /bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec = 420
IOSchedulingPriority = 7
CPUSchedulingPolicy = 5
MemoryLimit = 768M
CPUQuota = 25%
Nice = 19

[Install]
WantedBy = multi-user.target

Code: [Select]
systemctl daemon-reload
systemctl restart clamd
« Last Edit: May 07, 2020, 10:00:26 PM by cinique »

Offline
*
Re: CPU 100% clamd
« Reply #22 on: May 08, 2020, 07:24:58 AM »
You got any running monit or chkroot stuff?

Offline
*
Re: CPU 100% clamd
« Reply #23 on: August 18, 2020, 03:58:22 PM »
cynique's solutions fixed my ClamAV crashing constantly.

My error was:
Code: [Select]
unit clamd.service entered failed state.
clamd.service failed.

Now it's running smooth. Thank you cynique!

Re: CPU 100% clamd
« Reply #24 on: August 18, 2020, 05:36:05 PM »
@ponch9
You are very welcome and thank you taking the time to acknowledge the fix, which I took time to research and check/test.
Note: it is worthwhile to try reducing the memory limit to 512M. YMMV.
« Last Edit: August 18, 2020, 06:18:53 PM by cynique »

Offline
*
Re: CPU 100% clamd
« Reply #25 on: September 18, 2020, 12:41:28 PM »
Hi,
I just share my experience and my possible solution on this problem:

CWPpro version: 0.9.8.528 on CentOS 7.4.1708 (Core)

Symptom:
Obviously the constant 100% CPU usage on clamd

Log in /var/log/messages
Mar  4 11:25:30 vps6 clamd: ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.

But I also experienced database duplication as well. Deleting the one not in use or older did not solve the problem. Also I saw solutions removing the serviced scripts.

I found that there are two entries trying to start clamd and this must be somehow not right.

My solution is to clean up first and then activate the clamd/amavis in CentOS Web panel.
1. In CWP, mail Server Manager - Switch off the ClamAV/AMAVIS/Spamassassin and rebuild Mail server. This suppose to remove clamav. After this process you can still see the Clamd and Amavis entries on the Dashboard.
2. Check the installed packages with 'yum list installed' - amavisd-new and clamav still there. Remove them with 'yum remove'. I did remove only: amavisd-new, clamav, clamav-server, clamav-data.
3. Dashboard still shows ClamAV row. No sense. Remove /usr/lib/systemd/system/ clamd-scan.service clamd.service
4. Reloading Dashboard should not show clamd or amavis status etc.
5. Now in CWP switch ON ClamD/Amavis/Spamassassin support. This will install the related services and dependencies.

From now on the antivirus system works and clamd is back to normal. Tried in two servers.
The question is what stage the original clamav installed originally? Is it because an earlier CWP built?

I tried the SH script and did not help in my situation.
I hope it is a solution for some of you.

Это сработало в моем случаи.
Мой сервер с 2Гб памяти. После обновления загрузка процессора стала 100%. SWAP достигала 100%
1. Остановил службы clamav & amavis
2. Пересобрал почту
3. удалил все пакеты clamav & amavis
4. удалить вручную остатки в /usr/lib/systemd/system/ clamd-scan.service clamd.service
5. перезапустить
6. пересобрать почту с clamav & amavis
7. Проверить в startup_services включен ли запуск amavisd.service и clamd.service
8. Перезапуститься
В моем случаи в логах появились сообщения о не хватке прав
9. В файле /etc/clamd.d/scan.conf заменил строку
LocalSocket /run/clamd.scan/clamd.sock
на
LocalSocket /run/clamd.amavisd/clamd.sock
10. Добавить пользователя clamscan (является владельцем clamd.sock) в группу clamupdate (доступ к папке clamd.amavisd)
Теперь все запустилось и нет нагрузки. Все стало как раньше

Offline
*
Re: CPU 100% clamd
« Reply #26 on: September 22, 2020, 07:46:45 PM »
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.

Any suggestions for solution?

https://prnt.sc/uj47u6

Offline
*****
Re: CPU 100% clamd
« Reply #27 on: September 22, 2020, 10:49:50 PM »
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.

Any suggestions for solution?

https://prnt.sc/uj47u6

Did you try the solution that was posted earlier by studio4host?
This is part of CWP.

sh /scripts/clamd_fix_100_cpu_usage

Also how many CPU's and Memory are you running?

Offline
***
Re: CPU 100% clamd
« Reply #28 on: September 23, 2020, 04:42:54 AM »
+1

Offline
*
Re: CPU 100% clamd
« Reply #29 on: September 24, 2020, 01:45:08 AM »
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.

Any suggestions for solution?

https://prnt.sc/uj47u6

Did you try the solution that was posted earlier by studio4host?
This is part of CWP.

sh /scripts/clamd_fix_100_cpu_usage

Also how many CPU's and Memory are you running?
Yes, I tried but it didn't work
3 CPU's and 4 GB RAM