ClamAV hangs server

D

Dannik

Verified User
Joined
Jan 7, 2009
Messages
82
Location
Netherlands
Hi,
I have 2 VPS servers running. 1 for testing (1 CPU, 1Gb RAM, 4Gb Swap, CentOS 7) en 1 production (2 CPU, 4Gb RAM, 4Gb Swap, Clloud Linux 7) en both systems seem to suffer from updates of ClamAV (scheduled for 1 or 2 times per day) for about 2 or 3 months now. Like all services on my servers, ClamAV was installed using CB2.

When I disable ClamAV in general, or I disable the updates (Freshclam), the systems run smooth. But when all is enabled, regularly the systems freeze for 10-15 minutes because of high CPU and kswapd0 is heavily doing something with my RAM. This is alway after Clamav restarts after installing a new database:
Dec 20 16:29:35 server02 clamd: SelfCheck: Database modification detected. Forcing reload.
Dec 20 16:29:35 server02 clamd: Reading databases from /usr/local/share/clamav
Dec 20 16:30:17 server02 clamd: Database correctly reloaded (8894504 signatures)
Dec 20 16:30:17 server02 clamd: Activating the newly loaded database..
Click to expand...
srv2_top.jpg

It's not easy to enter the commandline (because the server reacts quite slow ofcourse), but when I kill the clamd service at that moment the system recovers within a minute.
I have seen errors in the logs before, but I can't seem to find them anymore :censored: , partially thanx to rotation I guess.

Does this sound familiair to someone?

Regards,
Danny
 
Did you find a solution to this? I’m experiencing the exact problem the moment freshclam updates, one server is down for about 10 minutes.

4GB ram, never had any issues.
 
No, unfortunately not... The only workaround is to stop the Clamd and Freshclam services in DA Service Monitor. Incoming mail will still be scanned (according to the logs), but nothing else. The only thing to keep in mind is to stop the services again after a reboot or a DirectAdmin update or else the server wil stop working every now and then. And the last 2 times it caused DirectAdmin to stop working because the license check at that very moment failed because the server was in complete stress. The result was an invalid license check, which needs to be fixed manually.

Danny
 
Just had another server that hangs when updating ClamAV rules 🥴 Starting to suspect something is wrong with the daily.cvd files what I find on some sites... I deleted everything in /var/lib/clamav and restart freshclam to download all new signature files. daily.cvd went from 186MB to 59MB. Hoping that fixes the issue the next time freshclam updates
 
Thanx for the tip! :cool:
My ClamAV is located in /usr/local/share/clamav but filesize of this dir went down from 625MB to 222MB. Also the same difference with daily.csv like you experienced.
Tried this on my testing server. If all stays steady I will do the same on the other server🤞

Danny
 
Update: after the fix mentioned above I updated ClamAV to the latest version using CustomBuild. After that the CPU load on my server became quite high, caused by clamscan. I gave it some time to come to rest, but after 12 hours I decided it was enough. Trying to stop the services did not really work so eventually I had to remove all of Clamav.
Because I won't give up easily I reinstalled ClamAV again (using CustomBuild), but this was done within a sec, everything seemed to be installed already... But from this moment on the server is quite relaxed. The only thing is that every now and then quite a warning comes by about high memory usage for short moments. Something to monitor from now on, but ClamAV seems to be working for now :)

Danny
 
Dannik said:
Update: after the fix mentioned above I updated ClamAV to the latest version using CustomBuild. After that the CPU load on my server became quite high, caused by clamscan. I gave it some time to come to rest, but after 12 hours I decided it was enough. Trying to stop the services did not really work so eventually I had to remove all of Clamav.
:)

Danny
Click to expand...
Try HTOP next time you can see what and many more to kill also lot of info https://htop.dev/
 
You must log in or register to reply here.
Back
Top