Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: clamscan hitting constant 100%
« previous next »
Pages: [1]   Go Down

clamscan hitting constant 100%

  • 4 Replies
  • 1300 Views

Offline Drifting

  • *****
  • 431
  • +0/-0
clamscan hitting constant 100%
« on: June 17, 2014, 01:20:57 PM »
Hi,

Wonder if someone can shed some light as to what is going on? in TOP I have about 12 processes of Clamscan, the server is crawling and I have hundreds of these in the mail log :-


2014-06-17 11:25:18.648070500 new msg 10125838
2014-06-17 11:25:18.648071500 info msg 10125838: bytes 691 from <anonymous@fred.local> qp 16779 uid 0
2014-06-17 11:25:18.746258500 starting delivery 34623: msg 10125838 to local alias-localdelivery-admin@fred.local
2014-06-17 11:25:18.746259500 status: local 1/20 remote 0/20
2014-06-17 11:25:18.847148500 new msg 10125857
2014-06-17 11:25:18.847149500 info msg 10125857: bytes 819 from <anonymous@fred.local> qp 16782 uid 400
2014-06-17 11:25:18.907306500 starting delivery 34624: msg 10125857 to local admin@ow05.fred.local
2014-06-17 11:25:18.907307500 status: local 2/20 remote 0/20
2014-06-17 11:25:18.907307500 delivery 34623: success: forward:_qp_16782/did_0+0+1/
2014-06-17 11:25:18.907308500 status: local 1/20 remote 0/20
2014-06-17 11:25:18.907308500 end msg 10125838

TOP produced this :-


15678 qpsmtpd   25   0 35888 1108  892 R  7.0  0.1   4:20.79 clamdscan           
14721 qpsmtpd   25   0 35888 1108  892 R  6.6  0.1   6:39.76 clamdscan           
14802 qpsmtpd   25   0 35888 1108  892 R  6.6  0.1   6:06.68 clamdscan           
14848 qpsmtpd   25   0 35888 1112  892 R  6.6  0.1   5:54.79 clamdscan           
15582 qpsmtpd   25   0 35888 1112  892 R  6.6  0.1   4:35.77 clamdscan           
15655 qpsmtpd   25   0 35888 1108  892 R  6.6  0.1   4:33.27 clamdscan           
15704 qpsmtpd   25   0 35888 1112  892 R  6.6  0.1   4:17.79 clamdscan           
15862 qpsmtpd   25   0 35888 1112  892 R  6.6  0.1   4:02.98 clamdscan           
16012 qpsmtpd   25   0 35888 1108  892 R  6.3  0.1   3:56.38 clamdscan           
14716 qpsmtpd   25   0 35888 1108  892 R  5.0  0.1   6:45.39 clamdscan           
16146 qpsmtpd   25   0 35888 1112  892 R  4.0  0.1   3:46.12 clamdscan           
14663 qpsmtpd   25   0 35888 1112  892 R  3.7  0.1   7:50.93 clamdscan           
14726 qpsmtpd   25   0 35888 1108  892 R  3.7  0.1   6:28.06 clamdscan           
14731 qpsmtpd   25   0 35888 1108  892 R  3.7  0.1   6:20.47 clamdscan           
14788 qpsmtpd   25   0 35888 1108  892 R  3.7  0.1   6:25.38 clamdscan           
16020 qpsmtpd   25   0 35888 1112  892 R  3.7  0.1   3:52.47 clamdscan           
16039 qpsmtpd   25   0 35888 1108  892 R  3.7  0.1   3:49.49 clamdscan           
16123 qpsmtpd   25   0 35884 1108  892 R  3.7  0.1   3:47.49 clamdscan           
16268 qpsmtpd   25   0 35888 1108  892 R  3.7  0.1   3:37.80 clamdscan           
 3868 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1  18096:00 clamdscan           
14639 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   9:07.34 clamdscan           
14687 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1   7:39.54 clamdscan           
14693 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1   7:21.53 clamdscan           
14711 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1   6:44.84 clamdscan           
14795 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   6:13.65 clamdscan           
14816 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1   6:07.19 clamdscan           
15346 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   4:50.59 clamdscan           
15629 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   4:31.97 clamdscan           
15653 qpsmtpd   25   0 35888 1108  892 R  3.3  0.1   4:31.98 clamdscan           
15769 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   4:09.48 clamdscan           15832 qpsmtpd   25   0 35888 1112  892 R  3.3  0.1   4:05.50 clamdscan           

Any help very much appreciated, not sure where the problem lies, some pointers would really help

Paul


Logged
Infamy, Infamy, they all have it in for me!

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: clamscan hitting constant 100%
« Reply #1 on: June 17, 2014, 01:47:54 PM »
is there anything interesting in clamd / clamscan logo?
Logged

Offline Drifting

  • *****
  • 431
  • +0/-0
Re: clamscan hitting constant 100%
« Reply #2 on: June 17, 2014, 02:20:49 PM »
Quote from: Stefano on June 17, 2014, 01:47:54 PM
is there anything interesting in clamd / clamscan logo?

Only the below.

Clamd/current

2014-06-16 21:43:26.343295500 LibClamAV Warning: Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them
2014-06-16 21:43:30.601707500 Database correctly reloaded (3413298 signatures)
2014-06-16 22:23:32.754000500 SelfCheck: Database status OK.
2014-06-16 22:54:47.311768500 SelfCheck: Database status OK.
2014-06-16 23:50:58.711120500 SelfCheck: Database status OK.
2014-06-17 00:42:37.693322500 SelfCheck: Database status OK.
2014-06-17 01:12:37.720265500 SelfCheck: Database status OK.
2014-06-17 01:42:37.748103500 SelfCheck: Database status OK.
2014-06-17 02:12:37.776810500 SelfCheck: Database status OK.
2014-06-17 02:52:00.669962500 SelfCheck: Database status OK.
2014-06-17 03:22:00.698667500 SelfCheck: Database status OK.
2014-06-17 04:16:45.233988500 SelfCheck: Database status OK.
2014-06-17 05:00:39.777392500 SelfCheck: Database status OK.
2014-06-17 05:34:25.520678500 SelfCheck: Database status OK.
2014-06-17 06:27:19.730856500 SelfCheck: Database status OK.
2014-06-17 06:44:02.180561500 Reading databases from /var/clamav
2014-06-17 06:44:04.619205500 LibClamAV Warning: Detected duplicate databases /var/clamav/main.cvd and /var/clamav/main.cld, please manually remove one of them
2014-06-17 06:44:09.240901500 Database correctly reloaded (3413795 signatures)
2014-06-17 07:32:50.164604500 SelfCheck: Database status OK.
2014-06-17 08:03:38.687514500 SelfCheck: Database status OK.
2014-06-17 08:49:34.837739500 SelfCheck: Database status OK.
2014-06-17 09:22:45.709716500 SelfCheck: Database status OK.
2014-06-17 09:52:47.143237500 SelfCheck: Database status OK.
2014-06-17 10:08:40.672816500 Waiting for all threads to finish
2014-06-17 10:08:40.952894500 Shutting down the main socket.
2014-06-17 10:08:40.952952500 --- Stopped at Tue Jun 17 10:08:40 2014 (This part was me trying to stop whatever was casing the 100%)
2014-06-17 10:08:40.952956500 Closing the main socket.
2014-06-17 10:08:40.952991500 Socket file removed.

 /var/log/clamd/clamscan.log: Viewed at Tue 17 Jun 2014 01:19:01 PM BST.

-------------------------------------------------------------------------------
----------- SCAN SUMMARY -----------
Known viruses: 3397036
Engine version: 0.98.3
Scanned directories: 2802
Scanned files: 80115
Infected files: 0
Data scanned: 23467.74 MB
Data read: 14707.42 MB (ratio 1.60:1)
Time: 3648.630 sec (60 m 48 s)
-------------------------------------------------------------------------------
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q706.ow05:2,S: Win.Trojan.Agent-722032 FOUND
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q706.ow05:2,S: moved to '/var/spool/clamav/quarantine/1387899967.P7872Q706.ow05:2,S'
/home/e-smith/files/users/robert/Maildir/cur/1387899968.P7872Q714.ow05:2,S: Win.Trojan.Agent-722032 FOUND
/home/e-smith/files/users/robert/Maildir/cur/1387899968.P7872Q714.ow05:2,S: moved to '/var/spool/clamav/quarantine/1387899968.P7872Q714.ow05:2,S'
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q711.ow05:2,S: Win.Trojan.Agent-722032 FOUND
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q711.ow05:2,S: moved to '/var/spool/clamav/quarantine/1387899967.P7872Q711.ow05:2,S'
/home/e-smith/files/users/robert/Maildir/cur/1387899968.P7872Q712.ow05:2,S: Win.Trojan.Agent-722032 FOUND
/home/e-smith/files/users/robert/Maildir/cur/1387899968.P7872Q712.ow05:2,S: moved to '/var/spool/clamav/quarantine/1387899968.P7872Q712.ow05:2,S'
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q708.ow05:2,S: Win.Trojan.Agent-722032 FOUND
/home/e-smith/files/users/robert/Maildir/cur/1387899967.P7872Q708.ow05:2,S: moved to '/var/spool/clamav/quarantine/1387899967.P7872Q708.ow05:2,S'
----------- SCAN SUMMARY -----------
Known viruses: 3408883
Engine version: 0.98.3
Scanned directories: 2814
Scanned files: 83784
Infected files: 5
Data scanned: 24575.34 MB
Data read: 15418.75 MB (ratio 1.59:1)
Time: 4320.477 sec (72 m 0 s)



« Last Edit: June 17, 2014, 02:22:48 PM by Drifting »
Logged
Infamy, Infamy, they all have it in for me!

Offline Drifting

  • *****
  • 431
  • +0/-0
Re: clamscan hitting constant 100%
« Reply #3 on: June 20, 2014, 01:58:55 PM »
Still doing this? anyone any suggestions?
Logged
Infamy, Infamy, they all have it in for me!

Offline Daniel B.

  • *
  • 1,700
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: clamscan hitting constant 100%
« Reply #4 on: June 20, 2014, 02:22:36 PM »
Looks like you're being overloaded by mails, and your server can't follow (I guess it's a low-end CPU, or doesn't have enough RAM, or both). You should first try to identify where those mails are coming from (tailf /var/log/qpsmtpd/current | grep logterse | tai64nlocal). Then, either fixe the machine which is sending too much mails, or block it if it's not under your control
Logged
C'est la fin du monde !!! :lol:
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: clamscan hitting constant 100%