Clamav Running Wild on it's own (SOLVED)

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Clamav Running Wild on it's own (SOLVED)

Post by pcpunk »

Hey guys! Freshclam/Clamav is running 50% of CPU, 100% of No.1 Core and 1.50 of RAM, all on it's own. This is on the HP Laptop in signature.

Don't know if any of this matters but just made this single boot KDE 17.1 a Dual Boot with Mate 18. It all seemed okay until today, so it's been just a day or so since install. I don't really know the best diagnostics to provide, so if needed just fire away.

I also installed Teamviewer recently, but just to test it out for some future work. I didn't create an account and have read about how to keep it locked down.

One thing to note, this is a 17-18mo old install and gets a lot of use...kinda...for me. And, I deleted swap for the KDE side to setup the 18 install...why, swap was at the end of drive. Was going to do some testing without swap before I point it to the 4GB I created for Mate 18.

I also ran a fsck and included the text in an Attachment, although just noticed the date is wrong.

I wonder if dmesg log would be good for this type of thing, and how to do it properly. I just killed freshclam/clamav so don't know if that would matter. I'll leave an attachment of dmesg just in case.

Another symptom was file manager was really slow, I'm assuming only because clamav was using a lot of resources.

Thanks, pcpunk
Last edited by pcpunk on Sat Nov 05, 2016 10:37 am, edited 1 time in total.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
User avatar
jimallyn
Level 18
Level 18
Posts: 8964
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Clamav Running Wild on it's own

Post by jimallyn »

Most Linux users don't use an anti-virus, and many even recommend that you do not. See this page:

https://sites.google.com/site/easylinux ... t/security

I have been using Linux for 14 years and have never used an anti-virus. None of my Linux computers have ever been infected with any virus or malware, nor has the computer of any Linux user I know. Not saying it can't happen, it's just unlikely.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

I only use it once in a while to clear browser infections, but haven't used it for a while. It comes installed with Mint and I don't Uninstall Default programs. It's just there, and noticed some stuff not working well, then noticed Conky showing high cpu usage right after boot, and it don't stop.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
User avatar
all41
Level 16
Level 16
Posts: 6595
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Clamav Running Wild on it's own

Post by all41 »

+1 for jimallyn advice.
@pcpunk
You've been around long enough to know how most users feel regarding av software.
Keep behind a decent router firewall and run your browser sandboxed (firfejail) you will be pretty
safe without constant av scanning eating your system resources
Light travels faster than sound. That's why some people appear smart until you hear what they are saying.
You will seldom see a grey-beard wearing a tinfoil hat.
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

It's got nothing to do with running clamav, it's got to be some other file system issue. I'll do some digging buy my skills probably won't get me far.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

To be clear, freshclam is running all on it's own at startup. I did sudo killall freshclam to get working on a fix. I included the output of $ grep -i error /var/log/syslog in an attachment.
Last edited by pcpunk on Fri Nov 04, 2016 10:51 pm, edited 1 time in total.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
User avatar
Schultz
Level 8
Level 8
Posts: 2078
Joined: Thu Feb 25, 2016 8:57 pm

Re: Clamav Running Wild on it's own

Post by Schultz »

pcpunk wrote:
It comes installed with Mint and I don't Uninstall Default programs.
It definitely does NOT come installed with Mint. Did you download the Mint iso from the official website, or somewhere else?
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

@ Schultz, I guess I had forgotten that I installed it then, thought for sure it was included. This is of no consequence though as it is just malfunctioning on it's own. Never had an issue with it ever since using Mint. The iso was from the Mint site and verified.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

I wonder if my HDD is starting to fail, it's old, the original on a 2006 laptop. I will check it out if someone will tell me the best way to do so. It's a Seagate, I wonder if I will need to burn a Seagate diagnosis disk?

I also set swap to be used on new swap file just in case that was the issue...It's working.

EDIT: UNINSTALLED, WILL MARK AS SOLVED IF THIS FIXES FRESHCLAM FROM RUNNING AT BOOT.
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
User avatar
kukamuumuka
Level 16
Level 16
Posts: 6696
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: Clamav Running Wild on it's own

Post by kukamuumuka »

It does not find the database server. Purge ClamAv and re-install it.

Code: Select all

sudo apt-get purge clamav-freshclam 
sudo apt-get install clamav-freshclam clamtk
sudo freshclam
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Post by pcpunk »

@administrollaattori, thanks for the help! I uninstalled via SPM because...well...I don't know what I'm doing lol. And there are some dependencies for kde with the version I was using.

I think it was a change I made right before this happened. It may not be logical, but was the only change I made immediately before. That was changing the Log-in to Automatic, But, then forgetting to Click Apply, and then closed the window. Otherwise have had no issues that I don't cause myself.

Also considering not using clamav because it over uses CPU IMO. I just need to learn how to Clear my cache without ruining my browsing experience. I hate starting all over - so to speak - when I get browsing again.

Thanks, Pcpunk
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
User avatar
karlchen
Level 21
Level 21
Posts: 13547
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Clamav Running Wild (SOLVED) Without Uninstalling :-)

Post by karlchen »

Hello, pcpunk.

I realize this thread has been marked solved. And I know you followed administrollaattori's advice of completely purging and then re-installing clamav.
Nonetheless I would like to explain a different approach. Maybe it is going to help you in case the problem re-occurs and maybe it is going to help someone else who encounters the same problem.
As a matter of fact it happened on 2 different Mint systems to me only recently, i.e. yesterday and today:
+ Mint 13
+ Mint 17.1

Case #1: solved by deleting mirrors.dat

Symptom:
I had manually run sudo freshclam in a terminal window. Normally this will succeed within less than a minute. This time, however, it kept on downloading the same daily.cvd over and over again.

Solution:
  • Interrupted the running freshclam by pressing <ctrl>c.
  • Stopped the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam stop
  • Removed the file mirrors.dat by executing sudo rm /var/lib/clamav/mirrors.dat
  • Started the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam start
  • Executed sudo freshclam -v (used option -v to make freshclam a bit more verbose.)
  • Update of the daily definition file finished within half a minute.
  • Problem solved.
Case #2: solved by deleting /var/lib/clamav/*
I had manually run sudo freshclam in a terminal window. Normally this will succeed within less than a minute. This time, however, it got stuck downloading the file daily-22474.cdiff at [100%].
Noticed that both, the freshclam process which I had started in the terminal and the freshclam daemon which gets started on system startup, both used 100% CPU each.

Solution:
  • Tried the steps given above for case #1 first, hoping they would solve the problem this time, too.
    But in vain.
    As soon as sudo /etc/init.d/clamav-freshclam start had been executed, the freshclam daemon process would quickly start consuming 100% CPU again.
    The same applied to the foreground process sudo freshclam -v.
    And both would get stuck on the same file daily-22474.cdiff at [100%].
    This suggested that a more drastic steps might be needed than just deleting mirrors.dat.
  • Interrupted the running freshclam by pressing <ctrl>c.
  • Stopped the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam stop
  • Removed all the files in the folder /var/lib/clamav by executing sudo rm /var/lib/clamav/*
  • Started the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam start
  • Monitored freshclam CPU usage and the freshclam logfile /var/log/clamav/freshclam.log.
    This time the freshclam daemon downloaded the files
    mirrors.dat - main.cvd - daily.cvd - bytecode.cvd
    and applied them.
    freshclam would cause brief CPU usage peaks of 100% only when applying each downloaded file. Else it would not exceed 4% CPU usage.
  • Finally tried sudo freshclam -v again, which returned very quickly because the definition files had just been downloaded.
  • Problem solved.
Applications used in both cases:
  • gnome-terminal with bash to execute terminal commands.
  • gnome-system-monitor to inspect running processes and their resource consumption.
  • Gnome Commander in root mode, else operating inside the folder /var/lib/clamav will not be permitted.
  • Gnome Commander file viewer to inspect the logfile /var/log/clamav/freshclam.log
    (gnome-system-log can be used for the same purpose on non-KDE systems.)
As no work has to be done the freshclam daemon now consumes 0% CPU while I am wrtiting this message.

Best regards,
Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)
pcpunk
Level 5
Level 5
Posts: 959
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own (SOLVED)

Post by pcpunk »

That is a wealth of information Karl, thanks very much! I'll need to Bookmark that one for sure, and re-read it later today. And yes I would have preferred fixing it but think I will try to live without it for a while. I going to try and learn how to purge those Browser infections via Clearing Browser Cache, which I hate doing. Clamav is also pretty hard on my CPU, Laptop gets a little warm, more so than with anything else.
As a matter of fact it happened on 2 different Mint systems to me only recently, i.e. yesterday and today:
Good to see I'm not alone, and just last night saw this one by gold_finger
viewtopic.php?f=90&t=233168

Cheers, Pcpunk
HP Compaq nx7400, Cinnamon 19.2
Intel R Core™2CPU, T5500@1.66GHz, 4GB Crucial RAM
Super Clean Runs Perfect
grizzler
Level 5
Level 5
Posts: 652
Joined: Wed Jun 15, 2011 5:19 pm
Location: The Hague, NL

Re: Clamav Running Wild (SOLVED) Without Uninstalling :-)

Post by grizzler »

karlchen wrote:Nonetheless I would like to explain a different approach. Maybe it is going to help you in case the problem re-occurs and maybe it is going to help someone else who encounters the same problem.
Check.

I saw this happen on a Debian Testing machine (SolydXK/Xfce) yesterday. Killed the process and forgot about it. Thanks for reminding me, Karl.

I tried the first solution and had no luck. The second did it, but running sudo freshclam -v after starting the service didn't work because of a lock by another process on /var/log/clamav/freshclam.log. Reversing the last two steps did work. Daemon now running on 0%.
Thanks again.

Edit
Actually, pcpunk is the one I should thank for reminding me. Karl for the solution... :lol:
User avatar
karlchen
Level 21
Level 21
Posts: 13547
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Clamav Running Wild on it's own (SOLVED)

Post by karlchen »

Hello, grizzler.

You caught me. Should have explained better than I did.
In case the freshclam daemon is actively refreshing the local AV definition files, trying to run sudo freshclam will terminate with a locking error. This is by design I guess. Only one update operation at a time permitted.

Cheers,
Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)
Post Reply

Return to “Software & Applications”