Clamav Running Wild on it's own (SOLVED)

Questions about applications and software
Forum rules
Before you post please read how to get help
pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Clamav Running Wild on it's own (SOLVED)

Postby pcpunk » Fri Nov 04, 2016 8:32 pm

Hey guys! Freshclam/Clamav is running 50% of CPU, 100% of No.1 Core and 1.50 of RAM, all on it's own. This is on the HP Laptop in signature.

Don't know if any of this matters but just made this single boot KDE 17.1 a Dual Boot with Mate 18. It all seemed okay until today, so it's been just a day or so since install. I don't really know the best diagnostics to provide, so if needed just fire away.

I also installed Teamviewer recently, but just to test it out for some future work. I didn't create an account and have read about how to keep it locked down.

One thing to note, this is a 17-18mo old install and gets a lot of use...kinda...for me. And, I deleted swap for the KDE side to setup the 18 install...why, swap was at the end of drive. Was going to do some testing without swap before I point it to the 4GB I created for Mate 18.

I also ran a fsck and included the text in an Attachment, although just noticed the date is wrong.

I wonder if dmesg log would be good for this type of thing, and how to do it properly. I just killed freshclam/clamav so don't know if that would matter. I'll leave an attachment of dmesg just in case.

Another symptom was file manager was really slow, I'm assuming only because clamav was using a lot of resources.

Thanks, pcpunk
Last edited by pcpunk on Sat Nov 05, 2016 10:37 am, edited 1 time in total.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

User avatar
jimallyn
Level 17
Level 17
Posts: 7248
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Clamav Running Wild on it's own

Postby jimallyn » Fri Nov 04, 2016 9:04 pm

Most Linux users don't use an anti-virus, and many even recommend that you do not. See this page:

https://sites.google.com/site/easylinux ... t/security

I have been using Linux for 14 years and have never used an anti-virus. None of my Linux computers have ever been infected with any virus or malware, nor has the computer of any Linux user I know. Not saying it can't happen, it's just unlikely.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Fri Nov 04, 2016 9:39 pm

I only use it once in a while to clear browser infections, but haven't used it for a while. It comes installed with Mint and I don't Uninstall Default programs. It's just there, and noticed some stuff not working well, then noticed Conky showing high cpu usage right after boot, and it don't stop.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

User avatar
all41
Level 11
Level 11
Posts: 3757
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Clamav Running Wild on it's own

Postby all41 » Fri Nov 04, 2016 9:45 pm

+1 for jimallyn advice.
@pcpunk
You've been around long enough to know how most users feel regarding av software.
Keep behind a decent router firewall and run your browser sandboxed (firfejail) you will be pretty
safe without constant av scanning eating your system resources
Proud to be a supporter and monthly contributor to Mint.

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Fri Nov 04, 2016 9:52 pm

It's got nothing to do with running clamav, it's got to be some other file system issue. I'll do some digging buy my skills probably won't get me far.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Fri Nov 04, 2016 10:26 pm

To be clear, freshclam is running all on it's own at startup. I did sudo killall freshclam to get working on a fix. I included the output of $ grep -i error /var/log/syslog in an attachment.
Last edited by pcpunk on Fri Nov 04, 2016 10:51 pm, edited 1 time in total.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

User avatar
Schultz
Level 5
Level 5
Posts: 977
Joined: Thu Feb 25, 2016 8:57 pm

Re: Clamav Running Wild on it's own

Postby Schultz » Fri Nov 04, 2016 10:50 pm

pcpunk wrote:
It comes installed with Mint and I don't Uninstall Default programs.

It definitely does NOT come installed with Mint. Did you download the Mint iso from the official website, or somewhere else?

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Fri Nov 04, 2016 10:56 pm

@ Schultz, I guess I had forgotten that I installed it then, thought for sure it was included. This is of no consequence though as it is just malfunctioning on it's own. Never had an issue with it ever since using Mint. The iso was from the Mint site and verified.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Fri Nov 04, 2016 11:00 pm

I wonder if my HDD is starting to fail, it's old, the original on a 2006 laptop. I will check it out if someone will tell me the best way to do so. It's a Seagate, I wonder if I will need to burn a Seagate diagnosis disk?

I also set swap to be used on new swap file just in case that was the issue...It's working.

EDIT: UNINSTALLED, WILL MARK AS SOLVED IF THIS FIXES FRESHCLAM FROM RUNNING AT BOOT.
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

User avatar
administrollaattori
Level 12
Level 12
Posts: 4403
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: Clamav Running Wild on it's own

Postby administrollaattori » Sat Nov 05, 2016 4:34 am

It does not find the database server. Purge ClamAv and re-install it.

Code: Select all

sudo apt-get purge clamav-freshclam
sudo apt-get install clamav-freshclam clamtk
sudo freshclam

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own

Postby pcpunk » Sat Nov 05, 2016 10:15 am

@administrollaattori, thanks for the help! I uninstalled via SPM because...well...I don't know what I'm doing lol. And there are some dependencies for kde with the version I was using.

I think it was a change I made right before this happened. It may not be logical, but was the only change I made immediately before. That was changing the Log-in to Automatic, But, then forgetting to Click Apply, and then closed the window. Otherwise have had no issues that I don't cause myself.

Also considering not using clamav because it over uses CPU IMO. I just need to learn how to Clear my cache without ruining my browsing experience. I hate starting all over - so to speak - when I get browsing again.

Thanks, Pcpunk
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

User avatar
karlchen
Level 18
Level 18
Posts: 8167
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Clamav Running Wild (SOLVED) Without Uninstalling :-)

Postby karlchen » Sun Nov 06, 2016 8:19 am

Hello, pcpunk.

I realize this thread has been marked solved. And I know you followed administrollaattori's advice of completely purging and then re-installing clamav.
Nonetheless I would like to explain a different approach. Maybe it is going to help you in case the problem re-occurs and maybe it is going to help someone else who encounters the same problem.
As a matter of fact it happened on 2 different Mint systems to me only recently, i.e. yesterday and today:
+ Mint 13
+ Mint 17.1

Case #1: solved by deleting mirrors.dat

Symptom:
I had manually run sudo freshclam in a terminal window. Normally this will succeed within less than a minute. This time, however, it kept on downloading the same daily.cvd over and over again.

Solution:
  • Interrupted the running freshclam by pressing <ctrl>c.
  • Stopped the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam stop
  • Removed the file mirrors.dat by executing sudo rm /var/lib/clamav/mirrors.dat
  • Started the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam start
  • Executed sudo freshclam -v (used option -v to make freshclam a bit more verbose.)
  • Update of the daily definition file finished within half a minute.
  • Problem solved.

Case #2: solved by deleting /var/lib/clamav/*
I had manually run sudo freshclam in a terminal window. Normally this will succeed within less than a minute. This time, however, it got stuck downloading the file daily-22474.cdiff at [100%].
Noticed that both, the freshclam process which I had started in the terminal and the freshclam daemon which gets started on system startup, both used 100% CPU each.

Solution:
  • Tried the steps given above for case #1 first, hoping they would solve the problem this time, too.
    But in vain.
    As soon as sudo /etc/init.d/clamav-freshclam start had been executed, the freshclam daemon process would quickly start consuming 100% CPU again.
    The same applied to the foreground process sudo freshclam -v.
    And both would get stuck on the same file daily-22474.cdiff at [100%].
    This suggested that a more drastic steps might be needed than just deleting mirrors.dat.
  • Interrupted the running freshclam by pressing <ctrl>c.
  • Stopped the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam stop
  • Removed all the files in the folder /var/lib/clamav by executing sudo rm /var/lib/clamav/*
  • Started the freshclam daemon process by executing sudo /etc/init.d/clamav-freshclam start
  • Monitored freshclam CPU usage and the freshclam logfile /var/log/clamav/freshclam.log.
    This time the freshclam daemon downloaded the files
    mirrors.dat - main.cvd - daily.cvd - bytecode.cvd
    and applied them.
    freshclam would cause brief CPU usage peaks of 100% only when applying each downloaded file. Else it would not exceed 4% CPU usage.
  • Finally tried sudo freshclam -v again, which returned very quickly because the definition files had just been downloaded.
  • Problem solved.

Applications used in both cases:
  • gnome-terminal with bash to execute terminal commands.
  • gnome-system-monitor to inspect running processes and their resource consumption.
  • Gnome Commander in root mode, else operating inside the folder /var/lib/clamav will not be permitted.
  • Gnome Commander file viewer to inspect the logfile /var/log/clamav/freshclam.log
    (gnome-system-log can be used for the same purpose on non-KDE systems.)
As no work has to be done the freshclam daemon now consumes 0% CPU while I am wrtiting this message.

Best regards,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

pcpunk
Level 5
Level 5
Posts: 761
Joined: Sun Jun 15, 2014 1:44 pm
Location: Florida

Re: Clamav Running Wild on it's own (SOLVED)

Postby pcpunk » Sun Nov 06, 2016 10:24 am

That is a wealth of information Karl, thanks very much! I'll need to Bookmark that one for sure, and re-read it later today. And yes I would have preferred fixing it but think I will try to live without it for a while. I going to try and learn how to purge those Browser infections via Clearing Browser Cache, which I hate doing. Clamav is also pretty hard on my CPU, Laptop gets a little warm, more so than with anything else.
As a matter of fact it happened on 2 different Mint systems to me only recently, i.e. yesterday and today:

Good to see I'm not alone, and just last night saw this one by gold_finger
viewtopic.php?f=90&t=233168

Cheers, Pcpunk
HP Series HST NN-104C Bussiness Notebook nx7400, KDE 17.1-64BIT
Intel R Core™2CPU, T5500@1.66GHz, 4GB of RAM

grizzler
Level 5
Level 5
Posts: 658
Joined: Wed Jun 15, 2011 5:19 pm
Location: The Hague, NL

Re: Clamav Running Wild (SOLVED) Without Uninstalling :-)

Postby grizzler » Sun Nov 06, 2016 1:40 pm

karlchen wrote:Nonetheless I would like to explain a different approach. Maybe it is going to help you in case the problem re-occurs and maybe it is going to help someone else who encounters the same problem.

Check.

I saw this happen on a Debian Testing machine (SolydXK/Xfce) yesterday. Killed the process and forgot about it. Thanks for reminding me, Karl.

I tried the first solution and had no luck. The second did it, but running sudo freshclam -v after starting the service didn't work because of a lock by another process on /var/log/clamav/freshclam.log. Reversing the last two steps did work. Daemon now running on 0%.
Thanks again.

Edit
Actually, pcpunk is the one I should thank for reminding me. Karl for the solution... :lol:

User avatar
karlchen
Level 18
Level 18
Posts: 8167
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Clamav Running Wild on it's own (SOLVED)

Postby karlchen » Sun Nov 06, 2016 6:06 pm

Hello, grizzler.

You caught me. Should have explained better than I did.
In case the freshclam daemon is actively refreshing the local AV definition files, trying to run sudo freshclam will terminate with a locking error. This is by design I guess. Only one update operation at a time permitted.

Cheers,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.


Return to “Software & Applications”