ClamAV/Freshclam issues

Issues related to applications and software problems
Post Reply
redflag420
Posts: 5
Joined: 2019/03/29 06:23:12

ClamAV/Freshclam issues

Post by redflag420 » 2019/03/29 06:43:00

I installed ClamAV and Freshclam, but have 2 issues.

1) When starting clamd, systemd will timeout trying to start the process, but the process is started. No matter what timeout value I give to systemd for it, it will still timeout. I don't want to give it infinity as it will most likely just hang forever trying to start the process. I used this tutorial to do the install for clamav.
https://linux-audit.com/install-clamav- ... freshclam/

2) Freshclam will use 100% of one core and never seems to complete when pulling definitions. It will always get to a specific file it's downloading, then just sit there and never finish.

Mar 29 01:36:01 ds1-temp freshclam[14701]: Downloading daily-25380.cdiff [100%]

PID SYSCPU USRCPU VGROW RGROW RDDSK WRDSK RUID EUID ST EXC THR S CPUNR CPU CMD 1/1
4905 0.00s 5.00s 0K 0K 0K 0K clamupda clamupda -- - 1 R 0 100% freshclam

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ClamAV/Freshclam issues

Post by TrevorH » 2019/03/29 09:24:40

I had a quick scan of that tutorial and I do not understand why they're doing some of the things they are doing. For example, the bit about creating a freshclam systemd unit file - the clamav-update.x86_64 package from EPEL already contains /etc/cron.d/clamav-update which is already set up to run freshclam and download updates every 3 hours.

The author of that article also has no idea what a system unit file with an @ in its name actually does or they wouldn't be telling you to rename them. Unit files like that are named so that you can have more than one of them running at a time just by starting, e.g. systemctl start clamd@scan which tells it to start using /etc/clamd/scan.conf (the default file that is supplied).

Mostly there are enough problems with that article to make me doubt it altogether.

Did you try running freshclam manually as root from a command line? Perhaps with the -v switch to get more info out of it?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

redflag420
Posts: 5
Joined: 2019/03/29 06:23:12

Re: ClamAV/Freshclam issues

Post by redflag420 » 2019/03/29 14:59:46

The tutorial did seem kind of janky to me. I did run freshclam from the command line to see if any errors popped but didn't. I didn't use -v but I can give it a whirl later. I wasn't sure what the @ did in systemd. It should have looked it up prior to following their directions. I may just remove eveything related to that tutorial and have it reinstall everything as it should be and try it and see if I still have the same issues.

redflag420
Posts: 5
Joined: 2019/03/29 06:23:12

Re: ClamAV/Freshclam issues

Post by redflag420 » 2019/04/03 05:46:58

So I completely uninstalled all the packages, deleted all the configs or anything associated with the clamav packages, and removed the systemd unit files it had me changed. I reinstalled everything, removed the example lines out of /etc/clamd.d/scan.conf and /etc/freshclam.conf. I also uncommented "LocalSocket /var/run/clamd.scan/clamd.sock" in /etc/clamd.d/scan.conf. I ran freshclam and it seems like it's stuck at the same spot with 1 core sitting at 100%.

Here is the output of freshclam -v
https://pastebin.com/MAUvciCy

Strace shows read activity while it's stuck after downloading the virus definition.

[00007fbd43ea37bc] brk(NULL) = 0x56519e5d7000
[00007fbd43ea37bc] brk(0x56519e5f8000) = 0x56519e5f8000
[00007fbd4418a6e0] read(5, "4a82D\227\366gLap[\343\341\262\216\356\35O/\27\21pi\27\267X5:\371\213\307"..., 8192) = 8192
[00007fbd4418a6e0] read(5, "\305\356\226\231\26\375\364d\"\202n\233\245\213\243\"\356\213\1P\"\6T\212\355x\227\333\215\227\17I"..., 8192) = 8192
[00007fbd4418a6e0] read(5, "\226\324\351\355\271\270E\365\315\223\10\320b\363\334PL\f\376\331\327F\304@\202\262\7\207\207f\215\275"..., 8192) = 8192
[00007fbd43ea37bc] brk(NULL) = 0x56519e5f8000
[00007fbd43ea37bc] brk(0x56519e619000) = 0x56519e619000

Not really sure what I'm missing here or if it's just taking a really long time to parse the definitions?

redflag420
Posts: 5
Joined: 2019/03/29 06:23:12

Re: ClamAV/Freshclam issues

Post by redflag420 » 2019/04/03 06:07:20

Here is a full output of 'strace -t -f -e trace=file freshclam -v'
https://pastebin.com/QnHmrm5b

Here is the last few lines if you don't want to look at the whole thing.

01:02:04 chdir("/var/lib/clamav") = 0
01:02:04 getcwd("/var/lib/clamav", 512) = 16
01:02:04 access("/var/lib/clamav/clamav-25668af58357e5f796589505cd417dc8.tmp/clamav-7f699fa31c882044ecc2219a6b30048c.tmp", R_OK|W_OK) = 0
01:02:04 chdir("/var/lib/clamav/clamav-25668af58357e5f796589505cd417dc8.tmp/clamav-7f699fa31c882044ecc2219a6b30048c.tmp") = 0
01:02:04 open("./clamav-7f59549d9f63e9b8cdf4f8ce6750a7a9.tmp", O_WRONLY|O_CREAT|O_EXCL, 0644) = 5
01:02:05 open("/var/lib/clamav/mirrors.dat", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 4
01:02:05 open("./clamav-7f59549d9f63e9b8cdf4f8ce6750a7a9.tmp", O_RDONLY) = 4
01:02:06 open("daily.info", O_RDONLY) = 6
01:02:06 open("./clamav-55d901c97db53bf8d42f6faacda5c578.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 7
01:02:06 unlink("daily.info") = 0
01:02:06 rename("./clamav-55d901c97db53bf8d42f6faacda5c578.tmp", "daily.info") = 0
01:02:06 open("daily.ign", O_RDONLY) = 6
01:02:06 open("./clamav-71c2ff78a265d3bd963cfe5137570d4b.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 7
01:02:06 unlink("daily.ign") = 0
01:02:06 rename("./clamav-71c2ff78a265d3bd963cfe5137570d4b.tmp", "daily.ign") = 0
01:02:06 open("daily.ign", O_WRONLY|O_CREAT|O_APPEND, 0666) = 6
01:02:06 open("daily.ign2", O_RDONLY) = 6
01:02:06 open("./clamav-a5729e3cea2ab278fe31af1a2c1ac03c.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 7
01:02:06 unlink("daily.ign2") = 0
01:02:06 rename("./clamav-a5729e3cea2ab278fe31af1a2c1ac03c.tmp", "daily.ign2") = 0
01:02:06 open("daily.ign2", O_WRONLY|O_CREAT|O_APPEND, 0666) = 6
01:02:47 open("daily.hdb", O_RDONLY) = 6
01:02:47 open("./clamav-e6cccbf3d079bf9a6e78b8818d3fc166.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 7
01:02:49 unlink("daily.hdb") = 0
01:02:49 rename("./clamav-e6cccbf3d079bf9a6e78b8818d3fc166.tmp", "daily.hdb") = 0

redflag420
Posts: 5
Joined: 2019/03/29 06:23:12

Re: ClamAV/Freshclam issues

Post by redflag420 » 2019/04/05 05:04:13

I guess maybe I was just being impatient? I let it run for 45 minutes while baby sitting it and it was stuck the whole time. I let it run overnight and it completed at some point. So I guess I just needed to let it run longer. 45+ minutes seems like a long time for that to complete.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ClamAV/Freshclam issues

Post by TrevorH » 2019/04/05 16:50:52

freshclam took 48s when I ran it here from the command line, and, yes, for that entire 48s it ran my cpu at 100%. Might be worth reporting that as a bug to clamav.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

MartyCZ
Posts: 9
Joined: 2018/04/18 15:46:28

Re: ClamAV/Freshclam issues

Post by MartyCZ » 2019/04/06 04:57:48

Same problems here. :-(

MartyCZ
Posts: 9
Joined: 2018/04/18 15:46:28

Re: ClamAV/Freshclam issues

Post by MartyCZ » 2019/04/06 08:36:00

I found solution (for my slow VPS). :)

Edit file /usr/lib/systemd/system/clamd@.service

Code: Select all

[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
# Check for database existence
# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
After = syslog.target nss-lookup.target network.target

[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
Restart = on-failure
TimeoutSec = 180
Adding TimeoutSec helped me (180 seconds were enough for me)

then run

Code: Select all

systemctl daemon-reload
and

Code: Select all

systemctl start clamd@amavisd
and wait... 8-)

Default timeout is too low for slow CPUs and clamd service is restarting and restarting and... (see /var/log/messages)

swallowtail
Posts: 112
Joined: 2009/04/18 04:48:27

Re: ClamAV/Freshclam issues

Post by swallowtail » 2019/06/03 07:23:59

Not sure why all these tutorials have clamav starting as a service in an amavisd world.

I used to have it running that way, and kept running into strange issues.

I have now installed only clamav, clamav-update, and configure amavisd to use clam. Freshclam runs fine. Amavis is virus scanning - it catches EICAR.

Maybe I'm missing something, but these tutorials all seem to over-complicate this - amavisd calls clam on demand I believe, rather than having it run all of the time. Are there advantages to having clamd run constantly?

Post Reply