Process load >110% - clamd and icap - bug?

Hello,

For a few days I have recurrent performance problems with my NS.

Two services are stopped and are not bootable:
ICAP server
clamd

Restart the services I can not!
I do not use squid as a proxy.

When these two services have stopped, the system load increases until the system is almost complete.

Under TOP run these two services and draw computing power without end. When I finish with kill, everything is fine again.

In the LOG files, I find no indication of an error, clamav, regularly pulls the updates - it is from and a mistake that was not found.

Is this phenomenon known - or a new minor problem?
In the search, I could not find anything that points to my problem … Does anyone know what you can make sense / should?

greetings

Gerald

Übersicht.png1680×1050 196 KB

PID.png1680×1050 171 KB

Any info about your hardware?

Hi Gerald,

please ckeck your installed clamav-rpms
rpm -qa clamav-* all should be 0.101.2

Check status of calmd@squidclamav
systemctl status clamd@squidclamav

Service c-icap depends on clamd@squidclamav, so if clamd doesn’t start, c-icap can’t start at all.

You can try to run the command: signal-event nethserver-squidclamav-update

Please have look at that : Squidclamav doesn't start - hangs during acitvating and takes 100% CPU (1 core)

Here is my mini-ITX hardware:

Intel Celeron J1900 (4x 1.99GHz)
8GB RAM
RAID 1 (2x 1TB WD red) (/ var)
MiniSata SSD 16GB (/)
2 NIC (1x onboard external - red) (1x Intel Pro internal green)

So the version should be up to date:

[root@openzwo ~]# rpm -qa clamav-*
clamav-server-systemd-0.101.2-1.el7.x86_64
clamav-update-0.101.2-1.el7.x86_64
clamav-lib-0.101.2-1.el7.x86_64
clamav-unofficial-sigs-5.6.2-7.el7.noarch
clamav-filesystem-0.101.2-1.el7.noarch
[root@openzwo ~]#


[root@openzwo ~]# systemctl status clamd@squidclamav
● clamd@squidclamav.service - clamd scanner (squidclamav) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; static; vendor preset: disabled)
  Drop-In: /etc/systemd/system/clamd@squidclamav.service.d
           └─c-icap.conf
   Active: inactive (dead) since Sun 2019-05-19 17:44:47 CEST; 1h 46min ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Process: 12250 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=killed, signal=TERM)

May 19 17:43:46 openzwo.nandlnet.de systemd[1]: Starting clamd scanner (squidclamav) daemon...
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Received 0 file descriptor(s) from systemd.
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Running as user c-icap (UID 977, GID 973)
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Log file size limited to 1048576 bytes.
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Reading databases from /var/lib/squidclamav
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Not loading PUA signatures.
May 19 17:43:46 openzwo.nandlnet.de clamd[12250]: Bytecode: Security mode set to "TrustSigned".
May 19 17:44:47 openzwo.nandlnet.de systemd[1]: Started clamd scanner (squidclamav) daemon.
[root@openzwo ~]#

I looked at the other post.

systemctl stop clamd @ squidclamav - ok
/ usr / sbin / clamd --debug -F -c /etc/clamd.d/squidclamav.conf -nok

The stop works, however the manual does not start.
No message - just the system load over 100%

The same if I
signal-event nethserver-squidclamav-update
up out.

mmmm, let’s see where that leads!

I got the following output when I tried to restart the service:

root@openzwo var]# systemctl start clamd@squidclamav
Job for clamd@squidclamav.service failed because a timeout was exceeded. See "systemctl status clamd@squidclamav.service" and "journalctl -xe" for details.


[root@openzwo var]# systemctl status clamd@squidclamav.service
● clamd@squidclamav.service - clamd scanner (squidclamav) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; static; vendor preset: disabled)
  Drop-In: /etc/systemd/system/clamd@squidclamav.service.d
           └─c-icap.conf
   Active: activating (start) since Sun 2019-05-19 20:18:33 CEST; 29s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Control: 27601 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@squidclamav.service
           └─27601 /usr/sbin/clamd -c /etc/clamd.d/squidclamav.conf

May 19 20:18:33 openzwo.nandlnet.de systemd[1]: Starting clamd scanner (squidclamav) daemon...
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Received 0 file descriptor(s) from systemd.
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Running as user c-icap (UID 977, GID 973)
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Log file size limited to 1048576 bytes.
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Reading databases from /var/lib/squidclamav
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Not loading PUA signatures.
May 19 20:18:33 openzwo.nandlnet.de clamd[27601]: Bytecode: Security mode set to "TrustSigned".
[root@openzwo var]#