1 Topic by Rudigern

  • Rudigern
  • Member
  • Offline
  • Registered: 2016-12-05
  • Posts: 19

Topic: clamscan takes 100% CPU until server restart

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

About every week usually at about 10pm Sydney time clamscan goes to 100% CPU and makes the box mostly unresponsive. I did some OS updates and it improved a bit but eventually goes back. I've looked in a few places and made some modifications but ultimately the problem remains.

The instance is hosted in AWS and has an EFS drive for the mail storage however looking at the metrics the scan is struggling on the EBS volume (OS and apps).

To try and figure out whats wrong, what is triggering the scan at 10pm? I've looked through crons and can't find anything referencing clamav.

Are there any logs? I think I need to enable it at /etc/freshclam.conf? I've had a look through /var/log/messages and nothing stands out. I updated clamav 0.103.8-3.

Are there any other things I can look at? I've implemented a few "fixes" available through forums for this issue but it's resulted in no change.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu (edited by Cthulhu 2023-03-08 05:23:39)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 815

Re: clamscan takes 100% CPU until server restart

Since iRedMail doesn't support Apache, nor centos7 (anymore), and your hints that you modified clamav lets me assume that you did some other modifications aswell, so it will be really hard to find out what is wrong

normally, clamav is configured to ony scan on demand, you problem more seems like a in depth scan of the whole system, but even that shouldn't render the system inoperable


on centos, crons are under

/var/spool/cron/

you can also show all active user based crontabs with

sed 's/^\([^:]*\):.*$/crontab -u \1 -l 2>\&1/' /etc/passwd | sh | grep -v "no crontab for"

3 Reply by Rudigern

  • Rudigern
  • Member
  • Offline
  • Registered: 2016-12-05
  • Posts: 19

Re: clamscan takes 100% CPU until server restart

Cthulhu wrote:

Since iRedMail doesn't support Apache, nor centos7 (anymore), and your hints that you modified clamav lets me assume that you did some other modifications aswell, so it will be really hard to find out what is wrong

normally, clamav is configured to ony scan on demand, you problem more seems like a in depth scan of the whole system, but even that shouldn't render the system inoperable


on centos, crons are under

/var/spool/cron/

you can also show all active user based crontabs with

sed 's/^\([^:]*\):.*$/crontab -u \1 -l 2>\&1/' /etc/passwd | sh | grep -v "no crontab for"

I haven't changed anything in the clamav config. This is an instance that's about 6 years old but kept updated.

I've looked through those crons and there isn't anything to do with clamav in there.

I'm reasonably confident it is doing a deep scan, just no idea where that's configured. I'm guessing the agent triggers the scan rather than a cron. I've looked through '/etc/clamd.d/scan.conf ' file to see if I can disable something but very little isn't commented out. Only thing is that it might have been enabled on an old version of iRedmail and disabled in future releases.

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 815

Re: clamscan takes 100% CPU until server restart

only amavis invokes clamav, there is no cron for a deepscan at all

5 Reply by Rudigern

  • Rudigern
  • Member
  • Offline
  • Registered: 2016-12-05
  • Posts: 19

Re: clamscan takes 100% CPU until server restart

Theres a cron for a amavisd quarantine but that just removes files greater than 15 days and a python one to run cleanup_amavisd_db.py but doesn't run at the correct time. Is the scan.conf the best place to turn logging on? I've tried hunting for the parameter to allow a deep scan but can't find it (probably searching for the wrong thing).

6 Reply by Cthulhu (edited by Cthulhu 2023-03-08 06:46:16)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 815

Re: clamscan takes 100% CPU until server restart

probably the wrong forum aswell, this is not a mailserver related problem, i bet your best guess is
https://bugzilla.clamav.net/

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: clamscan takes 100% CPU until server restart

FYI https://docs.iredmail.org/upgrade.iredm … p-settings