Project

General

Profile

Actions

Bug #13073

open

ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors

Added by Konrad Lanz almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

ClamAV - clamd dies with high CPU load and thus the C-ICAP of squid-reverse proxy causes http:500 errors

user-agent: ClamAV/0.104.1 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUID: 28d18431-39e7-4249-b2d7-ddeb1c3d6ae1)

maybe related to: https://forum.netgate.com/topic/148037/clamav-spikes-cpu-usage-after-changing-squid-setting/4

Reinstalling as suggested in https://redmine.pfsense.org/issues/8832 does not help.

After the reinstall ...


[2.6.0-RELEASE][]/: /usr/local/etc/rc.d/clamd.sh start
Missing /var/db/clamav/*.cvd or *.cld files. You must run freshclam first!
[2.6.0-RELEASE][]/: freshclam

... freshclam works ...

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory

[2.6.0-RELEASE][]/: /usr/local/etc/rc.d/clamd.sh start
ERROR: Can't save PID to file /var/run/clamav/clamd.pid: Permission denied

[2.6.0-RELEASE][]/: ls al /var/run/clamav/clamd.pid
-rw-r--r-
1 root wheel 6 Apr 15 17:43 /var/run/clamav/clamd.pid

[2.6.0-RELEASE][]/: ps ax | grep clam
88785 - Ds 0:33.66 /usr/local/sbin/clamd --config-file=/usr/local/etc/clamd.conf
27512 0 R+ 0:00.00 grep clam

... clamd only runs for a few moments and then dies with high cpu load ... trying one more restart ... but dies again ...

[2.6.0-RELEASE][]/: /usr/local/etc/rc.d/clamd.sh restart

ERROR: Can't save PID to file /var/run/clamav/clamd.pid: Permission denied

[2.6.0-RELEASE][]/: cat /var/run/clamav/clamd.pid
36115

[2.6.0-RELEASE][]/: ps ax | grep clam
10902 0 R+ 0:00.00 grep clam

... clamd died ...

[2.6.0-RELEASE][]/: tail /var/log/c-icap/access.log
15/Apr/2022:17:54:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:17:55:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:17:56:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:17:57:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:17:58:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:18:01:41 +0200, 127.0.0.1 127.0.0.1 OPTIONS squid_clamav 200
15/Apr/2022:18:02:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:18:03:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:18:04:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500
15/Apr/2022:18:05:41 +0200, 127.0.0.1 127.0.0.1 REQMOD squid_clamav 500

tail /var/log/c-icap/server.log
Fri Apr 15 17:58:41 2022, 23360/9251840, squidclamav.c(2081) dconnect: Fri Apr 15 17:58:41 2022, 23360/9251840, ERROR Can't connect to clamd on local socket /var/run/clamav/clamd.sock.
Fri Apr 15 17:58:41 2022, 23360/9251840, squidclamav.c(787) squidclamav_end_of_data_handler: Fri Apr 15 17:58:41 2022, 23360/9251840, ERROR Can't connect to Clamd daemon.

No data to display

Actions

Also available in: Atom PDF