Hi Micah and Henrik I'm slowly getting to the conclusion that the old hosts are reaching EOL which would explain the misbehaviour (just got a few unexplicable SSH connection losses...).
grep -v '^$' clamd.conf | grep -v '^#' LogSyslog yes LogFacility LOG_MAIL LogVerbose yes TCPSocket 3310 TCPAddr 127.0.0.1 User clamav As to Henrik's suggestion to use strace - now it gets really spooky. Once excecuted under strace it took less than 2mins for clamd to start up normally and then run as excpected without hogging the CPU. Of course :-/ I'd say: never mind those old boxes, gotta replace them anyway eventually... thx lukn On 16.11.18 20:45, Micah Snyder (micasnyd) wrote: > That is... bizarre. What does your clamd configuration look like? > Specifically, do you have `ScanOnAccess` enabled and set to watch specific > mount or directory paths? > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > > On Nov 16, 2018, at 9:52 AM, lukn > <lukn...@gmail.com<mailto:lukn...@gmail.com>> wrote: > > Hello list > > I'm having a weird CPU hogging issue here. I'm running some servers as > VM hosts based on CentOS7 with qemu/kvm. On these I'm running various > VMs with CentOS 7 and legacy CentOS 6 (all have latest updates > installed). All of them are running clamd 0.100.2 which got installed > from a self compiled RPM (built from official source, no patches), so > software on all hosts and VMs should be identical. > > However, in VMs on one host machine, clamd is idling, on the other it's > running at 200-350% CPU (4 vcores) according to top - even when there is > nothing to be scanned. > > If I migrate a VM from the "idle" to the "busy" host, their clamd starts > to spin too. If I migrate a VM from the "busy" to the "idle" host, clamd > remains quiet. > > The only noticeable difference between clamd going nuts and clamd > staying calm is the CPU of the host system: > > busy: > model name : Intel(R) Xeon(R) CPU E5645 @ 2.40GHz > > idle: > model name : Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz > > > As mentioned, clamd is installed from a self compiled rpm, this is the > %build section of the spec file, nothing fancy in there: > > %build > ./configure --prefix=%{_prefix} --enable-milter > make check > make > > The issue only occured recently... maybe some borked signature? > Any ideas? > > regards > lukn > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
