Package: clamav-daemon Version: 0.99.1+dfsg-1+b2 Severity: normal clamav-daemon got into a loop on my server where it was being killed and restarting multiple times per second. This spiked load to 100. Basically a weak fork bomb.
I tried systemctl stop clamav but it just started right up again. In the end, I rebooted, which "fixed" the problem. Looks like it was being killed each time by the OOM killer. Which makes sense; clamav uses 18% of the system's 2 gb of ram and so will be the top target. I think there should be something to prevent this runaway scenario. Maybe a delay, or maybe avoid restarting repeatedly. May 8 13:58:14 kite kernel: [12577316.169029] Out of memory: Kill process 14646 (clamd) score 115 or sacrifice child May 8 13:58:14 kite kernel: [12577316.169043] Killed process 14646 (clamd) total-vm:425680kB, anon-rss:264680kB, file-rss:0kB May 8 13:58:29 kite kernel: [12577330.925647] Out of memory: Kill process 14662 (clamd) score 115 or sacrifice child May 8 13:58:29 kite kernel: [12577330.925663] Killed process 14662 (clamd) total-vm:425936kB, anon-rss:264684kB, file-rss:12kB Sun May 8 07:32:30 2016 -> +++ Started at Sun May 8 07:32:30 2016 Sun May 8 07:32:30 2016 -> Received 1 file descriptor(s) from systemd. Sun May 8 07:32:30 2016 -> clamd daemon 0.99.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Sun May 8 07:32:30 2016 -> Running as user clamav (UID 112, GID 119) Sun May 8 07:32:30 2016 -> Log file size limited to 4294967295bytes. Sun May 8 07:32:30 2016 -> Reading databases from /var/lib/clamav Sun May 8 07:32:30 2016 -> Not loading PUA signatures. Sun May 8 07:32:30 2016 -> Bytecode: Security mode set to "TrustSigned". Sun May 8 13:32:30 2016 -> +++ Started at Sun May 8 13:32:30 2016 Sun May 8 13:32:30 2016 -> Received 1 file descriptor(s) from systemd. Sun May 8 13:32:30 2016 -> clamd daemon 0.99.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Sun May 8 13:32:30 2016 -> Running as user clamav (UID 112, GID 119) Sun May 8 13:32:30 2016 -> Log file size limited to 4294967295bytes. Sun May 8 13:32:30 2016 -> Reading databases from /var/lib/clamav Sun May 8 13:32:30 2016 -> Not loading PUA signatures. Sun May 8 13:32:30 2016 -> Bytecode: Security mode set to "TrustSigned". Sun May 8 13:32:39 2016 -> +++ Started at Sun May 8 13:32:39 2016 Sun May 8 13:32:39 2016 -> Received 1 file descriptor(s) from systemd. Sun May 8 13:32:39 2016 -> clamd daemon 0.99.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Sun May 8 13:32:39 2016 -> Running as user clamav (UID 112, GID 119) Sun May 8 13:32:39 2016 -> Log file size limited to 4294967295bytes. Sun May 8 13:32:39 2016 -> Reading databases from /var/lib/clamav Sun May 8 13:32:39 2016 -> Not loading PUA signatures. Sun May 8 13:32:39 2016 -> Bytecode: Security mode set to "TrustSigned". Sun May 8 13:32:50 2016 -> +++ Started at Sun May 8 13:32:50 2016 Sun May 8 13:32:50 2016 -> Received 1 file descriptor(s) from systemd. Sun May 8 13:32:50 2016 -> clamd daemon 0.99.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Sun May 8 13:32:50 2016 -> Running as user clamav (UID 112, GID 119) Sun May 8 13:32:50 2016 -> Log file size limited to 4294967295bytes. Sun May 8 13:32:50 2016 -> Reading databases from /var/lib/clamav Sun May 8 13:32:50 2016 -> Not loading PUA signatures. Sun May 8 13:32:50 2016 -> Bytecode: Security mode set to "TrustSigned". May 11 09:09:53 kite systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=9/KILL May 11 09:09:53 kite systemd[1]: clamav-daemon.service: Unit entered failed state. May 11 09:09:53 kite systemd[1]: clamav-daemon.service: Failed with result 'signal'. May 11 09:09:53 kite systemd[1]: Started Clam AntiVirus userspace daemon. May 11 09:10:07 kite systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=9/KILL May 11 09:10:07 kite systemd[1]: clamav-daemon.service: Unit entered failed state. May 11 09:10:07 kite systemd[1]: clamav-daemon.service: Failed with result 'signal'. May 11 09:10:07 kite systemd[1]: Started Clam AntiVirus userspace daemon. May 11 09:10:30 kite systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=9/KILL May 11 09:10:30 kite systemd[1]: clamav-daemon.service: Unit entered failed state. May 11 09:10:30 kite systemd[1]: clamav-daemon.service: Failed with result 'signal'. May 11 09:10:30 kite systemd[1]: Started Clam AntiVirus userspace daemon. May 11 09:11:02 kite systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=9/KILL May 11 09:11:02 kite systemd[1]: clamav-daemon.service: Unit entered failed state. May 11 09:11:02 kite systemd[1]: clamav-daemon.service: Failed with result 'signal'. May 11 09:11:02 kite systemd[1]: Started Clam AntiVirus userspace daemon. May 11 09:11:18 kite systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=9/KILL May 11 09:11:18 kite systemd[1]: clamav-daemon.service: Unit entered failed state. May 11 09:11:18 kite systemd[1]: clamav-daemon.service: Failed with result 'signal'. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamav.log" StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled DetectionStatsHostID disabled SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.99.1 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Database information -------------------- Database directory: /var/lib/clamav bytecode.cvd: version 277, sigs: 47, built on Fri Apr 15 14:57:09 2016 main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 19:17:06 2016 daily.cld: version 21526, sigs: 136312, built on Wed May 11 08:56:06 2016 Total number of signatures: 4355149 Platform information -------------------- uname: Linux 4.5.0-2-amd64 #1 SMP Debian 4.5.3-2 (2016-05-08) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux testing (stretch) zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: core-avx-i, Little-endian platform id: 0x0a2152520805030101050301 Build information ----------------- GNU C: 5.3.1 20160409 (5.3.1) GNU C++: 5.3.1 20160409 (5.3.1) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 LDFLAGS: -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' sizeof(void*) = 8 Engine flevel: 82, dconf: 82 --- data dir --- total 116296 -rw-r--r-- 1 clamav clamav 72045 Apr 28 10:37 bytecode.cvd -rw-r--r-- 1 clamav clamav 9850880 May 11 11:53 daily.cld -rw-r--r-- 1 clamav clamav 109143933 Mar 17 01:08 main.cvd -rw------- 1 clamav clamav 1144 May 11 11:53 mirrors.dat -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.5.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages clamav-daemon depends on: ii adduser 3.114 ii clamav-base 0.99.1+dfsg-1 ii clamav-freshclam [clamav-data] 0.99.1+dfsg-1+b2 ii debconf [debconf-2.0] 1.5.59 ii dpkg 1.18.4 ii init-system-helpers 1.31 ii libc6 2.22-7 ii libclamav7 0.99.1+dfsg-1+b2 ii libncurses5 6.0+20160319-1 ii libssl1.0.2 1.0.2h-1 ii libsystemd0 229-5 ii libtinfo5 6.0+20160319-1 ii lsb-base 9.20160110 ii procps 2:3.3.11-3 ii ucf 3.0036 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages clamav-daemon recommends: ii clamdscan 0.99.1+dfsg-1+b2 Versions of packages clamav-daemon suggests: pn apparmor <none> pn clamav-docs <none> pn daemon <none> -- debconf information excluded -- see shy jo