Package: clamav-freshclam Version: 0.101.1+dfsg-3 Severity: important Hi,
Since recently, freshclam daemon eats 100% CPU when downloading updates. It is doing this right now on this machine: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 7764 clamav 20 0 69368 29224 8868 R 100.0 0.7 5:22.83 freshclam This is what I see in the log: Wed Mar 6 13:01:49 2019 -> freshclam daemon 0.101.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Mar 6 13:01:49 2019 -> ClamAV update process started at Wed Mar 6 13:01:49 2019 Wed Mar 6 13:01:49 2019 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Mar 6 13:01:50 2019 -> Downloading daily-25378.cdiff [100%] Wed Mar 6 13:01:50 2019 -> Downloading daily-25379.cdiff [100%] Wed Mar 6 13:01:53 2019 -> Downloading daily-25380.cdiff [100%] Here is the output of strace -t -p 7764 2>&1 : strace: Process 7764 attached strace: [ Process PID=7764 runs in x32 mode. ] strace: [ Process PID=7764 runs in 64 bit mode. ] 13:11:28 read(5, "\371B\314\4\346Hr\227\243n\367W[D\314\24\260\17\255C&\326\206\376\301\213\31\310\32E\224E"..., 8192) = 8192 13:11:29 brk(0x55a4c6490000) = 0x55a4c6490000 13:11:30 read(5, "\276\360C\273\251\220\"x4)\207e\211\177\3064H\301\253|z\220d\371\263\vK:d\34\325\276"..., 8192) = 8192 13:11:32 read(5, "w]\233?4\235\5\177\211\235\275\266Zv|\340Y\10=\327O\211_;\315B\17'\212`$8"..., 8192) = 8192 13:11:34 read(5, "\366\313\37s$\204+\225Hkq\257\323O\217s$\206%\275\257\357\334\301G\356~{!\201]\23"..., 8192) = 8192 13:11:35 brk(0x55a4c64b1000) = 0x55a4c64b1000 13:11:36 read(5, "\343\265\275\373\2153\202\313\203\335\3467O\310\256\267\27c8\255{\231\360\245j\234|\357\310\4.n"..., 8192) = 8192 13:11:40 read(5, "\224P\336~\22\6l\245udr\333]\250\357>#L\220\n\335\206\246\271\265>\374IX\260;n"..., 8192) = 8192 13:11:40 brk(0x55a4c64d2000) = 0x55a4c64d2000 13:11:42 read(5, "\221\4\357\302\375\370\314\r\366J\316}\247l\357\273\336\333A\356\340{\27\33\26q\nw\177\372\5\304"..., 8192) = 8192 13:11:44 read(5, "\371.4u4\365\177:\231\20\305@njUR\305l\266\375\366 \1}=Gv\343:<x?"..., 8192) = 8192 13:11:46 brk(0x55a4c64f3000) = 0x55a4c64f3000 13:11:46 read(5, "\fN\253\332\261,)\327\253\375!f\201\225\266\263\235j\341\315\273?\353)\\\3456c_\276\315\315"..., 8192) = 8192 13:11:48 read(5, "\v\316\312\16N:\343\266=\334\252\370\303K@\3569\327Xx\241h\236\267\177\234`+\20\205\206\17"..., 8192) = 8192 13:11:51 brk(0x55a4c6514000) = 0x55a4c6514000 13:11:52 read(5, "\257|t\21\206A\25\212;\311\32z\236\217\310D\2407'{\223t\221\237\372\314\2470q\260\367\306"..., 8192) = 8192 13:11:54 read(5, "\350\351x\342\5\315T\301j\311\272\367y\272\257\4Bs_\325S\304\332\370j\265\253\4Ag/\17"..., 8192) = 8192 13:11:56 read(5, "\351d\264\246\254\375\352c\32\206BS\357\332\324w\2358:\217\256\303\240ua\257\2136\233\376y\323"..., 8192) = 8192 13:11:57 brk(0x55a4c6535000) = 0x55a4c6535000 13:11:58 read(5, "\f%\370N\364\35y1\341\250\370\345\225\243\31\245n\367\217\334\254\204V\313\203\24\214{Y|\344{"..., 8192) = 8192 13:12:00 read(5, "\373\224\334\317z\1\215;M\17\n\247\356\217/\326(\241\225\221\7\317\314\221\225\357^\33\0254\262d"..., 8192) = 8192 And it is still running like that with 100% CPU usage... BR, Stanislav -- Package-specific info: --- configuration --- #Automatically Generated by clamav-base postinst #To reconfigure clamd run #dpkg-reconfigure clamav-base #Please read /usr/share/doc/clamav-base/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default with environment variables TMPDIR/TMP/TEMP possible User clamav AllowSupplementaryGroups true ScanMail true ScanArchive true ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 LogSyslog false LogRotate true LogFacility LOG_LOCAL6 LogClean false LogVerbose false PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav SelfCheck 3600 Foreground false Debug false ScanPE true MaxEmbeddedPE 10M ScanOLE2 true ScanHTML true MaxHTMLNormalize 10M MaxHTMLNoTags 2M MaxScriptNormalize 5M MaxZipTypeRcg 1M ScanSWF true DetectBrokenExecutables false ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 PhishingSignatures true PhishingScanURLs true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false DetectPUA false ScanPartialMessages false HeuristicScanPrecedence false StructuredDataDetection false CommandReadTimeout 5 SendBufTimeout 200 MaxQueue 100 ExtendedDetectionInfo true OLE2BlockMacros false ScanOnAccess false AllowAllMatchScan true ForceToDisk false DisableCertCheck false StreamMaxLength 25M LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 Bytecode true BytecodeSecurity TrustSigned BytecodeTimeout 60000 OfficialDatabaseOnly false CrossFilesystems true # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav DNSDatabaseInfo current.cvd.clamav.net ConnectTimeout 30 ReceiveTimeout 30 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no SafeBrowsing false Bytecode true NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 DatabaseMirror db.pt.clamav.net DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net --- data dir --- total 466524 -rw-r--r-- 1 clamav clamav 1013248 Jan 8 10:33 bytecode.cld drwxr-xr-x 2 clamav clamav 4096 Mar 5 2018 clamav-151a253ec35e356cd2aa2ba0d1625bc6.tmp drwxr-xr-x 3 clamav clamav 4096 Nov 14 2016 clamav-2566a45fd22eb7f1497f3e4323cf5c57.tmp drwxr-xr-x 2 clamav clamav 4096 Apr 4 2017 clamav-50790279dd9c53168263335f1766ee55.tmp drwxr-xr-x 3 clamav clamav 4096 Mar 6 13:01 clamav-9d718dc39c0cb8bef6f09d29d29bc78b.tmp drwxr-xr-x 3 clamav clamav 4096 Mar 6 12:38 clamav-e044f44a3b614b1011fa0c0c88f56653.tmp drwxr-xr-x 2 clamav clamav 4096 Apr 4 2017 clamav-e863db04fd33e149af758526084a54ce.tmp -rw-r--r-- 1 clamav clamav 169158656 Mar 3 20:33 daily.cld -rw-r--r-- 1 clamav clamav 307499008 Jun 12 2017 main.cld -rw------- 1 clamav clamav 192 Mar 6 13:01 mirrors.dat -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'testing'), (500, 'oldstable'), (100, 'unstable'), (100, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages clamav-freshclam depends on: ii clamav-base 0.101.1+dfsg-3 ii debconf [debconf-2.0] 1.5.70 ii dpkg 1.19.5 ii libc6 2.28-7 ii libclamav9 0.101.1+dfsg-3 ii libssl1.1 1.1.1a-1 ii logrotate 3.14.0-4 ii lsb-base 10.2018112800 ii procps 2:3.3.15-2 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 clamav-freshclam recommends no packages. Versions of packages clamav-freshclam suggests: ii apparmor 2.13.2-7 pn clamav-docs <none> -- debconf information: * clamav-freshclam/PrivateMirror: * clamav-freshclam/http_proxy: * clamav-freshclam/SafeBrowsing: false * clamav-freshclam/LogRotate: true clamav-freshclam/internet_interface: * clamav-freshclam/Bytecode: true * clamav-freshclam/NotifyClamd: true * clamav-freshclam/local_mirror: db.pt.clamav.net (Portugal) clamav-freshclam/proxy_user: * clamav-freshclam/autoupdate_freshclam: daemon * clamav-freshclam/update_interval: 24