-
Clamd high CPU usage
So this morning our server reported the message
Sep 5 05:10:36 server kernel: Out of memory: Kill process 4433 (clamd) score 43 or sacrifice child
Sep 5 05:10:36 server kernel: Killed process 4433 (clamd) total-vm:3062016kB, anon-rss:72932kB, file-rss:0kB, shmem-rss:0kB
Sep 5 05:10:36 server systemd-logind: Failed to start session scope session-133706.scope: Connection timed out (null)
Sep 5 05:10:36 server systemd-logind: Failed to start session scope session-133705.scope: Connection timed out (null)
Sep 5 05:10:36 server systemd: clamd.service: main process exited, code=killed, status=9/KILL
Sep 5 05:10:36 server systemd: Unit clamd.service entered failed state.
Sep 5 05:10:36 server systemd: clamd.service failed.
Sep 5 05:10:36 server systemd: clamd.service holdoff time over, scheduling restart.
After that it seems the clamd / clamscan services started using close to 100% CPU usage.
I checked the clamd.log and i can see this reoccurring message below.
Thu Sep 5 09:41:10 2019 -> +++ Started at Thu Sep 5 09:41:10 2019
Thu Sep 5 09:41:10 2019 -> Received 0 file descriptor(s) from systemd.
Thu Sep 5 09:41:10 2019 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Sep 5 09:41:10 2019 -> Running as user clam (UID 989, GID 988)
Thu Sep 5 09:41:10 2019 -> Log file size limited to 4294967295 bytes.
Thu Sep 5 09:41:10 2019 -> Reading databases from /var/lib/clamav
Thu Sep 5 09:41:10 2019 -> Not loading PUA signatures.
Thu Sep 5 09:41:10 2019 -> Bytecode: Security mode set to "TrustSigned".
Thu Sep 5 09:42:41 2019 -> +++ Started at Thu Sep 5 09:42:41 2019
Thu Sep 5 09:42:41 2019 -> Received 0 file descriptor(s) from systemd.
Thu Sep 5 09:42:41 2019 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Sep 5 09:42:41 2019 -> Running as user clam (UID 989, GID 988)
Thu Sep 5 09:42:41 2019 -> Log file size limited to 4294967295 bytes.
Thu Sep 5 09:42:41 2019 -> Reading databases from /var/lib/clamav
Thu Sep 5 09:42:41 2019 -> Not loading PUA signatures.
Thu Sep 5 09:42:41 2019 -> Bytecode: Security mode set to "TrustSigned".
Thu Sep 5 09:44:11 2019 -> +++ Started at Thu Sep 5 09:44:11 2019
Thu Sep 5 09:44:11 2019 -> Received 0 file descriptor(s) from systemd.
Thu Sep 5 09:44:11 2019 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Sep 5 09:44:11 2019 -> Running as user clam (UID 989, GID 988)
Thu Sep 5 09:44:11 2019 -> Log file size limited to 4294967295 bytes.
Thu Sep 5 09:44:11 2019 -> Reading databases from /var/lib/clamav
Thu Sep 5 09:44:11 2019 -> Not loading PUA signatures.
Thu Sep 5 09:44:11 2019 -> Bytecode: Security mode set to "TrustSigned".
Thu Sep 5 09:45:42 2019 -> +++ Started at Thu Sep 5 09:45:42 2019
Thu Sep 5 09:45:42 2019 -> Received 0 file descriptor(s) from systemd.
Thu Sep 5 09:45:42 2019 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Sep 5 09:45:42 2019 -> Running as user clam (UID 989, GID 988)
Thu Sep 5 09:45:42 2019 -> Log file size limited to 4294967295 bytes.
Thu Sep 5 09:45:42 2019 -> Reading databases from /var/lib/clamav
Thu Sep 5 09:45:42 2019 -> Not loading PUA signatures.
Thu Sep 5 09:45:42 2019 -> Bytecode: Security mode set to "TrustSigned".
I tried to restart clamd which just timed out.
I guessed it was a system-mysqld issue. So I triedservice system-mysqld restart
which gave me the messageFailed to restart system-mysqld.service: Unit not found.
I've been searching through the forums trying to see how I can rebuild the system-mysqld without success.
Does anyone have an idea on what the issue could be and how to resolve it? -