Clamav overloads CPU

[w2connect]

After upgrading to 2.1.7, every time I try to start clamav daemon, freezes The whole system. This has happened with 2 systems I have with a10 cpus.

To make the firewall stable I have to disable the clamav.

Any ideas?

Thx


Enviado desde mi iPhone utilizando Tapatalk

[WM54]

Hi all,

I'm struggling with a very similar behaviour of my fresh installed OPNsense 20.1.8 installed virtualized on ESXi 6.5.
Although there is a very low CPU load, the systems seems to be frozen after activating the clamAV Service. No more interaction possible - no webGUI, no ssh terminla, no reaction to local console, the only thing, the box does, is responding to the ping request, I sent to it.

The mystery started with trying to download the signatures before enabling the servie as stated in the banner abov the configuration section. This resulted in the first freeze an ended in recovering a backup configuration via local console in single user mode.
After that I tried several deinstallations and reinstallations of the clamAV Plugin, but after enabling the service it ended in a frozen system.
Lastly I gave a try to downloading the signatures manually and uploading them to /var/db/clamav/ - the sigatures were correctly recognized, but the raction to enabling the service was the same - next freeze.

The clamAV log file looks like this:

Code Select Expand

Thu Jul 16 21:22:15 2020 -> Update process terminated
Thu Jul 16 19:44:48 2020 -> --------------------------------------
Thu Jul 16 19:44:48 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Thu Jul 16 19:44:48 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Thu Jul 16 19:44:48 2020 -> daily.cvd database is up to date (version: 25875, sigs: 3437957, f-level: 63, builder: raynman)
Thu Jul 16 19:44:48 2020 -> ClamAV update process started at Thu Jul 16 19:44:48 2020
Thu Jul 16 19:44:48 2020 -> Received signal: wake up
Thu Jul 16 17:44:48 2020 -> --------------------------------------
Thu Jul 16 17:44:48 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Thu Jul 16 17:44:48 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Thu Jul 16 17:44:48 2020 -> daily.cvd database is up to date (version: 25875, sigs: 3437957, f-level: 63, builder: raynman)
Thu Jul 16 17:44:48 2020 -> ClamAV update process started at Thu Jul 16 17:44:48 2020
Thu Jul 16 17:44:48 2020 -> freshclam daemon 0.102.3 (OS: freebsd11.2, ARCH: amd64, CPU: amd64)
Thu Jul 16 17:44:47 2020 -> --------------------------------------

The termination entry in the Log is the result of switching off the system.

I have no more ideas! Is there anybody out there, who could give a OPNsense newbie (coming from several years with Astaro, Sophos UTM and OpenWRT) a hint? Any help or hint is greatly appreciated!

Many thanks in advance,
WM54

[firewall]

if you're not running a transparent proxy just disable clamav.  in the absence of that it's not doing much of anything.

[WM54]

Thank you for your response!
Well the transparent proxy is the reason why I want to use clamav.

Anyway - it sems that it was (as in most cases) a layer 8 problem! ::)
I resolved the "problem" by adding more RAM to the machine an one more CPU core.
With tat in place, it runs ...

[WM54]

After solving the freezing issue by adding more RAM, I am now stuggling with the next issue :-(
The CLAMAV service is stopping without any (for me) visible error or log entry.
The dashboard shows the stopped service - when strating it with the start button, it starts and seems to work, but next day the service is stopped again.

Does anyone have a idea how to analyze and solve this?

Many thanks in advance,
WM54