On 11-12-2019 11:37, G.W. Haywood via clamav-users wrote:
Hi there,
On Tue, 10 Dec 2019, Frans de Boer wrote:
On 23-11-2019 13:04, Frans de Boer wrote:
I noticed a significant degradation of the performance on my
systems, which ended when I stopped clamonacc.
As I looked further, it seems that clamonacc is constantly looping
around the same file. As far as I can tell, the last file it scanned
- but not sure about that. I can easily reproduce that by using
.bash_history.
After a command, say top, I stopped that and clamonacc keeps on
displaying 'performing scan....'.
As another process is also running and updating a file - which I
have excluded but is not (.BOINC Manager) - it displays the scanning
of that other file, and resumes by scanning .bash_history over and
over again.
This happens also with any other file.
Remedy: disable clamonacc or go back to 0.101.5.
Or don't do pointless scans. Do you really expect that some malicious
actor is going to try to subvert your bash history?! In a multi-user,
multi-tasking operating system, operating normally, there must be
thousands of examples of files and other resources which are accessed
repeatedly by the operating system and/or user processes, perhaps in
the background. If you tell clamonacc to scan them every time they're
accessed, then that's what it's going to try to do. Perhaps what you
see is not something which 0.102 does wrong, but what earlier versions
weren't doing right. I've never used clamonacc, and have no intention
of doing so, so I'm afraid I can't say.
Hm, no single reaction. Am I the only one?
If you really are the only one suffering from this issue, perhaps a
very clean install is called for. Remove all old libraries, binaries,
configuration files etc. before doing a clean install from source, and
see what happens.
- I did already (many times I may add) remove all associated files, to
no avail.
- I did excluded the whole boinc directory, but still it gets scanned by
clamonacc.
- Every 4-6 hours I scan if there are new files in various repositories
and one machine is used as a NAS, to serve all kind of devices,
including Windows systems. I have thus also the obligation to protect
those users form malware, using a online malware scanner.
The 0.101 series and before had extrascanning enabled - it worked in the
past, at some memory cost. Now, I can't even have onAccess only without
a great loss of performance . Leaving systems vulnerable.
So, yes, every time a file is accessed it should check if it is only
accessing (opening) a file, or that a write/modify is in place. In the
later case, it should scan the contents afterwards. If only opening, or
subsequent reads without prior writes, it can check the hash only. Ok,
there is a little more to it, but above is simplified.
I now can only scan twice a day: during lunch break a short scan and
after business hours, a long scan.
--- Frans.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
