Hi, this is the behaviour I used to have on one of my servers! Clamd is trying to read the virus definitions from the DB and it just hangs or it is really slow. The only solutions was the update to the latest version of clamav ( of all parts - including freshclam ).
Regards, E:S -----Original Message----- From: j...@finishwork.com [mailto:j...@finishwork.com] Sent: Montag, 09. März 2009 22:46 To: toaster@shupp.org Subject: [toaster] clamd in high utilization for about 1 hour following reboot Every time I reboot clam is in high utilization for about an hour. Here is a small snipet of a strace: ns:/ # strace -p 5452 Process 5452 attached - interrupt to quit read(7, "cb54fdc:Trojan.Agent-35247\n13516"..., 4096) = 4096 read(7, "7391c2b:Trojan.Agent-35257\n28006"..., 4096) = 4096 read(7, "16a2d314dc6:Trojan.Vundo-6403\n11"..., 4096) = 4096 read(7, "5f:Adware.Agent-3449\n68096:0437d"..., 4096) = 4096 read(7, "2e8018780:Trojan.Magania-4443\n67"..., 4096) = 4096 read(7, "472\n125440:7abe0226321025895dbda"..., 4096) = 4096 read(7, "cos-12604\n211091:e660266e4412912"..., 4096) = 4096 read(7, "50a35a7423929e649101271a6a:Troja"..., 4096) = 4096 read(7, "4659c87d0729cc4507aa4c345fc:Troj"..., 4096) = 4096 read(7, "\n290816:6d4a1ebc7c7eed9c489849b9"..., 4096) = 4096 read(7, "2\n464384:d21655d746124962590b0ec"..., 4096) = 4096 read(7, "e:Trojan.Magania-4605\n1024:f9db5"..., 4096) = 4096 read(7, "0f0b9934970134eb0084af41176:Troj"..., 4096) = 4096 read(7, "B-4144\n192512:28403f313254e7d85b"..., 4096) = 4096 read(7, "acdef-352\n33280:0be40168fa78bde3"..., 4096) = 4096 read(7, "9184:f39d1461fd6623ed28356302eee"..., 4096) = 4096 read(7, "318e941e:Trojan.Hacdef-368\n31744"..., 4096) = 4096 read(7, "416\n11264:d365afc8320666a281f24c"..., 4096) = 4096 read(7, "c8336fca27a01ed0f8ed24a27:Trojan"..., 4096) = 4096 read(7, "77:Trojan.Buzus-1472\n30720:f2635"..., 4096) = 4096 read(7, "CBot-2917\n512:12c27d17596b7e6bef"..., 4096) = 4096 read(7, ":3bdad1097009cfd25aca3dc4f3e8fd4"..., 4096) = 4096 read(7, "ecaf401e130d75d44e9a11a2:Trojan."..., 4096) = 4096 brk(0x9600000) = 0x9600000 read(7, ".Downloader-48970\n28160:0674d5a6"..., 4096) = 4096 read(7, "06717:Trojan.Dropper-10715\n16896"..., 4096) = 4096 read(7, "d463d5fc45:Trojan.Downloader-490"..., 4096) = 4096 read(7, ":657a8ee9d8f20413cb3fb9b648e14fd"..., 4096) = 4096 read(7, "57e1943:Trojan.Dropper-10856\n409"..., 4096) = 4096 read(7, "3556560450b672a6954adb196b7dda:T"..., 4096) = 4096 read(7, "4\n12800:3685c692c59ca0d4a9baec16"..., 4096) = 4096 read(7, "9c9195f97edbba49389ab689e79496ea"..., 4096) = 4096 read(7, ":fb20cb4c9f3eda3361329d01f0f55d6"..., 4096) = 4096 Process 5452 detached Any ideas would be appreaciated.
