ClamAV excessive CPU usage

Hi, the last couple of days I have noticed that the VPS is running at 100% CPU usage. On inspection it's because clamscan (or /usr/sbin/clamd -c /etc/clamd.d/scan.conf) is using 80% CPU.

The system is configured to use the daemon, but var/log/messages is showing clamd[17670]: daemonize() failed: Cannot allocate memory every few seconds.

Presumably, because the daemon isn't able to start, clamAV is running in scan mode rather than daemon mode, and hence the high CPU usage.

Virtual memory is at 100% and real memory is at around 40%. The process /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock ... is taking up 1.4GB of memory - is that normal??

The thing is, the VPS is new, fresh install only last week, and barely used. There are only a couple of very small sites on it which I have migrated, and they have virtually no traffic.

I do remember that just before this issue started appearing, there was an update available for clamav which I actioned.

Restarting the server brings everything back to normal - 0% CPU usage, 62% real memory, 0% virtual memory - which I did yesterday, but this morning the issue reappeared.

Any ideas?

Status: 
Active

Comments

Howdy -- thanks for contacting us!

That message usually means that ClamAV is attempting to start, but there isn't enough free RAM on the server when it tries to do so.

What is the output of these commands:

free -m
mailq | tail -1
uptime

The Fail2ban RAM usage is normal, though note that it's mostly shared RAM that it's using.

Hi, thanks for your reply, the output is as follows...

free -m
              total        used        free      shared  buff/cache   available
Mem:           1838        1399          68         300         370          20
Swap:           255         255           0
mailq | tail -1
Mail queue is empty
uptime
16:47:16 up 5 days,  1:34,  1 user,  load average: 1.63, 1.96, 2.11

I've been getting CPU warnings all weekend pretty much. Will try upgrading the RAM to 4GB tonight, see if it helps. I would have thought 2GB RAM would be plenty though.

What's strange is that when the daemon can actually start, then the CPU usage is next to zero. So why is it stopping/suddenly having issues starting?

A server with Virtualmin can definitely work with 2GB of RAM (and I have several of those myself), it all just depends on the sort of traffic it's seeing and what services are running.

You may want to review the running services, and see if there's any that could be disabled.

You could also experiment with using ClamAV in daemon mode rather than standalone mode.

Hi, I am using ClamAV in daemon mode, the issue is that it won't start for some reason, hence the error clamd[17670]: daemonize() failed: Cannot allocate memory.

As I said ...the VPS is new, fresh install only last week, and barely used. There are only a couple of very small sites on it which I have migrated, and they have virtually no traffic. So not sure why there wouldn't be any memory available. RAM is sitting at about 65% used.