[Pkg-clamav-devel] Bug#975401: clamav-daemon: clamd uses large amounts of memory
Stephen Kitt
skitt at debian.org
Sat Nov 21 17:06:30 GMT 2020
Package: clamav-daemon
Version: 0.102.4+dfsg-0+deb10u1
Severity: normal
Dear Maintainer,
I noticed that clamd now uses large amounts of memory:
clamav 1006 1.9 3.6 1405692 1186776 ? Ssl 17:53 0:12 /usr/sbin/clamd --foreground=true
I don’t remember it doing so until the last few weeks. Restarting it
or even rebooting doesn’t fix things.
What can I do to help investigate the causes?
Regards,
Stephen
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory = "/tmp"
DatabaseDirectory = "/var/lib/clamav/"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "10485760"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "12"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer = "localhost"
HTTPProxyPort = "3128"
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.102.4
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav/
daily.cld: version 25995, sigs: 4347666, built on Sat Nov 21 14:16:39 2020
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
Total number of signatures: 8912662
Platform information
--------------------
uname: Linux 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 10 (buster)
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a2173730800000000080300
Build information
-----------------
GNU C: 8.3.0 (8.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-sSz0eR/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 115, dconf: 115
--- data dir ---
total 644024
-rw-r--r-- 1 clamav clamav 1458176 Sep 19 2019 bytecode.cld
-rw-r--r-- 1 clamav clamav 115496 Aug 13 2004 clamav-9cf5c5af91bef25a
-rw-r--r-- 1 clamav clamav 114048 Aug 5 2004 clamav-9d39da1493642b84
-rw-r--r-- 1 clamav clamav 111152 Aug 4 2004 clamav-9e8ac33e38b57818
drwxr-xr-x 2 clamav clamav 4096 Jun 21 2015 clamav-a0cf74401e8333c5fc885b9fc30365b8.tmp
-rw-r--r-- 1 root root 66 May 10 2004 clamav-daemon.md5sum
-rw-r--r-- 1 root root 48 Oct 4 2003 clamav-freshclam.debconf
-rw-r--r-- 1 clamav clamav 350221824 Nov 21 15:43 daily.cld
drwxr-xr-x 2 clamav clamav 4096 May 19 2008 daily.inc
-rw-r--r-- 1 root root 66 May 10 2004 etc.clamav.conf.md5sum
-rw-r--r-- 1 root root 33 Sep 6 2004 etc.freshclam.conf.md5sum
-rw-r--r-- 1 uml-net iocard 4029 Jun 21 2003 ff6d47135e931668
-rw-r--r-- 1 clamav clamav 307403264 Nov 25 2019 main.cld
drwxr-xr-x 2 clamav clamav 4096 May 19 2008 main.inc
-rw-r--r-- 1 root root 86 Jul 3 2003 mirrors.txt.OLD
-- System Information:
Debian Release: 10.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 4.19.0-12-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages clamav-daemon depends on:
ii adduser 3.118
ii clamav-base 0.102.4+dfsg-0+deb10u1
ii clamav-freshclam [clamav-data] 0.102.4+dfsg-0+deb10u1
ii debconf [debconf-2.0] 1.5.71
ii dpkg 1.19.7
ii libc6 2.28-10
ii libclamav9 0.102.4+dfsg-0+deb10u1
ii libcurl4 7.64.0-4+deb10u1
ii libncurses6 6.1+20181013-2+deb10u2
ii libssl1.1 1.1.1d-0+deb10u3
ii libsystemd0 241-7~deb10u4
ii libtinfo6 6.1+20181013-2+deb10u2
ii lsb-base 10.2019051400
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 0.102.4+dfsg-0+deb10u1
Versions of packages clamav-daemon suggests:
pn apparmor <none>
pn clamav-docs <none>
pn daemon <none>
pn libclamunrar <none>
-- Configuration Files:
/etc/logcheck/ignore.d.paranoid/clamav-daemon [Errno 13] Permission denied: '/etc/logcheck/ignore.d.paranoid/clamav-daemon'
/etc/logcheck/ignore.d.server/clamav-daemon [Errno 13] Permission denied: '/etc/logcheck/ignore.d.server/clamav-daemon'
-- debconf information:
clamav-daemon/LocalSocketMode: 666
clamav-daemon/ReadTimeout: 180
clamav-daemon/MaxHTMLNormalize: 10M
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/StreamMaxLength: 10
clamav-daemon/ScanMail: true
clamav-daemon/LogRotate: true
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/StatsPEDisabled: true
clamav-daemon/TCPSocket: 3310
clamav-daemon/User: clamav
clamav-daemon/ForceToDisk: false
clamav-daemon/OnAccessMaxFileSize: 5M
clamav-daemon/MaxThreads: 12
clamav-daemon/FixStaleSocket: true
clamav-daemon/ScanOnAccess: false
clamav-daemon/ScanSWF: true
clamav-daemon/FollowFileSymlinks: false
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/AllowAllMatchScan: true
clamav-daemon/LogSyslog: false
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/SelfCheck: 3600
clamav-daemon/StatsHostID: auto
clamav-daemon/LogFile: /var/log/clamav/clamav.log
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/MaxDirectoryRecursion: 15
clamav-daemon/ScanArchive: true
clamav-daemon/LocalSocketGroup: clamav
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
clamav-daemon/StatsEnabled: false
clamav-daemon/LogTime: true
clamav-daemon/StatsTimeout: 10
clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/debconf: true
clamav-daemon/AddGroups: amavis
clamav-daemon/DisableCertCheck: false
clamav-daemon/Bytecode: true
clamav-daemon/BytecodeSecurity: TrustSigned
clamav-daemon/TCPAddr: any
clamav-daemon/TcpOrLocal: UNIX
clamav-daemon/MaxConnectionQueueLength: 15
More information about the Pkg-clamav-devel
mailing list