The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED clamscan High CPU Usage

Discussion in 'General Discussion' started by osirion, Feb 19, 2016.

Tags:
  1. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    Hey guys,
    I have an issue where clamscan is using a bunch of CPU most of the day, eg:
    13487 root 30 10 422m 333m 8640 D 78.2 8.7 2:15.63 clamscan


    Checking out: vim /etc/cron.daily/manual_clamscan shows >
    for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

    (which is the same as the recommended: Configure ClamAV Scanner - Documentation - cPanel Documentation)
    for i in`awk'!/nobody/{print $2 | "sort | uniq" }'/etc/userdomains| sort| uniq`; do/usr/local/cpanel/3rdparty/bin/clamscan-i -r /home/$i 2>>/dev/null; done>> /root/infections&


    Also, checked exim advanced editer and av_scanner is set to clamd:/var/clamd


    I do the check to see if clamd is installed:
    # whereis clamd
    clamd:

    So:
    1) To my understanding, clamd isnt even installed though clamav is?
    2) How do I change from clamav/clamscan to clamd so that I lower my CPU usage?

    Thanks in advance :)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    31,814
    Likes Received:
    777
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Per our documentation, if you use scripts that expect ClamAV binaries in the /usr/local/bin directory, create symbolic links with the following commands:

    Code:
    ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
    ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam
    The "clamd" binary is located at:

    /usr/local/cpanel/3rdparty/bin/clamd

    To lower CPU usage, I suggest simply disabling the "clamscan" cron job you have configured.

    Thank you.
     
  3. osirion

    osirion Active Member

    Joined:
    Jan 16, 2007
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    3
    Thanks cPanelMichael.
    I am not looking to disable the clamscan cronjob because this is what scans my server daily for viruses and I dont want to leave my server at risk.

    How do I change from 'clamscan' (which loads the 'virus db' each time) to 'clamd' which loads it once and hence lowers CPU/memory usage?
     
  4. syslint

    syslint Well-Known Member

    Joined:
    Oct 9, 2006
    Messages:
    252
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    clamd is a daemon and clamscan is a command line tool.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    31,814
    Likes Received:
    777
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I believe you may have misinterpreted some documentation. These are not two separate applications, but rather "clamscan" is part of ClamAV, as mentioned in the previous post.

    Thank you.
     
  6. TechWS

    TechWS Registered

    Joined:
    Dec 18, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    But the problem the OP was confronted with was not answered. I'm having the same problem. I followed the documentation on enabling Clam AV and setup a Cron job for 1am in the morning. It ran and immediately took up all of the system resources. Our site monitoring was showing sites down but I figured I would let it run and get the scan done. I awoke to the system still scanning and sites sporadically responding. I killed the scan but now need to figure out how to scan the whole system without putting sites at risk
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    31,814
    Likes Received:
    777
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. TechWS

    TechWS Registered

    Joined:
    Dec 18, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    8069233
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    31,814
    Likes Received:
    777
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, it looks like the support ticket was closed due to unsuccessful attempts to access the server. Feel free to reply to the support ticket if you'd like to open it back up so we can proceed to investigate further.

    Thank you.
     
Loading...

Share This Page