# [solved] freshclam hangs using max cpu time on one core

## Vrenn

Dear Gentoo - experts

I don't know if it was the gcc-upgrade to 8.2.0-r6 p1.7 but since some short time ago the freshclam process is stressing one core as long as it runs.

Reproduceabe always by systemctl start clamav-freshclam or manually starting freshclam (at the end, after some minutes used, control-c) 

```
# freshclam 

ClamAV update process started at Wed Mar  6 15:12:26 2019

main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

Downloading daily-25380.cdiff [100%]

:q

^CUpdate process terminated

 ~ # freshclam 

ClamAV update process started at Wed Mar  6 15:22:15 2019

main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

Downloading daily-25380.cdiff [100%]

^CUpdate process terminated

 ~ # freshclam 

ClamAV update process started at Wed Mar  6 15:22:26 2019

main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

Downloading daily-25380.cdiff [100%]

^CUpdate process terminated

```

It does download the update but then somehow hangs?

Seems it did not finish the daily-25380 at all.

Tested clamav 0.101.0 & 0.101.1

Used useflags for clamav: app-antivirus/clamav-0.101.0::gentoo [0.101.1::gentoo] USE="bzip2 iconv ipv6 xml -clamdtop -doc -libressl -metadata-analysis-api -milter (-selinux) -static-libs -test (-uclibc)"

Thank you for any idea.

----------

## Vrenn

Perhaps I found it, but not in this forum or anywhere else so I let this post stand for someone else give it a try.

As freshclam hangs up on updating the daily signatures as a diff, the diff-routine, or the database itself might be damaged.

So I searched for a way to reset the whole clamav-database, but no luck.

Fustrated and unwilling to wait lead to following:

1) stop the demons (clamd or frechclam, with systemd: systemctl stop clamav-daemon && systemctl stop clamav-freshclam)

2) mv  /var/lib/clamav/ to somewhere lese

3) emerge clamav again

4) run freshclam manually to download and fill /var/lib/clamav/ signatures new

Now freshclam downloaded main, daily and bytecode, and can be rerun telling me databases are up to date. I hope this was it and a new daily doesn't start the cpu-eater again.

----------

## Moriah

I have the same problem here.  I thought about a re-install, but then I decided to search this forum first.

Did the re-install fix your problem?  I suspect yes, since its been several days since you posted.  Please let us know.

----------

## Vrenn

Several days after yes, no cpu-eating freshclam appeared.

A "systemctl stop clamav-freshclam && freshclam" tells me the signatures are up to date.

I believe a database-refresh would be sufficient, but as I don't know what file to exactly clean, I moved/deleted the whole directory with a save re-emerge.

Don't be surprised that the systemd (or openrc?) initscripts don't work after that, they demand a manual "freshclam" execution first. (as I remember, and they will tell you in console)

----------

## Apheus

I straced it, and it actually does something:

```
7200  brk(0x5569de121000)               = 0x5569de121000

7200  read(5, "\257Na\337;\224\353\251\v\233\231\2l\271J\231m\7\371y\217,\25\254m\335\346^z7\366\363"..., 8192) = 8192

7200  read(5, "\23\237jG\216\4\303\321\202\3076\317\252\3739\353\311\31\341\312\236d\247\306@\225\232\7\30\260W\223"..., 8192) = 8192

7200  brk(0x5569de142000)               = 0x5569de142000

7200  read(5, "\242\230\27[.\270xj\237\271\311\321\333\36\347h\n\202\363\332Z7{Ii?\226\302\24\202}]"..., 8192) = 8192

7200  read(5, "\347\4w5\t\302;\354\351\266@o\236\342-\31D\360\340\315V\244#o\3626\5\330\325[\226\366"..., 8192) = 8192

7200  brk(0x5569de163000)               = 0x5569de163000

7200  read(5, "Uf8STu\370\236\262\276\217\260\244,\200\273bx)\265\\\214\347T\224\25\270\360\272lm\321"..., 8192) = 8192

7200  read(5, "\234@\272:\317\225\270\5\346\2117\2371)W\235V\226\235\243w\37\371JF%0\254\232\201=;"..., 8192) = 8192

7200  read(5, "`\3GM?\217>\202x\215\36\223\261\304\274w\277r(H\326\320u:\21.\3*\217\22\21\244"..., 8192) = 8192

7200  brk(0x5569de184000)               = 0x5569de184000

7200  read(5, "p\373K\211\225\354Q\213\353\303\357\260\6\252]Iyq\264v\257wX\7\343}+\310\314\2602^"..., 8192) = 8192

7200  read(5, "\361el{\212+\30y\201T;\"\322\234k\355\217\34\242@\320=\253\270\256\366.\353~n%\10"..., 8192) = 8192

7200  brk(0x5569de1a5000)               = 0x5569de1a5000

7200  read(5, "\1\36:\307)Y\231\372\310\363\331T\220\303'.\255E\325\212\370\20!\r\230\262\352h\370\2658\201"..., 8192) = 8192

7200  read(5, "\375\316GA\237\33\376\276\271\213\304\0\2736E\32\265%\337\363\263R$!\210\240\257\235:bf\367"..., 8192) = 8192

7200  read(5, "\326u\365D\253q=\257\247\234\24\"l\21\t-\332\3\317\213\220\301\312\336\33\221\346T\367>u\30"..., 8192) = 8192

7200  brk(0x5569de1c6000)               = 0x5569de1c6000

7200  read(5, "\375\320V\211@6\307\360\332c\272\345\371\334\254\224\30\224\257\220R\241\247\205\177\315\32KI@\326\315"..., 8192) = 8192

7200  read(5, "`z\232f\257]HL\374L\33\10\2438Gr5\361\230\2752>\10n\325\34<t\231C\346}"..., 8192) = 8192

7200  brk(0x5569de1e7000)               = 0x5569de1e7000

7200  read(5, "\243]\2670H\37\233\332\r\301huy)j\255X\17\34\343F\200\367P\20\37\366\322\346\375\234l"..., 8192) = 8192

7200  read(5, "q\301\0m\226\2433+\22o|~^\27Ah\364}\261n\316\332|?\367\224\213\20\314l\367\215"..., 8192) = 8192

7200  read(5, "\265\267\242i=z\237i\201\322U\337;h\263\256\327\205b\206\320\v\245\265d]*\253\307\210mF"..., 8192) = 8192

7200  brk(0x5569de208000)               = 0x5569de208000

7200  read(5, "[A\227\177\326,8!\204\356\262\220\346\332\343\267wGXV\241ts\33\356\220'^\323\235\240\263"..., 8192) = 8192

7200  read(5, "\244\21\257Ex\321\374\251\370g\24\234\253\273;\205\255\254\366\343\203e\",\332\227\257-[\247\362<"..., 8192) = 8192

7200  brk(0x5569de229000)               = 0x5569de229000

```

Stuff like this repeats over and over again. And awfully slow.

Update:

After 35 min, it finished and returned:

```
7200  close(5)                          = 0

7200  getdents(4, /* 0 entries */, 32768) = 0

7200  close(4)                          = 0

7200  stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=2350, ...}) = 0

7200  write(3, "Database updated (6077588 signat"..., 83) = 83

7200  write(1, "Database updated (6077588 signat"..., 83) = 83

7200  openat(AT_FDCWD, "/etc/clamd.conf", O_RDONLY) = 4

7200  fstat(4, {st_mode=S_IFREG|0644, st_size=23647, ...}) = 0

7200  read(4, "##\n## Example config file for th"..., 4096) = 4096

7200  read(4, "will timeout after this time (se"..., 4096) = 4096

7200  read(4, "intend to handle \"*.Heuristics.*"..., 4096) = 4096

7200  read(4, "many emails.\n# You will need to "..., 4096) = 4096

7200  read(4, "\n# Default: 5M\n#MaxScriptNormali"..., 4096) = 4096

7200  read(4, "nder\n# root with be able to acce"..., 4096) = 3167

7200  read(4, "", 4096)                 = 0

7200  close(4)                          = 0

7200  socket(AF_UNIX, SOCK_STREAM, 0)   = 4

7200  connect(4, {sa_family=AF_UNIX, sun_path="/var/run/clamav/clamd.sock"}, 110) = -1 ENOENT (No such file or directory)

7200  stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=2433, ...}) = 0

7200  write(3, "WARNING: Clamd was NOT notified:"..., 118) = 118

7200  write(2, "WARNING: Clamd was NOT notified:"..., 118) = 118

7200  close(4)                          = 0

7200  alarm(0)                          = 0

7200  exit_group(0)                     = ?

7200  +++ exited with 0 +++

```

----------

