Bosh

 View Only

 Has anyone seen issues with file descriptor leaks using ClamAV add-on 1.4.5 (clam 0.99.4)

Kirk Dahl's profile image
Kirk Dahl posted Jun 19, 2018 12:53 AM

We have seen this in our dev and prod environments. the deleted files are in /var/vcap/data/tmp/ as clamav-xxxxx folders that are created/deleted quite frequently. 

 

Interestingly, in our Dev environment of 2 cloud controllers - only 1 is affected.

In our prod environment, both cloud controllers are affected.

 

We have attempted to update virus db files (using pivotal mirrors) and restarting the clamd and freshclam processes. Verified *.conf and database files are similar versions.

Daniel Mikusa's profile image
Daniel Mikusa

This sounds like a bug. My suggestion would be to create a support ticket. On that include the diagnostic report from your Ops Manager, the full output from `lsof` when the problem is happening and include the output of `ps aux` so we can see what's running and burning the CPU.

Kirk Dahl's profile image
Kirk Dahl

The CPU would run about 60% (2 cpu machine) so an entire cpu was consumed. Also "lsof | grep delete" would show ghost files deleted and consuming disk space.

 

So far, work around has been to delete the virus definition files (*.cvd) in /var/vcap/data/clamav and allow freshclam to pull new ones down and restart clamd (monit restart clamd)