CPU peaks - ClamAV module enabled

[vawaver]

Hello, I would like to share my experience and discuss an issue I encountered with the ClamAV docker.

I noticed that when I installed the full Nextcloud AIO, including the ClamAV module, this module started performing operations every 10 minutes, causing my processor usage to spike up to around 25%, even when the server was not being actively used.

However, when I disabled this module, the problem disappeared.

To address the issue, I attempted an alternative approach. I installed ClamAV using the command sudo apt-get install clamav clamav-daemon -y. Afterwards, I activated the "Antivirus for files" application in the Nextcloud App.

With this configuration, I observed that the processor load remained constant at 1-2%, without any spikes.

Based on this, it can be assumed that enabling ClamAV as a docker container leads to these problems. Therefore, I would appreciate it if you could test and potentially optimize the ClamAV docker configuration.

Hardware - VM on Proxmox -> 8 cores + 15 GB RAM

Host OS Ubuntu server 20.04.6 LTS

Nextcloud AIO version 26.0.2

Current channel stable

[szaimen]

Hi, can you post the nextcloud logs and clamav logs from when this happens?

[vawaver]

Meanwhile, I disabled the ClamAV module. Once I turn it back on and the process begins, I will attempt to retrieve the logs. I am aware that, in Nextcloud, this can be done through the Logging tab. Unfortunately, I am unfamiliar with accessing the ClamAV logs specifically. I am not an IT professional. Could you please advise me on how to proceed?

[szaimen]

You can retreive the clamav logs eg. With sudo docker logs nextcloud-aio-clamav

[vawaver]

I am sending the latest logs. Let me know whether it is ok for you.

tony@nxtc:~$ sudo docker logs nextcloud.txt nextcloud.log

[vawaver]

Another Clamav peak - 16:40 CET

log - clamav-peak-16_40.txt

[szaimen]

The issue that is mentioned in the logs is this one: https://github.com/nextcloud/files_antivirus/issues/261. Nothing we can prevent or fix in AIO IIRC - it must be fixed in the files_antivirus app.

---

As a workaround for the problem, can you run sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set av_background_scan --value off and check if that solves the issue?

---

Also, do you have any suggestion what we can improve in our config here? https://github.com/nextcloud/all-in-one/blob/5e160b1bfe981daac446febc2f6836cabc524d96/Containers/clamav/clamav.conf#L1-L4 https://github.com/nextcloud/all-in-one/blob/5e160b1bfe981daac446febc2f6836cabc524d96/Containers/nextcloud/entrypoint.sh#L650-L651

[szaimen]

BTW, how big is this file for example? /vawaver/files/Documents/Linux/linux-doma/navody/videonavody/old_videotutorials/proxmox-seria/proxmox-02/proxmox-02.dra.zip

[vawaver]

proxmox-02.dra.zip

Filesize of the file is 89 MB. It is the Davinci Resolve video project.

[szaimen]

Then I guess it is an issue within the files_antirivus app because the config is allowing up to 100mb, see above.

Can you try thw workaeound from above?

[vawaver]

[szaimen]

Sorry please try this one:

sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set files_antivirus av_background_scan --value off

[vawaver]

Sorry please try this one:

sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set files_antivirus av_background_scan --value off

Done. Waiting for some presentable results. I will let you know.

[vawaver]

It seems that the temporary fix works for the moment. I hope ClamAV will be fixed soon.

[szaimen]

Good to hear that it solves the problem for you!