Jump to content


Photo

Clamav Log Files-Too Big, Too Many, And Can't Remove Them

logs clamav

  • Please log in to reply
8 replies to this topic

#1 travel_rob

travel_rob

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 20 February 2015 - 05:36 PM

(First off, this may need to be in the Immunet forum, but I believe it is specific to ClamAV on Windows.  If it is in the wrong place, let me know and I will gladly repost in the other forum.)

 

 

Having a disk space issue with the clamav.log-date_time files when I enable ClamAV detection in Immunet 3.1.13.9671

 

Currently I see 180 log files eating up 17.5 gigs of disk space on a 30 gig disk (ouch!)

 

Even as an Administrator, I can not delete the files.

 

I haven't found settings controlling the size and number of the log files, so I am posting in this forum looking for assistance.

 

 

Thanks in advance for any ideas/guidance!

 


  • LeroyAledy, Hectorcof and Robertacarl like this

#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,824 posts
  • LocationOil City, Pa. U.S.A.

Posted 21 February 2015 - 08:42 AM

Hi travel_rob, you did post in the right section of the forum regarding issues with the ClamAV module. Wow! ClamAV "is eating up a lot of disk space" with the log files! Normally Immunet will "automatically" keep all the log files from getting too large.

First off, I would recommend you send a SDT report to Support before trying anything. Info on how to send a SDT report can be found here. http://forum.immunet...ic-tool-report/

 

You may be able to delete these files manually but Immunet must first be completely disabled. The easiest way to do that is first right-click on the Immunet sys tray icon and select Hide Tray Icon from the little pop-up menu. This will kill iptray.exe. Next open a CMD command window by clicking on Start and type cmd in the search bar. This will launch a CMD command window.

 

 

Type exactly: net stop immunetprotect
Then press Enter on your keyboard.

 

Wait about 15 seconds for sfc.exe to be killed and then see if the log files can be manually deleted.
 

To restart Immunet without rebooting use this CMD command, type: net start immunetprotect

Press Enter.
 

Relaunch the GUI by clicking on the Immunet Desktop icon or the icon located in the Immunet All Programs folder.


Another option may be a complete uninstall and reinstall, as the program may have become corrupted for some reason, but wait and see what the Support folks have to say before you do anything that intensive.
 

I hope you found this info helpful.

Best wishes, Ritchie...


* Immunet Global Forum Moderator *


#3 travel_rob

travel_rob

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 23 February 2015 - 02:43 PM

Hi Ritchie.

 

Thank you for your response!

 

I found that stopping the Immunet service allowed me to delete the log files, and that the program doesn't seem to suffer from the deletions when I start it back up.

 

I am attempting to send the 7zip file to support@immunet.com, but it is about 36 megs and won't make it out via any email client I have access to.  Any thoughts on what I should do now?  Is there a site I can upload the support file to?

 

 

Thanks!



#4 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,824 posts
  • LocationOil City, Pa. U.S.A.

Posted 25 February 2015 - 10:07 AM

Hello again, usually the support dump isn't so large that it can't be uploaded as an email attachment. That is kind of weird! We don't recommend you post it here at the forum as it could maybe contain sensitive or personal data you wouldn't want everyone to see. What you could do is copy it and use Lorne's Private Message feature and send it to him that way as a PM I guess.

However I'm glad you were able to delete all those log files that was hogging up so much disk space. Normally we don't like to see folks deleting these log files as they can and are used for Support, troubleshooting or debugging purposes.

 

I still think you may end up doing a clean uninstall and reinstall if the ClamAV logs become too large again because that should not happen as I mentioned before. And why is the support dump so large too? Drop Lorne a PM with the support dump and see what he has to say before you do a complete new reinstall though.

Cheers, Ritchie...


* Immunet Global Forum Moderator *


#5 blistovmhz

blistovmhz

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 25 October 2016 - 03:42 PM

Having the same issue starting yesterday. I have about 200 clients deployed. Yesterday at around 1400MST, the first client saw the same issue. Ran out of disc space on a brand new machine. clamav logs went nuts, growing by whatever speed the file system could process. In that case, it was a slow 5400RPM disc so it could only write around 20MBps. Logs consumed roughly 400GB of storage over the course of the day before he ran out.

Log file is full of this:

Tue Oct 25 08:53:11 2016 -> ERROR: [LibClamAV] (instance 0000000000000000, clamav context 0000000000000000, fd -1): mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

 
This is repeated about 300-800x per second.
 
Second client reported same issue this morning. Identical symptoms.

In both cases, I killed Immunet, deleted all the logs so I'd have enough space to do anything, the started Immunet back up and ran the upgrade. During upgrade (and just before I started upgrade), logs were filling up again. After upgrade and reboot, logs back to normal.
I don't suppose there's a way to force all my machines to run the update remotely is there? This is going to be a massive amount of work.

  • abhego likes this

#6 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,824 posts
  • LocationOil City, Pa. U.S.A.

Posted 29 October 2016 - 01:28 AM

We have discovered a bug with the ClamAV module & older versions of Immunet. You did the right thing by updating to the newest version. That corrects the log file bug With ClamAV. More info here.  http://support.immun...sk-space-usage/
 

As far as a batch install for Immunet unfortunately you will have to write your own install scripts for that. BTW - If Immunet 5.0 is now used in a business environment no technical support will be provided by the Support staff. It's in the Terms of Use. 


* Immunet Global Forum Moderator *


#7 Achille

Achille

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 30 November 2016 - 08:06 PM

Hello,

 

I right-click on the Immunet sys tray icon and select Hide Tray Icon from the little pop-up menu and then typed 'net stop immunetprotect in the CMD. Received an error back: unvalid service name. Type help pmsg for more help.

 

Could you help me further?

 

Regards

Achille

 

 



#8 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,824 posts
  • LocationOil City, Pa. U.S.A.

Posted 01 December 2016 - 05:47 AM

It is vitally important to make sure you type the command in correctly for it to work or you will get an invalid command error message. There is no comma in that command as you're showing in your thread.

It's: net stop immunetprotect   (no commas or upper case letters and don't forget the spaces between the wording, immunetprotect is one combined word with no space between)

To re-start: net start immunetprotect


* Immunet Global Forum Moderator *


#9 Achille

Achille

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 01 December 2016 - 07:55 PM

Thanks. I used the taks mgr instead of the CMD (serice was name Immunet 5.0.2) and then I was able to the delete the log files. Problem solved.







Also tagged with one or more of these keywords: logs, clamav

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users