Jump to content
travel_rob

Clamav Log Files-Too Big, Too Many, And Can't Remove Them

Recommended Posts

(First off, this may need to be in the Immunet forum, but I believe it is specific to ClamAV on Windows.  If it is in the wrong place, let me know and I will gladly repost in the other forum.)

 

 

Having a disk space issue with the clamav.log-date_time files when I enable ClamAV detection in Immunet 3.1.13.9671

 

Currently I see 180 log files eating up 17.5 gigs of disk space on a 30 gig disk (ouch!)

 

Even as an Administrator, I can not delete the files.

 

I haven't found settings controlling the size and number of the log files, so I am posting in this forum looking for assistance.

 

 

Thanks in advance for any ideas/guidance!

 

  • Like 3

Share this post


Link to post
Share on other sites

Hi travel_rob, you did post in the right section of the forum regarding issues with the ClamAV module. Wow! ClamAV "is eating up a lot of disk space" with the log files! Normally Immunet will "automatically" keep all the log files from getting too large.

First off, I would recommend you send a SDT report to Support before trying anything. Info on how to send a SDT report can be found here. http://forum.immunet.com/index.php?/topic/1672-how-do-i-submit-a-support-diagnostic-tool-report/

 

You may be able to delete these files manually but Immunet must first be completely disabled. The easiest way to do that is first right-click on the Immunet sys tray icon and select Hide Tray Icon from the little pop-up menu. This will kill iptray.exe. Next open a CMD command window by clicking on Start and type cmd in the search bar. This will launch a CMD command window.

 

 

Type exactly: net stop immunetprotect
Then press Enter on your keyboard.

 

Wait about 15 seconds for sfc.exe to be killed and then see if the log files can be manually deleted.
 

To restart Immunet without rebooting use this CMD command, type: net start immunetprotect

Press Enter.
 

Relaunch the GUI by clicking on the Immunet Desktop icon or the icon located in the Immunet All Programs folder.


Another option may be a complete uninstall and reinstall, as the program may have become corrupted for some reason, but wait and see what the Support folks have to say before you do anything that intensive.
 

I hope you found this info helpful.

Best wishes, Ritchie...

Share this post


Link to post
Share on other sites

Hi Ritchie.

 

Thank you for your response!

 

I found that stopping the Immunet service allowed me to delete the log files, and that the program doesn't seem to suffer from the deletions when I start it back up.

 

I am attempting to send the 7zip file to support@immunet.com, but it is about 36 megs and won't make it out via any email client I have access to.  Any thoughts on what I should do now?  Is there a site I can upload the support file to?

 

 

Thanks!

Share this post


Link to post
Share on other sites

Hello again, usually the support dump isn't so large that it can't be uploaded as an email attachment. That is kind of weird! We don't recommend you post it here at the forum as it could maybe contain sensitive or personal data you wouldn't want everyone to see. What you could do is copy it and use Lorne's Private Message feature and send it to him that way as a PM I guess.

However I'm glad you were able to delete all those log files that was hogging up so much disk space. Normally we don't like to see folks deleting these log files as they can and are used for Support, troubleshooting or debugging purposes.

 

I still think you may end up doing a clean uninstall and reinstall if the ClamAV logs become too large again because that should not happen as I mentioned before. And why is the support dump so large too? Drop Lorne a PM with the support dump and see what he has to say before you do a complete new reinstall though.

Cheers, Ritchie...

Share this post


Link to post
Share on other sites

Having the same issue starting yesterday. I have about 200 clients deployed. Yesterday at around 1400MST, the first client saw the same issue. Ran out of disc space on a brand new machine. clamav logs went nuts, growing by whatever speed the file system could process. In that case, it was a slow 5400RPM disc so it could only write around 20MBps. Logs consumed roughly 400GB of storage over the course of the day before he ran out.

Log file is full of this:

Tue Oct 25 08:53:11 2016 -> ERROR: [LibClamAV] (instance 0000000000000000, clamav context 0000000000000000, fd -1): mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

 
This is repeated about 300-800x per second.
 
Second client reported same issue this morning. Identical symptoms.

In both cases, I killed Immunet, deleted all the logs so I'd have enough space to do anything, the started Immunet back up and ran the upgrade. During upgrade (and just before I started upgrade), logs were filling up again. After upgrade and reboot, logs back to normal.
I don't suppose there's a way to force all my machines to run the update remotely is there? This is going to be a massive amount of work.
  • Like 1

Share this post


Link to post
Share on other sites

We have discovered a bug with the ClamAV module & older versions of Immunet. You did the right thing by updating to the newest version. That corrects the log file bug With ClamAV. More info here.  http://support.immunet.com/index.php?/topic/3102-immunet-and-disk-space-usage/
 

As far as a batch install for Immunet unfortunately you will have to write your own install scripts for that. BTW - If Immunet 5.0 is now used in a business environment no technical support will be provided by the Support staff. It's in the Terms of Use. 

Share this post


Link to post
Share on other sites

It is vitally important to make sure you type the command in correctly for it to work or you will get an invalid command error message. There is no comma in that command as you're showing in your thread.

It's: net stop immunetprotect   (no commas or upper case letters and don't forget the spaces between the wording, immunetprotect is one combined word with no space between)

To re-start: net start immunetprotect

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×