Strange Behavior with Maldet and ClamAV

Hello everyone,

I installed Maldet and ClamAV together as they make a good combination. However, after doing so, I noticed that every few minutes a command is running and consuming a significant amount of resources, approximately 2 gigabytes of RAM. Unfortunately, I’m unsure about the source of this command.

This is the command:

/usr/bin/clamscan --max-filesize=6947618 --max-scansize=13895236 -d /usr/local/maldetect/tmp/.runtime.user.2200.hdb -d /usr/local/maldetect/tmp/.runtime.user.2200.ndb /lib/clamav/ -r--infected --no-summary -f

Does anyone know what that is?

Thanks in advance!


It seems you’re seeing high resource usage from ClamAV’s scan, initiated by Maldet. This command is scanning for malware, with specific file and scan size limits to prevent overwhelming your system. However, frequent or large scans can still eat up resources.

To try to fix this:

  1. Reduce Scan Frequency: Space out the scans if they’re too frequent.
  2. Adjust Scan Limits: Tweak --max-filesize and --max-scansize to balance thoroughness with resource use.
  3. Optimize Scanning: Ensure Maldet and ClamAV are integrated correctly to avoid unnecessary resource consumption.

Consider checking scheduled tasks for any overlapping scans and exclude non-essential directories to save resources. If issues persist, exploring alternative, less resource-intensive tools or configurations might be necessary.

1 Like

Thanks for your response. I agree with you, but that’s not the issue at hand. I found it odd because I hadn’t set up any periodic scans, which piqued my curiosity about their source. However, I’ve since discovered the reason. By monitoring its behavior and examining the log files, I now understand that the clamav-daemon package wasn’t installed. This led Maldet to force clamscan to run every 120 seconds. Enabling monitoring means it will consistently check for changes every 120 seconds and load the definition database into memory, hence the high usage observed in htop. After installing the clamav-daemon package and starting it, it consistently consumes around 1.5 gigs of RAM to load the database, allowing for immediate malware checks and changes detection without the 120-second delay between scans.

1 Like

Your solution to install the clamav-daemon addresses the issue, allowing for continuous background scanning and significantly improving resource usage. Excellent!

1 Like