Need help with clamav/freshclam

I'm trying to set up clamsmtp as transparent proxy; however when updating the av database with freshclam my device spontaneously reboots.

My device is Netgear DGN3000;I have usb drive for swap and av database location.

freshclam seems to successfully download the file, then becomes very memory and cpu hungry; shortly afterwards the router reboots.

I have tried nice -n 10 on the freshclam process; in case it was starving the watchdog process; but to no avail.

Any ideas?

you are using clamav on your router?

trying to run it on the router, yes

google says, this device doesn't exist

I think you shouldn't run clamav on your router. there is not enough cpu power. maybe you should get something like this:

oops, that should have been DGN3500
https://wiki.openwrt.org/toh/hwdata/netgear/netgear_dgn3500

I agree it doesn't have much processing power ( only 1 x 333MHz as no SMP support ); but I don't have that much I need to scan; just dropping 1 or 2 dodgy attachments a day.
This is just for my home test setup; nothing that needs to be production worthy.

As much as making it work; I want to understand why my router reboots; I would have expected it to operate slowly; fill swap; or have the application die with some out-of-memory condition, but not the entire router die.

I think the router reboots itself to avoid any damage caused by overheating, etc.

I have looked into this page ClamAV ArchLinux and I "tried" the Testing the software section instructions, not exactly as it says, because on openwrt it works in another way. No info was logged by clamav when I accessed EICAR test file url.

I have installed the latest package as suggested on GitHub Issue.

Is ClamAV installed on LEDE OpenWRT directed and created to deal with this kind of threats? I mean: if I access a malicious URL via wireless on my smartphone in my home network for instance, should it be blocked by ClamAV?

I also installed freshclam_0.99.3-1_mips_24kc.ipk since It was available and described in the Updating database section.

Would anyone know to void freshclam to hang up? It stops after 100% download and router slows down. Web pages stops loading.

root@LEDE:~# freshclam
ClamAV update process started at Thu Mar 22 13:34:06 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.99.4
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Downloading main.cvd [100%]

@rj-45 noted this:

It clearly appears that when the process tries to use the definition update, it causes the router to run out of resources.

Yes, run freshclam on a system with more CPU and memory resources.

1 Like

I seen your point. It seens that my CPU, FLA, RAM are also bottlenecks, of course. Just compared a ClearFog with my TP-LINK

I have stopped some other processes and reached this situation where memory usage just keeps going up but there are no reboot, page load stop or slow down.

Capturar3

This is likely because you have stopped a process that does 'watchdog-ing' of some sort...

Your device will eventually crash/lock-up when it runs out or resources to handle the data-in-memory...the LuCI web GUI will likely be its first victim. If you don't have local access to physically reset the device when this happens, I wouldn't advise running your router in such an unstable configuration.

There are routers designed to do application processing as well (@rj-45 showed you one such Firewall Appliance), you may want one of those if you plan to do inspection and scanning with you device. An old PC with LEDE and a Gigabit Ethernet card installed can also work; but probably uses more electricity.

Consider marking this thread as "SOLVED."