NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
JohnT123456
Mar 19, 2019Aspirant
System volume root's usage is 90% RN102
Please can someone help, I am a total novice with these things. I have read some of the post about the same issue, it talks of SSH mumbo jumbo...lol. I have switched SSH on in the admin GUI so shoul...
- Mar 19, 2019
Be careful here, as there are support implications in trying to fix this yourself. Typing the wrong thing can do damage, and require you to do a factory default to recover. So I recommend backing up the NAS first. https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
You first disable the AntiVirus service - which it sounds like you have already done.
The second step is to enable SSH in the NAS web ui in system->settings. If your password is still set to password, you also need to change it to something else.
Now you need a program to connect to the NAS using SSH. Windows 10 has a program built in (called ssh). So do Macs (terminal). For other windows versions you need to install putty from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html (and you can also use putty on Windows 10 if you like).
Then you use that program to connect to the NAS:
- ssh root@nas-ip-address on Windows 10 (entered on the Windows 10 search bar)
- launch terminal, enter ssh root@nas-ip-address on the mac
- launch putty, make sure ssh is selected as the connection type. Enter the nas-ip-address and click open. Enter root as the username.
Use the real NAS IP address of course. It's important to log in as root. Don't log in as admin. When you see the password prompt, enter the NAS admin password (root and admin use the same password).
If you have trouble launching one of these programs, then you can post back (or just google for more info).
Be careful on the typing of the commands below. Be sure to use the correct slash direction, etc.
After you are logged in, you enter
cd /var/lib/clamav ls -lsh
You should now see a folder listing, with some folders that look like clamav-<very long string>.tmp
If you don't see these tmp folders, then post back and tell us what you do see.
If you do see these tmp folders, then you remove them by entering
rm -r clamav-*.tmp ls -lsh
You should now see a second folder listing, and those tmp folders should be gone.
asimb has posted a screen shot illustrating these commands: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/System-volume-root-s-usage-is-xx-This-condition-should-not-occur/m-p/1722860#M178464
I'm taking the liberty of re-posting that screen shot here.
I recommend leaving the AntiVirus service off - at least for now.
StephenB
Mar 19, 2019Guru - Experienced User
Be careful here, as there are support implications in trying to fix this yourself. Typing the wrong thing can do damage, and require you to do a factory default to recover. So I recommend backing up the NAS first. https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
You first disable the AntiVirus service - which it sounds like you have already done.
The second step is to enable SSH in the NAS web ui in system->settings. If your password is still set to password, you also need to change it to something else.
Now you need a program to connect to the NAS using SSH. Windows 10 has a program built in (called ssh). So do Macs (terminal). For other windows versions you need to install putty from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html (and you can also use putty on Windows 10 if you like).
Then you use that program to connect to the NAS:
- ssh root@nas-ip-address on Windows 10 (entered on the Windows 10 search bar)
- launch terminal, enter ssh root@nas-ip-address on the mac
- launch putty, make sure ssh is selected as the connection type. Enter the nas-ip-address and click open. Enter root as the username.
Use the real NAS IP address of course. It's important to log in as root. Don't log in as admin. When you see the password prompt, enter the NAS admin password (root and admin use the same password).
If you have trouble launching one of these programs, then you can post back (or just google for more info).
Be careful on the typing of the commands below. Be sure to use the correct slash direction, etc.
After you are logged in, you enter
cd /var/lib/clamav ls -lsh
You should now see a folder listing, with some folders that look like clamav-<very long string>.tmp
If you don't see these tmp folders, then post back and tell us what you do see.
If you do see these tmp folders, then you remove them by entering
rm -r clamav-*.tmp ls -lsh
You should now see a second folder listing, and those tmp folders should be gone.
asimb has posted a screen shot illustrating these commands: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/System-volume-root-s-usage-is-xx-This-condition-should-not-occur/m-p/1722860#M178464
I'm taking the liberty of re-posting that screen shot here.
I recommend leaving the AntiVirus service off - at least for now.
- Jos011157Mar 21, 2019Aspirant
Thanks, this helped and the files are gone.
Hopefully message stays out.
When / How will we be informed that antivirus can be switched on again?
Regards
Jos
- HockeyNomad1Mar 21, 2019Aspirant
Great Topic started getting the same errors a couple days ago.
RN104 with 4 x 4TB WD Red on 6.9.5.
I found the same issue, clamav folder was filling up. I noticed a couple weeks ago that the AV indicator in the web gui had turned yellow, and a few days ago received the "System volume root's usage is 82%. This Should not occur under normal conditions. Contact Technical Support" message from my NAS RN104, this has been working perfectly since new.
root@ReadyNAS:/var/lib# du -d1 -h 40K ./connman 4.0K ./snmp 4.0K ./dbus 8.0K ./mdadm 4.0K ./nut 12K ./apache2 30M ./mysql 4.0K ./insserv 120K ./ucf 4.0K ./libuuid 2.6G ./clamav 32K ./php5 13M ./dpkg 2.6M ./samba 72M ./apt 4.0K ./update-rc.d 8.0K ./vim 4.0K ./replisync 28K ./pam 4.0K ./misc 8.0K ./sudo 136K ./systemd 4.0K ./urandom 16K ./nfs 4.0K ./initscripts 2.7G . root@ReadyNAS:/var/lib# cd /var/lib/clamav/ root@ReadyNAS:/var/lib/clamav# ls -lhS total 276M -rw-r--r-- 1 root root 162M Mar 6 04:14 daily.cld -rw-r--r-- 1 root root 113M Oct 9 2017 main.cvd -rw-r--r-- 1 root root 990K Jan 2 17:21 bytecode.cld drwxr-xr-x 3 root root 4.0K Mar 12 04:18 clamav-1052674f670d6fa214f5d8723b001e10.tmp drwxr-xr-x 3 root root 4.0K Mar 17 13:22 clamav-12c4946d6d4083884efc403bb8b31b15.tmp drwxr-xr-x 3 root root 4.0K Mar 19 13:23 clamav-30c842f8c25ec16062fb0b6ab310b83d.tmp drwxr-xr-x 3 root root 4.0K Mar 11 04:17 clamav-381bb4ee2680af85d7b6a0312043aff8.tmp drwxr-xr-x 3 root root 4.0K Mar 7 04:14 clamav-3b65e5839c926ce2d5b94f6533d2a416.tmp drwxr-xr-x 3 root root 4.0K Mar 9 04:15 clamav-4bf40655f003ddd7324deceb0e68f929.tmp drwxr-xr-x 3 root root 4.0K Mar 12 13:26 clamav-60161bf85190b4b62e96e7c28aa0d5fd.tmp drwxr-xr-x 3 root root 4.0K Mar 8 04:15 clamav-622892ca4baa94df9e6b4c5e6635ecea.tmp drwxr-xr-x 3 root root 4.0K Mar 13 13:27 clamav-6b4e0c8587bdc08fee089fb74b67c604.tmp drwxr-xr-x 3 root root 4.0K Mar 18 13:22 clamav-8f9e7433684605db15a69dd76769f85b.tmp drwxr-xr-x 3 root root 4.0K Mar 15 13:21 clamav-9dc4d920abae9ed1649e0370c8e823cd.tmp drwxr-xr-x 3 root root 4.0K Mar 14 13:21 clamav-a5c4514b24634f7e4ea9fbbfd20cda1e.tmp drwxr-xr-x 3 root root 4.0K Mar 10 04:16 clamav-df569d3b49c09f275d74b7fd9e44b9a8.tmp drwxr-xr-x 3 root root 4.0K Mar 16 13:22 clamav-f8970b2254f8259e1a5d0e67140b8466.tmp -rw------- 1 root root 1.4K Mar 19 13:23 mirrors.dat -rw-r--r-- 1 root root 48 Mar 6 04:16 antivir.ini root@ReadyNAS:/var/lib/clamav# du -d1 -h 166M ./clamav-df569d3b49c09f275d74b7fd9e44b9a8.tmp 166M ./clamav-12c4946d6d4083884efc403bb8b31b15.tmp 166M ./clamav-4bf40655f003ddd7324deceb0e68f929.tmp 166M ./clamav-3b65e5839c926ce2d5b94f6533d2a416.tmp 166M ./clamav-f8970b2254f8259e1a5d0e67140b8466.tmp 166M ./clamav-622892ca4baa94df9e6b4c5e6635ecea.tmp 166M ./clamav-9dc4d920abae9ed1649e0370c8e823cd.tmp 166M ./clamav-381bb4ee2680af85d7b6a0312043aff8.tmp 166M ./clamav-30c842f8c25ec16062fb0b6ab310b83d.tmp 166M ./clamav-6b4e0c8587bdc08fee089fb74b67c604.tmp 166M ./clamav-1052674f670d6fa214f5d8723b001e10.tmp 166M ./clamav-60161bf85190b4b62e96e7c28aa0d5fd.tmp 166M ./clamav-8f9e7433684605db15a69dd76769f85b.tmp 166M ./clamav-a5c4514b24634f7e4ea9fbbfd20cda1e.tmp 2.6G . root@ReadyNAS:/var/lib/clamav# rm -r clamav-*.tmp root@ReadyNAS:/var/lib/clamav# ls -lhS total 276M -rw-r--r-- 1 root root 162M Mar 6 04:14 daily.cld -rw-r--r-- 1 root root 113M Oct 9 2017 main.cvd -rw-r--r-- 1 root root 990K Jan 2 17:21 bytecode.cld -rw------- 1 root root 1.4K Mar 19 13:23 mirrors.dat -rw-r--r-- 1 root root 48 Mar 6 04:16 antivir.ini root@ReadyNAS:/var/lib/clamav# cd / root@ReadyNAS:/# du -d1 -h 4.0K ./dev 365M ./usr 16M ./opt 11M ./etc 620M ./var 21M ./apps 30M ./frontview 4.0K ./boot 0 ./sys 28M ./run 32K ./media 28M ./lib 4.0K ./srv 52K ./root 0 ./proc 16K ./lost+found 10M ./sbin 6.0M ./bin 27M ./home 28K ./tmp 1.6T ./data 4.0K ./selinux 1.6T . root@ReadyNAS:/#
So Looks like we need an update sharpish I have now disabled the AV although it still seems to be trying to update as the filesystem grew again overnight. so i will now remove the .tmp files as the 14 .tmp files are eating 2.3G on their own.
but thanks to this thread I'm working correctly although with clamav disabled. and now i know what to do to if the directory grows again.
- StephenBMar 21, 2019Guru - Experienced User
Jos011157 wrote:
When / How will we be informed that antivirus can be switched on again?
Since 6.10.0 is already at release candidate 2, I think you should just leave it off.
- BGillanderMar 30, 2019Aspirant
StephenB wrote:
Jos011157 wrote:
When / How will we be informed that antivirus can be switched on again?
Since 6.10.0 is already at release candidate 2, I think you should just leave it off.
Hi,
I signed up for the forum to say thanks for the clear and incredibly helpful instructions that helped me fix this issue on my RN104.
Being curious, I tried turning the AV back on to see if it updated correctly after removing the temp files, but it just created another temp file.
I have another RN104 on which the AV still kept updating correctly after March 5, showing that the AV can correctly update even with the current release, so I took a look at the clamav directory on that one and saw that the antivir.ini and daily.cld files were dated with today's date on the functioning RN104. So I turned off the AV again, re-ran the tmp files delete and deleted the other two files with the following commands:
rm -r clamav-*.tmp
rm -r antivir.ini
rm -r daily.cldI then turned on the AV again and the web interface gave the message "Updating virus library. Refresh to update status." where the usual AV definition date is, and after a couple of minutes it updated to the current AV definitions to match the working RN104.
So, if they are disabling AV in the next release, I guess turning it off is no big deal, but if anyone wants to get the AV running again in the meantime, they could try this. I guess I should have left it overnight to make sure it keeps working automatically, but I wanted to post thanks now while I'm still in the forum so I don't forget. Since my other RN104 has been working fine, I'm expecting this will keep working, too, but I will try to come back and update this post if it doesn't automatically update correctly tomorrow.
Thanks again for everyone's help on this!!
- SuperDad1979Mar 27, 2019Aspirant
I had the same issue. I upgraded the firmware on 5 Mar 19 and then on 20 Mar started getting the messages about the root volume. I've followed the above and it seems to now be resolved. Thanks.
- Peter-J-HApr 20, 2019Tutor
Thanks guys, good explanation. Worked for me.
Regards
Peter
- AdMichelsMay 05, 2019Aspirant
after that I typt in: ssh root@ip-adress of the nas. I get shortly a black screen.
How should I go further
- Marc_VMay 05, 2019NETGEAR Employee Retired
Welcome to the Community!
I would suggest contacting NETGEAR Support if you are not comfortable proceeding on using SSH since it might cause you more issues if done incorrectly. However, if you have no problem of losing your data or if you have backup of your data a Factory reset can be done as another option to resolve this issue (full system volume).
Hope this helps!
Regards
- StephenBMay 06, 2019Guru - Experienced User
AdMichels wrote:
after that I typt in: ssh root@ip-adress of the nas. I get shortly a black screen.
How should I go further
If you are dealing with the antivirus package filling the OS partition then you could follow the steps here: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/System-volume-root-s-usage-is-90-RN102/m-p/1723405#M178497
Or contact paid support (my.netgear.com).
- JanessMay 21, 2019Aspirant
Hello there,
I followed your instructions but I don't find any TMP folders. This is what i get:
root@ReeadyNas:/var/lib/clamav# ls -lsh
total 334M
4.0K -rw-r--r-- 1 root root 48 May 7 16:44 antivir.ini
992K -rw-r--r-- 1 root root 990K Jan 2 20:58 bytecode.cld
40M -rw-r--r-- 1 root root 40M May 7 16:38 daily.cvd
294M -rw-r--r-- 1 root root 294M Jun 24 2017 main.cld
4.0K -rw------- 1 root root 1.3K May 8 18:17 mirrors.dat- StephenBMay 21, 2019Guru - Experienced User
Janess wrote:
I followed your instructions but I don't find any TMP folders.
Then either the cause of your full root wasn't the antivirus software, or the root isn't full anymore.
Can you post the output of
# df // -h # df // -i
- JanessMay 21, 2019Aspirant
Filesystem Size Used Avail Use% Mounted on
/dev/md0 4.0G 3.9G 0 100% /
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!