NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
System volume root's usage is 90% RN102
Please can someone help, I am a total novice with these things. I have read some of the post about the same issue, it talks of SSH mumbo jumbo...lol. I have switched SSH on in the admin GUI so shoul...
Be careful here, as there are support implications in trying to fix this yourself. Typing the wrong thing can do damage, and require you to do a factory default to recover. So I recommend backing up the NAS first. https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
You first disable the AntiVirus service - which it sounds like you have already done.
The second step is to enable SSH in the NAS web ui in system->settings. If your password is still set to password, you also need to change it to something else.
Now you need a program to connect to the NAS using SSH. Windows 10 has a program built in (called ssh). So do Macs (terminal). For other windows versions you need to install putty from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html (and you can also use putty on Windows 10 if you like).
Then you use that program to connect to the NAS:
- ssh root@nas-ip-address on Windows 10 (entered on the Windows 10 search bar)
- launch terminal, enter ssh root@nas-ip-address on the mac
- launch putty, make sure ssh is selected as the connection type. Enter the nas-ip-address and click open. Enter root as the username.
Use the real NAS IP address of course. It's important to log in as root. Don't log in as admin. When you see the password prompt, enter the NAS admin password (root and admin use the same password).
If you have trouble launching one of these programs, then you can post back (or just google for more info).
Be careful on the typing of the commands below. Be sure to use the correct slash direction, etc.
After you are logged in, you enter
cd /var/lib/clamav ls -lsh
You should now see a folder listing, with some folders that look like clamav-<very long string>.tmp
If you don't see these tmp folders, then post back and tell us what you do see.
If you do see these tmp folders, then you remove them by entering
rm -r clamav-*.tmp ls -lsh
You should now see a second folder listing, and those tmp folders should be gone.
asimb has posted a screen shot illustrating these commands: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/System-volume-root-s-usage-is-xx-This-condition-should-not-occur/m-p/1722860#M178464
I'm taking the liberty of re-posting that screen shot here.
I recommend leaving the AntiVirus service off - at least for now.
Be careful here, as there are support implications in trying to fix this yourself. Typing the wrong thing can do damage, and require you to do a factory default to recover. So I recommend backing up the NAS first. https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides
You first disable the AntiVirus service - which it sounds like you have already done.
The second step is to enable SSH in the NAS web ui in system->settings. If your password is still set to password, you also need to change it to something else.
Now you need a program to connect to the NAS using SSH. Windows 10 has a program built in (called ssh). So do Macs (terminal). For other windows versions you need to install putty from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html (and you can also use putty on Windows 10 if you like).
Then you use that program to connect to the NAS:
- ssh root@nas-ip-address on Windows 10 (entered on the Windows 10 search bar)
- launch terminal, enter ssh root@nas-ip-address on the mac
- launch putty, make sure ssh is selected as the connection type. Enter the nas-ip-address and click open. Enter root as the username.
Use the real NAS IP address of course. It's important to log in as root. Don't log in as admin. When you see the password prompt, enter the NAS admin password (root and admin use the same password).
If you have trouble launching one of these programs, then you can post back (or just google for more info).
Be careful on the typing of the commands below. Be sure to use the correct slash direction, etc.
After you are logged in, you enter
cd /var/lib/clamav ls -lsh
You should now see a folder listing, with some folders that look like clamav-<very long string>.tmp
If you don't see these tmp folders, then post back and tell us what you do see.
If you do see these tmp folders, then you remove them by entering
rm -r clamav-*.tmp ls -lsh
You should now see a second folder listing, and those tmp folders should be gone.
asimb has posted a screen shot illustrating these commands: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/System-volume-root-s-usage-is-xx-This-condition-should-not-occur/m-p/1722860#M178464
I'm taking the liberty of re-posting that screen shot here.
I recommend leaving the AntiVirus service off - at least for now.
Thanks, this helped and the files are gone.
Hopefully message stays out.
When / How will we be informed that antivirus can be switched on again?
Regards
Jos
Great Topic started getting the same errors a couple days ago.
RN104 with 4 x 4TB WD Red on 6.9.5.
I found the same issue, clamav folder was filling up. I noticed a couple weeks ago that the AV indicator in the web gui had turned yellow, and a few days ago received the "System volume root's usage is 82%. This Should not occur under normal conditions. Contact Technical Support" message from my NAS RN104, this has been working perfectly since new.
root@ReadyNAS:/var/lib# du -d1 -h 40K ./connman 4.0K ./snmp 4.0K ./dbus 8.0K ./mdadm 4.0K ./nut 12K ./apache2 30M ./mysql 4.0K ./insserv 120K ./ucf 4.0K ./libuuid 2.6G ./clamav 32K ./php5 13M ./dpkg 2.6M ./samba 72M ./apt 4.0K ./update-rc.d 8.0K ./vim 4.0K ./replisync 28K ./pam 4.0K ./misc 8.0K ./sudo 136K ./systemd 4.0K ./urandom 16K ./nfs 4.0K ./initscripts 2.7G . root@ReadyNAS:/var/lib# cd /var/lib/clamav/ root@ReadyNAS:/var/lib/clamav# ls -lhS total 276M -rw-r--r-- 1 root root 162M Mar 6 04:14 daily.cld -rw-r--r-- 1 root root 113M Oct 9 2017 main.cvd -rw-r--r-- 1 root root 990K Jan 2 17:21 bytecode.cld drwxr-xr-x 3 root root 4.0K Mar 12 04:18 clamav-1052674f670d6fa214f5d8723b001e10.tmp drwxr-xr-x 3 root root 4.0K Mar 17 13:22 clamav-12c4946d6d4083884efc403bb8b31b15.tmp drwxr-xr-x 3 root root 4.0K Mar 19 13:23 clamav-30c842f8c25ec16062fb0b6ab310b83d.tmp drwxr-xr-x 3 root root 4.0K Mar 11 04:17 clamav-381bb4ee2680af85d7b6a0312043aff8.tmp drwxr-xr-x 3 root root 4.0K Mar 7 04:14 clamav-3b65e5839c926ce2d5b94f6533d2a416.tmp drwxr-xr-x 3 root root 4.0K Mar 9 04:15 clamav-4bf40655f003ddd7324deceb0e68f929.tmp drwxr-xr-x 3 root root 4.0K Mar 12 13:26 clamav-60161bf85190b4b62e96e7c28aa0d5fd.tmp drwxr-xr-x 3 root root 4.0K Mar 8 04:15 clamav-622892ca4baa94df9e6b4c5e6635ecea.tmp drwxr-xr-x 3 root root 4.0K Mar 13 13:27 clamav-6b4e0c8587bdc08fee089fb74b67c604.tmp drwxr-xr-x 3 root root 4.0K Mar 18 13:22 clamav-8f9e7433684605db15a69dd76769f85b.tmp drwxr-xr-x 3 root root 4.0K Mar 15 13:21 clamav-9dc4d920abae9ed1649e0370c8e823cd.tmp drwxr-xr-x 3 root root 4.0K Mar 14 13:21 clamav-a5c4514b24634f7e4ea9fbbfd20cda1e.tmp drwxr-xr-x 3 root root 4.0K Mar 10 04:16 clamav-df569d3b49c09f275d74b7fd9e44b9a8.tmp drwxr-xr-x 3 root root 4.0K Mar 16 13:22 clamav-f8970b2254f8259e1a5d0e67140b8466.tmp -rw------- 1 root root 1.4K Mar 19 13:23 mirrors.dat -rw-r--r-- 1 root root 48 Mar 6 04:16 antivir.ini root@ReadyNAS:/var/lib/clamav# du -d1 -h 166M ./clamav-df569d3b49c09f275d74b7fd9e44b9a8.tmp 166M ./clamav-12c4946d6d4083884efc403bb8b31b15.tmp 166M ./clamav-4bf40655f003ddd7324deceb0e68f929.tmp 166M ./clamav-3b65e5839c926ce2d5b94f6533d2a416.tmp 166M ./clamav-f8970b2254f8259e1a5d0e67140b8466.tmp 166M ./clamav-622892ca4baa94df9e6b4c5e6635ecea.tmp 166M ./clamav-9dc4d920abae9ed1649e0370c8e823cd.tmp 166M ./clamav-381bb4ee2680af85d7b6a0312043aff8.tmp 166M ./clamav-30c842f8c25ec16062fb0b6ab310b83d.tmp 166M ./clamav-6b4e0c8587bdc08fee089fb74b67c604.tmp 166M ./clamav-1052674f670d6fa214f5d8723b001e10.tmp 166M ./clamav-60161bf85190b4b62e96e7c28aa0d5fd.tmp 166M ./clamav-8f9e7433684605db15a69dd76769f85b.tmp 166M ./clamav-a5c4514b24634f7e4ea9fbbfd20cda1e.tmp 2.6G . root@ReadyNAS:/var/lib/clamav# rm -r clamav-*.tmp root@ReadyNAS:/var/lib/clamav# ls -lhS total 276M -rw-r--r-- 1 root root 162M Mar 6 04:14 daily.cld -rw-r--r-- 1 root root 113M Oct 9 2017 main.cvd -rw-r--r-- 1 root root 990K Jan 2 17:21 bytecode.cld -rw------- 1 root root 1.4K Mar 19 13:23 mirrors.dat -rw-r--r-- 1 root root 48 Mar 6 04:16 antivir.ini root@ReadyNAS:/var/lib/clamav# cd / root@ReadyNAS:/# du -d1 -h 4.0K ./dev 365M ./usr 16M ./opt 11M ./etc 620M ./var 21M ./apps 30M ./frontview 4.0K ./boot 0 ./sys 28M ./run 32K ./media 28M ./lib 4.0K ./srv 52K ./root 0 ./proc 16K ./lost+found 10M ./sbin 6.0M ./bin 27M ./home 28K ./tmp 1.6T ./data 4.0K ./selinux 1.6T . root@ReadyNAS:/#
So Looks like we need an update sharpish I have now disabled the AV although it still seems to be trying to update as the filesystem grew again overnight. so i will now remove the .tmp files as the 14 .tmp files are eating 2.3G on their own.
but thanks to this thread I'm working correctly although with clamav disabled. and now i know what to do to if the directory grows again.
Jos011157 wrote:
When / How will we be informed that antivirus can be switched on again?
Since 6.10.0 is already at release candidate 2, I think you should just leave it off.
StephenB wrote:
Jos011157 wrote:
When / How will we be informed that antivirus can be switched on again?
Since 6.10.0 is already at release candidate 2, I think you should just leave it off.
Hi,
I signed up for the forum to say thanks for the clear and incredibly helpful instructions that helped me fix this issue on my RN104.
Being curious, I tried turning the AV back on to see if it updated correctly after removing the temp files, but it just created another temp file.
I have another RN104 on which the AV still kept updating correctly after March 5, showing that the AV can correctly update even with the current release, so I took a look at the clamav directory on that one and saw that the antivir.ini and daily.cld files were dated with today's date on the functioning RN104. So I turned off the AV again, re-ran the tmp files delete and deleted the other two files with the following commands:
rm -r clamav-*.tmp
rm -r antivir.ini
rm -r daily.cldI then turned on the AV again and the web interface gave the message "Updating virus library. Refresh to update status." where the usual AV definition date is, and after a couple of minutes it updated to the current AV definitions to match the working RN104.
So, if they are disabling AV in the next release, I guess turning it off is no big deal, but if anyone wants to get the AV running again in the meantime, they could try this. I guess I should have left it overnight to make sure it keeps working automatically, but I wanted to post thanks now while I'm still in the forum so I don't forget. Since my other RN104 has been working fine, I'm expecting this will keep working, too, but I will try to come back and update this post if it doesn't automatically update correctly tomorrow.
Thanks again for everyone's help on this!!
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
