Alrighty, they are bellow :). I condensed the log.smdb output to what appear over and over and over again :D.
I really don't think it's a virus, or ant-virus. If that were the case, I'd have huge Read/Writes to disk when the 100% CPU on the FreeNAS box hits. And that still wouldn't cause 100% CPU usage, just 100% Disk Usage.
smbstatus -
Code:
CPU: 50.0% user, 0.0% nice, 0.6% system, 0.0% interrupt, 49.4% idle
Mem: 110M Active, 440M Inact, 14G Wired, 721M Free
ARC: 13G Total, 3413M MFU, 9176M MRU, 176K Anon, 52M Header, 795M Other
Swap: 14G Total, 14G Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
89859 root 1 102 0 332M 31552K CPU1 1 0:37 100.00% smbd
3130 root 12 20 0 211M 21016K nanslp 0 2:45 0.00% collectd
2856 root 1 52 0 221M 64120K select 0 0:57 0.00% python2.7
2881 root 6 20 0 333M 155M select 1 0:15 0.00% python2.7
1591 root 1 -52 r0 6300K 2272K nanslp 0 0:04 0.00% watchdogd
87537 root 2 20 0 111M 24500K select 0 0:02 0.00% python2.7
1911 root 1 20 0 30252K 18100K select 1 0:02 0.00% ntpd
1431 root 1 20 0 68916K 8892K kqread 0 0:01 0.00% syslog-ng
3826 root 1 52 0 161M 49676K ttyin 1 0:00 0.00% python2.7
89280 root 4 52 0 169M 48916K usem 1 0:00 0.00% python2.7
3774 root 1 52 0 20736K 2340K nanslp 0 0:00 0.00% cron
2616 root 1 31 10 17060K 3572K wait 0 0:00 0.00% sh
89878 root 1 20 0 26060K 3120K CPU0 0 0:00 0.00% top
41540 www 1 20 0 34112K 6456K kqread 0 0:00 0.00% nginx
2585 root 1 20 0 30724K 4632K nanslp 0 0:00 0.00% smartd
88312 root 1 20 0 88144K 7636K select 1 0:00 0.00% sshd
1166 root 1 20 0 13772K 5496K select 0 0:00 0.00% devd
88316 root 1 20 0 27712K 4040K pause 0 0:00 0.00% csh
3764 root 1 20 0 51704K 4816K select 0 0:00 0.00% zfsd
89193 nobody 1 20 0 17032K 2716K select 1 0:00 0.00% mdnsd
89766 root 1 20 0 285M 24860K select 1 0:00 0.00% smbd
89771 root 1 20 0 270M 21520K select 0 0:00 0.00% winbindd
89762 root 1 20 0 229M 17680K select 0 0:00 0.00% nmbd
89773 root 1 20 0 273M 21612K select 0 0:00 0.00% winbindd
1077 _dhcp 1 20 0 14620K 2204K select 0 0:00 0.00% dhclient
1020 root 1 52 0 14620K 2176K select 0 0:00 0.00% dhclient
2759 root 1 20 0 34112K 6116K pause 1 0:00 0.00% nginx
89860 root 1 20 0 277M 21864K select 0 0:00 0.00% winbindd
89770 root 1 20 0 282M 24476K select 1 0:00 0.00% smbd
2396 root 1 20 0 65436K 6968K select 0 0:00 0.00% sshd
3831 root 1 52 0 14484K 2048K ttyin 0 0:00 0.00% getty
3830 root 1 52 0 14484K 2048K ttyin 1 0:00 0.00% getty
3828 root 1 52 0 14484K 2048K ttyin 1 0:00 0.00% getty
3827 root 1 52 0 14484K 2048K ttyin 1 0:00 0.00% getty
3833 root 1 52 0 14484K 2048K ttyin 0 0:00 0.00% getty
3832 root 1 52 0 14484K 2048K ttyin 0 0:00 0.00% getty
3829 root 1 52 0 14484K 2048K ttyin 0 0:00 0.00% getty
3219 root 1 20 0 14456K 2000K sigwai 1 0:00 0.00% daemon
2613 root 1 52 0 12792K 2452K select 0 0:00 0.00% rsync
90004 root 1 31 10 8224K 1880K nanslp 1 0:00 0.00% sleep
1430 root 1 52 0 38412K 3600K wait 0 0:00 0.00% syslog-ng
2969 messagebus 1 52 0 21256K 2780K select 1 0:00 0.00% dbus-daemon
[root@Avalon] ~# smbstatus
Samba version 4.3.11-GIT-UNKNOWN
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
89859 nobody nobody Excalibur (ipv4:192.168.1.4:50395) Unknown (0x0311)
89859 nobody nobody Excalibur (ipv4:192.168.1.4:50395) Unknown (0x0311)
89859 Wasse wheel Excalibur (ipv4:192.168.1.4:50395) Unknown (0x0311)
Service pid machine Connected at
-------------------------------------------------------
IPC$ 89859 Excalibur Wed Dec 7 21:44:20 2016
Avalon 89859 Excalibur Wed Dec 7 21:39:11 2016
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_freedb2.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY EXCLUSIVE+BATCH /mnt/Avalon Wasse/Programs/foobar2000/avutil-fb2k-55.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_NONE 0x100081 RDONLY NONE /mnt/Avalon Wasse/Programs Wed Dec 7 21:39:21 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_dsp_std.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_dsp_eq.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY EXCLUSIVE+BATCH /mnt/Avalon Wasse/Programs/foobar2000/zlib1.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_NONE 0x100081 RDONLY NONE /mnt/Avalon Wasse/Programs/foobar2000 Wed Dec 7 21:39:18 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_rgscan.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x120089 RDONLY EXCLUSIVE+BATCH /mnt/Avalon Public/Audio/Music/Queensrÿche/Sign of the Times The Best of Queensrÿche (2007)/10 Jet City Woman.flac Wed Dec 7 21:39:23 2016
89859 1001 DENY_NONE 0x100081 RDONLY NONE /mnt/Avalon Public/Audio Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_albumlist.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY EXCLUSIVE+BATCH /mnt/Avalon Wasse/Programs/foobar2000/avcodec-fb2k-57.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_fileops.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/shared.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_NONE 0x100081 RDONLY NONE /mnt/Avalon . Wed Dec 7 21:39:11 2016
89859 1001 DENY_NONE 0x100081 RDONLY NONE /mnt/Avalon . Wed Dec 7 21:39:12 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/foobar2000.exe Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_unpack.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_ALL 0x120196 WRONLY EXCLUSIVE+BATCH /mnt/Avalon Wasse/Programs/foobar2000/running Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_cdda.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/user-components/foo_input_monkey/foo_input_monkey.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_ui_std.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_input_std.dll Wed Dec 7 21:39:20 2016
89859 1001 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /mnt/Avalon Wasse/Programs/foobar2000/components/foo_converter.dll Wed Dec 7 21:39:20 2016
log.smbd -
Code:
[2016/12/06 00:04:47.072648, 0] ../source3/smbd/negprot.c:686(reply_negprot)
No protocol supported !
smb4.conf
Code:
[global]
server max protocol = SMB3_11
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 468245
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = Avalon File Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = standalone
netbios name = AVALON
workgroup = WORKGROUP
security = user
pid directory = /var/run/samba
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[Avalon]
path = /mnt/Avalon
comment = Welcome to Avalon!
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
shadow:format = auto-%Y%m%d.%H%M-1w
shadow:snapdirseverywhere = yes
vfs objects = shadow_copy2 zfs_space zfsacl aio_pthread
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare