ClamAV Virus Scanning Server not running

I noticed that on my System Information panel thatClamAV Virus Scanning Server is not running. I tried to restart it, which failed. The system messages were:

May 17 06:31:31 awesome clamd[27745]: clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386)
May 17 06:31:31 awesome clamd[27745]: Running as user nobody (UID 99, GID 99)
May 17 06:31:31 awesome clamd[27745]: Log file size limited to 1048576 bytes.
May 17 06:31:31 awesome clamd[27745]: Reading databases from /var/lib/clamav
May 17 06:31:31 awesome clamd[27745]: Not loading PUA signatures.
May 17 06:31:46 awesome clamd[27745]: Loaded 1479477 signatures.
May 17 06:31:47 awesome clamd[27745]: LOCAL: Removing stale socket file /var/run/clamd.virtualmin/clamd.sock
May 17 06:31:47 awesome clamd[27745]: LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock
May 17 06:31:47 awesome clamd[27745]: LOCAL: Setting connection queue length to 15
May 17 06:31:47 awesome clamd[27745]: daemonize() failed
May 17 06:31:47 awesome clamd[27745]: Socket file removed.

Could you advise me what to try? Regards, Martyn

Status: 
Closed (fixed)

Comments

Howdy -- what output do you get if you type this:

rpm -qa | grep clamav

That "daemonize failed" error is unusual though... just to be super-certain, are you running the restart as the root user?

hello,

rpm -qa | grep clamav

gives:

clamav-data-0.96-1.vm.el5 clamav-0.96-1.vm.el5 clamav-server-0.96-1.vm.el5 clamav-filesystem-0.96-1.vm.el5 clamav-lib-0.96-1.vm.el5 clamav-update-0.96-1.vm.el5 clamav-server-sysv-0.96-1.vm.el5

Yes, I was running it logged into Virtualmin as root.

Regards, Martyn

What is the output from the following commands :

ps axuwwww | grep clamd

and :

clamdscan - </etc/hosts

ps axuwwww | grep clamd

returns:

root 16725 0.0 0.1 4784 696 pts/0 S+ 11:40 0:00 grep clamd

clamdscan - </etc/hosts

returns:

ERROR: Can't connect to clamd: No such file or directory

----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.000 sec (0 m 0 s)

Ok, so it looks like clamd really isn't running. You should check /var/log/clamd.virtualmin and see what gets logged at the end when you try to start it up ..

When I run it and check /var/log/clamd.virtualmin

I get:

+++ Started at Mon May 17 06:31:31 2010 clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) Log file size limited to 1048576 bytes. Reading databases from /var/lib/clamav Not loading PUA signatures. Loaded 1479477 signatures. LOCAL: Removing stale socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Setting connection queue length to 15 ERROR: daemonize() failed Socket file removed. +++ Started at Mon May 17 13:13:42 2010 clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) Log file size limited to 1048576 bytes. Reading databases from /var/lib/clamav Not loading PUA signatures. Loaded 1479479 signatures. LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Setting connection queue length to 15 ERROR: daemonize() failed Socket file removed.

I included the clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) but, not sure if that is relevant.

The messages look the same as the system messages.

How much RAM does your system have, and how much is free? ClamAV is pretty memory-hungry ..

Hi Jamie,

According to Virtualmin I have:

Real memory 540.22 MB total, 358.70 MB used [Memory used] Virtual memory 255.99 MB total, 154.73 MB used [Swap space used]

I'm using Linode.

Regards,

Martyn

If you run top and then hit M to sort by memory used when starting up ClamAV, does it end up consuming all your memory before failing?

Yep, looks like that is exactly what it is doing.

It gets up to 42% of memory and then disappears off TOP and fails.

What is strange, though, is it has been perfectly fine up 'til now. The only difference is I added one more domain to my server. Perhaps the straw that broke the camel's back?

Could be ..

What other processes are using up lots of RAM? The top command when sorting by RAM use will show you..

Well,of course it varies, but just looking at it running, the ones that pop us as using a lot of RAM are:

lookup-domain-d 2.1% lookup-domain-p 0.4% spamd 6.4% php-cgi 3.3% top 0,2% httpd0.7% dovecot 0.1% but not all at the same time.

It seems odd that clamd is using up 40% of your RAM ..

Maybe the real issue is a corrupted ClamAV virus database. You can try fixing this by running :

rm /var/lib/clamav/main.c* /var/lib/clamav/daily.c*
freshclam

Well that did the trick. Thanks for your persistence.

in TOP, Clam went peaked at about 23% of memory but quickly settled down to a lower number that I can't currently see on my screen.

Cool .. I recall seeing this once or twice before. It looks to be a ClamAV bug.

Automatically closed -- issue fixed for 2 weeks with no activity.