Submitted by martynw on Mon, 05/17/2010 - 08:44 Pro Licensee
I noticed that on my System Information panel thatClamAV Virus Scanning Server is not running. I tried to restart it, which failed. The system messages were:
May 17 06:31:31 awesome clamd[27745]: clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386)
May 17 06:31:31 awesome clamd[27745]: Running as user nobody (UID 99, GID 99)
May 17 06:31:31 awesome clamd[27745]: Log file size limited to 1048576 bytes.
May 17 06:31:31 awesome clamd[27745]: Reading databases from /var/lib/clamav
May 17 06:31:31 awesome clamd[27745]: Not loading PUA signatures.
May 17 06:31:46 awesome clamd[27745]: Loaded 1479477 signatures.
May 17 06:31:47 awesome clamd[27745]: LOCAL: Removing stale socket file /var/run/clamd.virtualmin/clamd.sock
May 17 06:31:47 awesome clamd[27745]: LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock
May 17 06:31:47 awesome clamd[27745]: LOCAL: Setting connection queue length to 15
May 17 06:31:47 awesome clamd[27745]: daemonize() failed
May 17 06:31:47 awesome clamd[27745]: Socket file removed.
Could you advise me what to try? Regards, Martyn
Status:
Closed (fixed)
Comments
Submitted by andreychek on Mon, 05/17/2010 - 08:49 Comment #1
Howdy -- what output do you get if you type this:
rpm -qa | grep clamav
That "daemonize failed" error is unusual though... just to be super-certain, are you running the restart as the root user?
Submitted by martynw on Mon, 05/17/2010 - 10:04 Pro Licensee Comment #2
hello,
rpm -qa | grep clamav
gives:
clamav-data-0.96-1.vm.el5 clamav-0.96-1.vm.el5 clamav-server-0.96-1.vm.el5 clamav-filesystem-0.96-1.vm.el5 clamav-lib-0.96-1.vm.el5 clamav-update-0.96-1.vm.el5 clamav-server-sysv-0.96-1.vm.el5
Yes, I was running it logged into Virtualmin as root.
Regards, Martyn
Submitted by JamieCameron on Mon, 05/17/2010 - 12:01 Comment #3
What is the output from the following commands :
ps axuwwww | grep clamd
and :
clamdscan - </etc/hosts
Submitted by martynw on Mon, 05/17/2010 - 13:43 Pro Licensee Comment #4
ps axuwwww | grep clamd
returns:
root 16725 0.0 0.1 4784 696 pts/0 S+ 11:40 0:00 grep clamd
clamdscan - </etc/hosts
returns:
ERROR: Can't connect to clamd: No such file or directory
----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.000 sec (0 m 0 s)
Submitted by JamieCameron on Mon, 05/17/2010 - 14:45 Comment #5
Ok, so it looks like
clamd
really isn't running. You should check/var/log/clamd.virtualmin
and see what gets logged at the end when you try to start it up ..Submitted by martynw on Mon, 05/17/2010 - 15:17 Pro Licensee Comment #6
When I run it and check /var/log/clamd.virtualmin
I get:
+++ Started at Mon May 17 06:31:31 2010 clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) Log file size limited to 1048576 bytes. Reading databases from /var/lib/clamav Not loading PUA signatures. Loaded 1479477 signatures. LOCAL: Removing stale socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Setting connection queue length to 15 ERROR: daemonize() failed Socket file removed. +++ Started at Mon May 17 13:13:42 2010 clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) Log file size limited to 1048576 bytes. Reading databases from /var/lib/clamav Not loading PUA signatures. Loaded 1479479 signatures. LOCAL: Unix socket file /var/run/clamd.virtualmin/clamd.sock LOCAL: Setting connection queue length to 15 ERROR: daemonize() failed Socket file removed.
I included the clamd daemon 0.96 (OS: linux-gnu, ARCH: i386, CPU: i386) Running as user nobody (UID 99, GID 99) but, not sure if that is relevant.
The messages look the same as the system messages.
Submitted by JamieCameron on Mon, 05/17/2010 - 15:51 Comment #7
How much RAM does your system have, and how much is free? ClamAV is pretty memory-hungry ..
Submitted by martynw on Mon, 05/17/2010 - 16:16 Pro Licensee Comment #8
Hi Jamie,
According to Virtualmin I have:
Real memory 540.22 MB total, 358.70 MB used [Memory used] Virtual memory 255.99 MB total, 154.73 MB used [Swap space used]
I'm using Linode.
Regards,
Martyn
Submitted by JamieCameron on Mon, 05/17/2010 - 16:32 Comment #9
If you run
top
and then hitM
to sort by memory used when starting up ClamAV, does it end up consuming all your memory before failing?Submitted by martynw on Mon, 05/17/2010 - 16:38 Pro Licensee Comment #10
Yep, looks like that is exactly what it is doing.
It gets up to 42% of memory and then disappears off TOP and fails.
What is strange, though, is it has been perfectly fine up 'til now. The only difference is I added one more domain to my server. Perhaps the straw that broke the camel's back?
Submitted by JamieCameron on Mon, 05/17/2010 - 16:39 Comment #11
Could be ..
What other processes are using up lots of RAM? The
top
command when sorting by RAM use will show you..Submitted by martynw on Mon, 05/17/2010 - 16:52 Pro Licensee Comment #12
Well,of course it varies, but just looking at it running, the ones that pop us as using a lot of RAM are:
lookup-domain-d 2.1% lookup-domain-p 0.4% spamd 6.4% php-cgi 3.3% top 0,2% httpd0.7% dovecot 0.1% but not all at the same time.
Submitted by JamieCameron on Mon, 05/17/2010 - 19:18 Comment #13
It seems odd that
clamd
is using up 40% of your RAM ..Maybe the real issue is a corrupted ClamAV virus database. You can try fixing this by running :
rm /var/lib/clamav/main.c* /var/lib/clamav/daily.c*
freshclam
Submitted by martynw on Mon, 05/17/2010 - 20:55 Pro Licensee Comment #14
Well that did the trick. Thanks for your persistence.
in TOP, Clam went peaked at about 23% of memory but quickly settled down to a lower number that I can't currently see on my screen.
Submitted by JamieCameron on Tue, 05/18/2010 - 00:04 Comment #15
Cool .. I recall seeing this once or twice before. It looks to be a ClamAV bug.
Submitted by Issues on Tue, 06/01/2010 - 01:21 Comment #16
Automatically closed -- issue fixed for 2 weeks with no activity.