[clamav-users] ClamAV daemon restarts via/through systemd

Ben Argyle via clamav-users Mon, 02 Jun 2025 12:48:57 -0700

We're running ClamAV on RHEL 8 from EPEL 8:

clamd-1.0.8-1.el8.x86_64
clamav-freshclam-1.0.8-1.el8.x86_64
clamav-1.0.8-1.el8.x86_64


I know it's old, but that's what we've got to work with.  Anyway, we're seeing 
an issue where all of our clamd@scan daemons are restarting because of systemd, 
sometimes multiple times a day:

# journalctl -u clamd@scan | grep systemd
[...]
Jan 01 03:08:04 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Jan 01 03:08:05 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Jan 01 03:08:05 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Jan 01 03:08:05 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Jan 01 03:08:05 cstestapp1 clamd[2519493]: Received 0 file descriptor(s) from 
systemd.
Jan 01 03:08:24 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Jan 16 06:53:58 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Jan 16 06:54:03 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Jan 16 06:54:03 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Jan 16 06:54:40 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Jan 16 06:54:40 cstestapp1 clamd[873]: Received 0 file descriptor(s) from 
systemd.
Jan 16 06:55:36 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Feb 01 03:29:04 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Feb 01 03:29:05 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Feb 01 03:29:05 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Feb 01 03:29:05 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Feb 01 03:29:05 cstestapp1 clamd[87709]: Received 0 file descriptor(s) from 
systemd.
Feb 01 03:29:25 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Feb 03 09:04:29 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Feb 03 09:04:32 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Feb 03 09:04:32 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Feb 03 09:05:07 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Feb 03 09:05:07 cstestapp1 clamd[876]: Received 0 file descriptor(s) from 
systemd.
Feb 03 09:06:00 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Feb 03 09:33:47 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Feb 03 09:33:48 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Feb 03 09:33:48 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Feb 03 09:33:48 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Feb 03 09:33:48 cstestapp1 clamd[41441]: Received 0 file descriptor(s) from 
systemd.
Feb 03 09:34:07 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Feb 20 02:05:03 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Feb 20 02:05:06 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Feb 20 02:05:06 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Feb 20 02:05:44 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Feb 20 02:05:44 cstestapp1 clamd[879]: Received 0 file descriptor(s) from 
systemd.
Feb 20 02:06:35 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Feb 20 02:22:13 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Feb 20 02:22:15 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Feb 20 02:22:15 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Feb 20 02:22:15 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Feb 20 02:22:15 cstestapp1 clamd[33476]: Received 0 file descriptor(s) from 
systemd.
Feb 20 02:22:36 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Mar 01 03:22:05 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Mar 01 03:22:06 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Mar 01 03:22:06 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Mar 01 03:22:06 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Mar 01 03:22:06 cstestapp1 clamd[1511727]: Received 0 file descriptor(s) from 
systemd.
Mar 01 03:22:28 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Apr 01 03:26:05 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Apr 01 03:26:06 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Apr 01 03:26:06 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Apr 01 03:26:06 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Apr 01 03:26:06 cstestapp1 clamd[831803]: Received 0 file descriptor(s) from 
systemd.
Apr 01 03:26:26 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Apr 03 05:16:34 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Apr 03 05:16:58 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Apr 03 05:16:58 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Apr 03 05:16:58 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Apr 03 05:16:58 cstestapp1 clamd[3120792]: Received 0 file descriptor(s) from 
systemd.
Apr 03 05:17:20 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Apr 03 06:53:58 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Apr 03 06:54:01 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Apr 03 06:54:01 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Apr 03 06:54:44 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Apr 03 06:54:44 cstestapp1 clamd[891]: Received 0 file descriptor(s) from 
systemd.
Apr 03 06:55:31 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Apr 09 03:11:16 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Apr 09 03:11:19 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Apr 09 03:11:19 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Apr 09 03:11:52 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Apr 09 03:11:53 cstestapp1 clamd[880]: Received 0 file descriptor(s) from 
systemd.
Apr 09 03:12:40 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Apr 09 03:28:36 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Apr 09 03:28:38 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Apr 09 03:28:38 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Apr 09 03:28:38 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Apr 09 03:28:38 cstestapp1 clamd[33301]: Received 0 file descriptor(s) from 
systemd.
Apr 09 03:28:58 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 01 03:21:05 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 01 03:21:23 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 01 03:21:23 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 01 03:21:23 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 01 03:21:23 cstestapp1 clamd[3091894]: Received 0 file descriptor(s) from 
systemd.
May 01 03:21:44 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 07 08:02:06 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 07 08:02:31 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 07 08:02:31 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 07 08:02:56 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 07 08:02:57 cstestapp1 clamd[892]: Received 0 file descriptor(s) from 
systemd.
May 07 08:03:51 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 07 08:42:09 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 07 08:42:10 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 07 08:42:10 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 07 08:42:10 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 07 08:42:10 cstestapp1 clamd[47615]: Received 0 file descriptor(s) from 
systemd.
May 07 08:42:31 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 22 03:12:33 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 22 03:12:36 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 22 03:12:36 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 22 03:13:15 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 22 03:13:15 cstestapp1 clamd[880]: Received 0 file descriptor(s) from 
systemd.
May 22 03:14:00 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 22 03:30:22 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 22 03:30:24 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 22 03:30:24 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 22 03:30:24 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 22 03:30:24 cstestapp1 clamd[33007]: Received 0 file descriptor(s) from 
systemd.
May 22 03:30:44 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 22 08:01:14 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 22 08:01:16 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 22 08:01:16 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 22 08:01:47 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 22 08:01:48 cstestapp1 clamd[886]: Received 0 file descriptor(s) from 
systemd.
May 22 08:02:33 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
May 22 08:16:42 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
May 22 08:16:44 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
May 22 08:16:44 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
May 22 08:16:44 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
May 22 08:16:44 cstestapp1 clamd[30942]: Received 0 file descriptor(s) from 
systemd.
May 22 08:17:05 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.
Jun 01 03:45:13 cstestapp1 systemd[1]: Stopping clamd scanner (scan) daemon...
Jun 01 03:45:16 cstestapp1 systemd[1]: clamd@scan.service: Succeeded.
Jun 01 03:45:16 cstestapp1 systemd[1]: Stopped clamd scanner (scan) daemon.
Jun 01 03:45:16 cstestapp1 systemd[1]: Starting clamd scanner (scan) daemon...
Jun 01 03:45:16 cstestapp1 clamd[2364507]: Received 0 file descriptor(s) from 
systemd.
Jun 01 03:46:06 cstestapp1 systemd[1]: Started clamd scanner (scan) daemon.

It seems likely that the "01" restarts are due to logrotate:

/var/log/clamd.scan {
    create 644 root root
    monthly
    compress
    missingok
    postrotate
        systemctl restart clamd@scan >/dev/null 2>&1 || true
    endscript
}

But we can't work out what could be causing all of the other ones.  We've 
probably ruled out OOM issues (nothing in /var/log/messages or 'dmesg').  Any 
ideas what else I can look for, or what could be causing them?

We've just, as of today, uncommented "NotifyClamd /etc/clamd.conf" in 
/etc/freshclam.conf in case that was the cause.  But before today we were 
seeing plenty of 

[...]
SelfCheck: Database modification detected. Forcing reload.
Reading databases from /var/lib/clamav
Database correctly reloaded (8707505 signatures)
Activating the newly loaded database...
[...]

in /var/log/clamd.scan without a matching restart in journalctl.  So we don't 
think it's Freshclam.

Thoughts?

Ben
--
Servers and Storage Team, UIS, University of Cambridge

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

[clamav-users] ClamAV daemon restarts via/through systemd

Reply via email to