Re: [clamav-users] Need help: clamd stops after starting without any error message
On 19.04.17 13:57, Torge Riedel wrote: I worked around the "OOM" problem by ordering 1 GB more RAM at my provider and - thanks to VM world - the RAM was increased to 2 GB on the fly. After that I was able to start clamd. Output of "top -p " is: Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2097152k total, 1242976k used, 854176k free,0k buffers Swap:0k total,0k used,0k free, 188020k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 9102 clamav20 0 670m 499m 644 S0 24.4 0:00.00 clamd I think 670m / 499m is quite a lot for a small sized VM, although I have to say that this VM is really old and new VM orders always start at minimum of 2 GB of RAM. Any chance to reduce RAM usage of clamd by configuration? only by reducing signature count, which would reduce hit rate. not a way to go imho. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help: clamd stops after starting without any error message
I worked around the "OOM" problem by ordering 1 GB more RAM at my provider and - thanks to VM world - the RAM was increased to 2 GB on the fly. After that I was able to start clamd. Output of "top -p " is: Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2097152k total, 1242976k used, 854176k free,0k buffers Swap:0k total,0k used,0k free, 188020k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 9102 clamav20 0 670m 499m 644 S0 24.4 0:00.00 clamd I think 670m / 499m is quite a lot for a small sized VM, although I have to say that this VM is really old and new VM orders always start at minimum of 2 GB of RAM. Any chance to reduce RAM usage of clamd by configuration? Torge Am 19.04.2017 um 13:42 schrieb Torge Riedel: Ok, enabled debug. Find attached the output of service clamav-daemon start > /tmp/clamd_start.log 2>&1 at the end it says: LibClamAV debug: main.msb loaded LibClamAV debug: Ignoring signature Win.Trojan.AT-8 LibClamAV debug: Ignoring signature Win.Trojan.Agent-653 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-53 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-60 LibClamAV debug: Ignoring signature Win.Trojan.Qhost-106 Killed ...fail! To check where "Killed" is coming from I directly started clamd: /usr/sbin/clamd and it prints "Killed" at the end. I think the " ...fail!" is from "service". So I googled again with this hint (never saw this before) and found this: http://forums.interworx.com/threads/8501-Clamd-being-killed which brought me to the idea to monitor resource usage: Connecting with two shells and running a "top" before starting clamd I see that 1. ~480 MBs RAM is free before starting clamd (server has a total of 1 GB RAM) 2. Starting clamd consumes all the free memory and stops with "Killed" Seems as if the free RAM is no more enough for clamd, but I am wondering why it consumes so much memory? Is this normal? Is there a chance to fix that by change of configuration? I googled but have not found a good answer yet. Only "remove clamav" which is not what I want to do. Torge Am 19.04.2017 um 12:43 schrieb Steve Basford: On Wed, April 19, 2017 10:13 am, Torge Riedel wrote: Well, was not enabled. After setting LogSyslog true Might be worth turning on debug temporarily... clamd.conf and freshclam.conf # Enable debug messages in libclamav. # Default: no ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help: clamd stops after starting without any error message
Ok, enabled debug. Find attached the output of service clamav-daemon start > /tmp/clamd_start.log 2>&1 at the end it says: LibClamAV debug: main.msb loaded LibClamAV debug: Ignoring signature Win.Trojan.AT-8 LibClamAV debug: Ignoring signature Win.Trojan.Agent-653 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-53 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-60 LibClamAV debug: Ignoring signature Win.Trojan.Qhost-106 Killed ...fail! To check where "Killed" is coming from I directly started clamd: /usr/sbin/clamd and it prints "Killed" at the end. I think the " ...fail!" is from "service". So I googled again with this hint (never saw this before) and found this: http://forums.interworx.com/threads/8501-Clamd-being-killed which brought me to the idea to monitor resource usage: Connecting with two shells and running a "top" before starting clamd I see that 1. ~480 MBs RAM is free before starting clamd (server has a total of 1 GB RAM) 2. Starting clamd consumes all the free memory and stops with "Killed" Seems as if the free RAM is no more enough for clamd, but I am wondering why it consumes so much memory? Is this normal? Is there a chance to fix that by change of configuration? I googled but have not found a good answer yet. Only "remove clamav" which is not what I want to do. Torge Am 19.04.2017 um 12:43 schrieb Steve Basford: On Wed, April 19, 2017 10:13 am, Torge Riedel wrote: Well, was not enabled. After setting LogSyslog true Might be worth turning on debug temporarily... clamd.conf and freshclam.conf # Enable debug messages in libclamav. # Default: no ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help: clamd stops after starting without any error message
On Wed, April 19, 2017 10:13 am, Torge Riedel wrote: > Well, was not enabled. After setting > > > LogSyslog true Might be worth turning on debug temporarily... clamd.conf and freshclam.conf # Enable debug messages in libclamav. # Default: no -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Need help: clamd stops after starting without any error message
Well, was not enabled. After setting LogSyslog true I get the following output: Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: Received 0 file descriptor(s) from systemd. Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: Log file size limited to 4294967295 bytes. Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: Reading databases from /var/lib/clamav Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: Not loading PUA signatures. Apr 19 11:12:26 vps-1022479-8049 clamd[7007]: Bytecode: Security mode set to "TrustSigned". Apr 19 11:12:36 vps-1022479-8049 clamd[7007]: Loaded 6267692 signatures. Am 19.04.2017 um 10:55 schrieb Dino Edwards: Anything in syslog? -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Torge Riedel Sent: Wednesday, April 19, 2017 4:42 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Need help: clamd stops after starting without any error message Hi, I'm using clamav on my server (Ubuntu 12.04 LTS) for long time without any problem. Now I get messages from amavis that it cannot connect to socket /var/run/clamav/clamd.ctl The file exists and the file clamd.pid exists too, but there is no running process with this PID. If I execute service clamav-daemon start these two files are updated and a clamd-process is running for some seconds, then it stops. This is all I get in /var/log/clamav/clamav.log: Wed Apr 19 10:25:11 2017 -> +++ Started at Wed Apr 19 10:25:11 2017 Wed Apr 19 10:25:11 2017 -> Received 0 file descriptor(s) from systemd. Wed Apr 19 10:25:11 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Apr 19 10:25:11 2017 -> Running as user clamav (UID 113, GID 119) Wed Apr 19 10:25:11 2017 -> Log file size limited to 4294967295 bytes. Wed Apr 19 10:25:11 2017 -> Reading databases from /var/lib/clamav Wed Apr 19 10:25:11 2017 -> Not loading PUA signatures. Wed Apr 19 10:25:11 2017 -> Bytecode: Security mode set to "TrustSigned". Wed Apr 19 10:25:22 2017 -> Loaded 6267692 signatures. Wed Apr 19 10:25:24 2017 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Setting connection queue length to 15 Wed Apr 19 10:25:24 2017 -> Limits: Global size limit set to 104857600 bytes. Wed Apr 19 10:25:24 2017 -> Limits: File size limit set to 26214400 bytes. Wed Apr 19 10:25:24 2017 -> Limits: Recursion level limit set to 10. Wed Apr 19 10:25:24 2017 -> Limits: Files limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxPartitions limit set to 50. Wed Apr 19 10:25:24 2017 -> Limits: MaxIconsPE limit set to 100. Wed Apr 19 10:25:24 2017 -> Limits: MaxRecHWP3 limit set to 16. Wed Apr 19 10:25:24 2017 -> Limits: PCREMatchLimit limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: PCRERecMatchLimit limit set to 5000. Wed Apr 19 10:25:24 2017 -> Limits: PCREMaxFileSize limit set to 25. Wed Apr 19 10:25:24 2017 -> Archive support enabled. Wed Apr 19 10:25:24 2017 -> Algorithmic detection enabled. Wed Apr 19 10:25:24 2017 -> Portable Executable support enabled. Wed Apr 19 10:25:24 2017 -> ELF support enabled. Wed Apr 19 10:25:24 2017 -> Mail files support enabled. Wed Apr 19 10:25:24 2017 -> OLE2 support enabled. Wed Apr 19 10:25:24 2017 -> PDF support enabled. Wed Apr 19 10:25:24 2017 -> SWF support enabled. Wed Apr 19 10:25:24 2017 -> HTML support enabled. Wed Apr 19 10:25:24 2017 -> XMLDOCS support enabled. Wed Apr 19 10:25:24 2017 -> HWP3 support enabled. Wed Apr 19 10:25:24 2017 -> Self checking every 3600 seconds. Any help is appreciated. I read the FAQ and googled but did not found any helpful solution. Thanks in advance Torge ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _
Re: [clamav-users] Need help: clamd stops after starting without any error message
Anything in syslog? -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Torge Riedel Sent: Wednesday, April 19, 2017 4:42 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Need help: clamd stops after starting without any error message Hi, I'm using clamav on my server (Ubuntu 12.04 LTS) for long time without any problem. Now I get messages from amavis that it cannot connect to socket /var/run/clamav/clamd.ctl The file exists and the file clamd.pid exists too, but there is no running process with this PID. If I execute service clamav-daemon start these two files are updated and a clamd-process is running for some seconds, then it stops. This is all I get in /var/log/clamav/clamav.log: Wed Apr 19 10:25:11 2017 -> +++ Started at Wed Apr 19 10:25:11 2017 Wed Apr 19 10:25:11 2017 -> Received 0 file descriptor(s) from systemd. Wed Apr 19 10:25:11 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Apr 19 10:25:11 2017 -> Running as user clamav (UID 113, GID 119) Wed Apr 19 10:25:11 2017 -> Log file size limited to 4294967295 bytes. Wed Apr 19 10:25:11 2017 -> Reading databases from /var/lib/clamav Wed Apr 19 10:25:11 2017 -> Not loading PUA signatures. Wed Apr 19 10:25:11 2017 -> Bytecode: Security mode set to "TrustSigned". Wed Apr 19 10:25:22 2017 -> Loaded 6267692 signatures. Wed Apr 19 10:25:24 2017 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Setting connection queue length to 15 Wed Apr 19 10:25:24 2017 -> Limits: Global size limit set to 104857600 bytes. Wed Apr 19 10:25:24 2017 -> Limits: File size limit set to 26214400 bytes. Wed Apr 19 10:25:24 2017 -> Limits: Recursion level limit set to 10. Wed Apr 19 10:25:24 2017 -> Limits: Files limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxPartitions limit set to 50. Wed Apr 19 10:25:24 2017 -> Limits: MaxIconsPE limit set to 100. Wed Apr 19 10:25:24 2017 -> Limits: MaxRecHWP3 limit set to 16. Wed Apr 19 10:25:24 2017 -> Limits: PCREMatchLimit limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: PCRERecMatchLimit limit set to 5000. Wed Apr 19 10:25:24 2017 -> Limits: PCREMaxFileSize limit set to 25. Wed Apr 19 10:25:24 2017 -> Archive support enabled. Wed Apr 19 10:25:24 2017 -> Algorithmic detection enabled. Wed Apr 19 10:25:24 2017 -> Portable Executable support enabled. Wed Apr 19 10:25:24 2017 -> ELF support enabled. Wed Apr 19 10:25:24 2017 -> Mail files support enabled. Wed Apr 19 10:25:24 2017 -> OLE2 support enabled. Wed Apr 19 10:25:24 2017 -> PDF support enabled. Wed Apr 19 10:25:24 2017 -> SWF support enabled. Wed Apr 19 10:25:24 2017 -> HTML support enabled. Wed Apr 19 10:25:24 2017 -> XMLDOCS support enabled. Wed Apr 19 10:25:24 2017 -> HWP3 support enabled. Wed Apr 19 10:25:24 2017 -> Self checking every 3600 seconds. Any help is appreciated. I read the FAQ and googled but did not found any helpful solution. Thanks in advance Torge ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Need help: clamd stops after starting without any error message
Hi, I'm using clamav on my server (Ubuntu 12.04 LTS) for long time without any problem. Now I get messages from amavis that it cannot connect to socket /var/run/clamav/clamd.ctl The file exists and the file clamd.pid exists too, but there is no running process with this PID. If I execute service clamav-daemon start these two files are updated and a clamd-process is running for some seconds, then it stops. This is all I get in /var/log/clamav/clamav.log: Wed Apr 19 10:25:11 2017 -> +++ Started at Wed Apr 19 10:25:11 2017 Wed Apr 19 10:25:11 2017 -> Received 0 file descriptor(s) from systemd. Wed Apr 19 10:25:11 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Wed Apr 19 10:25:11 2017 -> Running as user clamav (UID 113, GID 119) Wed Apr 19 10:25:11 2017 -> Log file size limited to 4294967295 bytes. Wed Apr 19 10:25:11 2017 -> Reading databases from /var/lib/clamav Wed Apr 19 10:25:11 2017 -> Not loading PUA signatures. Wed Apr 19 10:25:11 2017 -> Bytecode: Security mode set to "TrustSigned". Wed Apr 19 10:25:22 2017 -> Loaded 6267692 signatures. Wed Apr 19 10:25:24 2017 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Wed Apr 19 10:25:24 2017 -> LOCAL: Setting connection queue length to 15 Wed Apr 19 10:25:24 2017 -> Limits: Global size limit set to 104857600 bytes. Wed Apr 19 10:25:24 2017 -> Limits: File size limit set to 26214400 bytes. Wed Apr 19 10:25:24 2017 -> Limits: Recursion level limit set to 10. Wed Apr 19 10:25:24 2017 -> Limits: Files limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Wed Apr 19 10:25:24 2017 -> Limits: MaxPartitions limit set to 50. Wed Apr 19 10:25:24 2017 -> Limits: MaxIconsPE limit set to 100. Wed Apr 19 10:25:24 2017 -> Limits: MaxRecHWP3 limit set to 16. Wed Apr 19 10:25:24 2017 -> Limits: PCREMatchLimit limit set to 1. Wed Apr 19 10:25:24 2017 -> Limits: PCRERecMatchLimit limit set to 5000. Wed Apr 19 10:25:24 2017 -> Limits: PCREMaxFileSize limit set to 25. Wed Apr 19 10:25:24 2017 -> Archive support enabled. Wed Apr 19 10:25:24 2017 -> Algorithmic detection enabled. Wed Apr 19 10:25:24 2017 -> Portable Executable support enabled. Wed Apr 19 10:25:24 2017 -> ELF support enabled. Wed Apr 19 10:25:24 2017 -> Mail files support enabled. Wed Apr 19 10:25:24 2017 -> OLE2 support enabled. Wed Apr 19 10:25:24 2017 -> PDF support enabled. Wed Apr 19 10:25:24 2017 -> SWF support enabled. Wed Apr 19 10:25:24 2017 -> HTML support enabled. Wed Apr 19 10:25:24 2017 -> XMLDOCS support enabled. Wed Apr 19 10:25:24 2017 -> HWP3 support enabled. Wed Apr 19 10:25:24 2017 -> Self checking every 3600 seconds. Any help is appreciated. I read the FAQ and googled but did not found any helpful solution. Thanks in advance Torge ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml