HELP! clamd keeps stopping
HELP! clamd keeps stopping
Hi,
Again today clamd just stopped. The maillog shows:
Feb 17 20:59:31 godslove X-Qmail-Scanner-2.02st: [godslove.designhosting.biz123492237079130197] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512$
Feb 17 20:59:32 godslove pop3d: Connection, ip=[70.146.204.26]
People on server don't get emails and they are lost.
I restart clamd and it runs for a while.
Where else can I look for why this is happening?
Is there a script I can use to keep clamd running?
Again today clamd just stopped. The maillog shows:
Feb 17 20:59:31 godslove X-Qmail-Scanner-2.02st: [godslove.designhosting.biz123492237079130197] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512$
Feb 17 20:59:32 godslove pop3d: Connection, ip=[70.146.204.26]
People on server don't get emails and they are lost.
I restart clamd and it runs for a while.
Where else can I look for why this is happening?
Is there a script I can use to keep clamd running?
-
- Forum Regular
- Posts: 471
- Joined: Mon Dec 06, 2004 10:43 pm
Re: HELP! clamd keeps stopping
Check your file permissions, make sure the clamd.conf and freshclamd.conf are configured correctly... This usually happens after an upgrade.
Re: HELP! clamd keeps stopping
Hi,
I had already checked the permissions but don't know what I'm missing.
If I run "freshclam" there are no errors.
Is there an exact place to look because clamd will run and then stop so I would think that if the permissions were wrong it wouldn't even run like it did before.
-rw-r--r-- 1 qscand qscand 11412 Jan 24 12:01 clamd.conf
-rw-r--r-- 1 qscand qscand 5165 Jan 24 11:56 freshclam.conf
I had already checked the permissions but don't know what I'm missing.
If I run "freshclam" there are no errors.
Is there an exact place to look because clamd will run and then stop so I would think that if the permissions were wrong it wouldn't even run like it did before.
-rw-r--r-- 1 qscand qscand 11412 Jan 24 12:01 clamd.conf
-rw-r--r-- 1 qscand qscand 5165 Jan 24 11:56 freshclam.conf
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: HELP! clamd keeps stopping
I'm inclined to agree there, an update to the signature databases shouldn't cause that. If it did running the freshclam script should at least make that reproducible. Can you check the logs in /var/log/clamav/?
-
- Forum Regular
- Posts: 471
- Joined: Mon Dec 06, 2004 10:43 pm
Re: HELP! clamd keeps stopping
I've seen this error when the user name gets changed in the conf files. be sure the user name is qscand...
Re: HELP! clamd keeps stopping
Last night I installed dcc, pyzor, and razor and so far this morning clamd is still running.
clamd.log from 2/17/09
freshclam.log from 2/17/09
clamd.log from 2/17/09
Code: Select all
Tue Feb 17 22:20:55 2009 -> No stats for Database check - forcing reload
Tue Feb 17 22:20:55 2009 -> Reading databases from /var/clamav
Tue Feb 17 22:20:55 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123492725479116668/orig-godslove.designhosting.biz123492725479116668: Sanesecurity.Spam.8823.UNOFFICIAL FOUND
Tue Feb 17 22:20:59 2009 -> Database correctly reloaded (959663 signatures)
Tue Feb 17 22:51:01 2009 -> SelfCheck: Database status OK.
Tue Feb 17 22:51:23 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123492908379120929/orig-godslove.designhosting.biz123492908379120929: Sanesecurity.Spam.9634.UNOFFICIAL FOUND
Tue Feb 17 22:51:33 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123492909279120944/orig-godslove.designhosting.biz123492909279120944: Sanesecurity.Spam.9634.UNOFFICIAL FOUND
Tue Feb 17 22:51:55 2009 -> Reading databases from /var/clamav
Tue Feb 17 22:51:55 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123492911479121001/orig-godslove.designhosting.biz123492911479121001: Sanesecurity.Junk.9261.UNOFFICIAL FOUND
Tue Feb 17 22:51:59 2009 -> Database correctly reloaded (959804 signatures)
Wed Feb 18 05:22:44 2009 -> Reading databases from /var/clamav
Wed Feb 18 05:22:51 2009 -> Database correctly reloaded (959867 signatures)
freshclam.log from 2/17/09
ClamAV update process started at Tue Feb 17 05:20:47 2009
main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cld is up to date (version: 8995, sigs: 13152, f-level: 38, builder: guitar)
--------------------------------------
ClamAV update process started at Tue Feb 17 22:51:52 2009
main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
Trying host db.us.clamav.net (168.143.19.95)...
Downloading daily-8996.cdiff [100%]
Downloading daily-8997.cdiff [100%]
Downloading daily-8998.cdiff [100%]
Downloading daily-8999.cdiff [100%]
Downloading daily-9000.cdiff [100%]
daily.cld updated (version: 9000, sigs: 13295, f-level: 38, builder: arnaud)
Database updated (513962 signatures) from db.us.clamav.net (IP: 168.143.19.95)
Clamd successfully notified about the update.
Re: HELP! clamd keeps stopping
qscand is user in clamd.conf file and qscand is DatabaseOwner in freshclam file.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: HELP! clamd keeps stopping
Nothing useful there unfortunately, how about in /var/log/messages?
Re: HELP! clamd keeps stopping
You said:
But those are the configuration files in /etc. You should not be changing the ownership of those files. They should be owned by root.
Instead, you should be changing the ownership of /var/clamd and /var/log/clamd (and all files contained in those directories)
In your case everything should be owned by qscand
Faris.
Code: Select all
-rw-r--r-- 1 qscand qscand 11412 Jan 24 12:01 clamd.conf
-rw-r--r-- 1 qscand qscand 5165 Jan 24 11:56 freshclam.conf
Instead, you should be changing the ownership of /var/clamd and /var/log/clamd (and all files contained in those directories)
In your case everything should be owned by qscand
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: HELP! clamd keeps stopping
I cannot find anything in messages either.
I will check late tonight and early tomorrow morning to see if clamd has stopped.
I will check late tonight and early tomorrow morning to see if clamd has stopped.
Re: HELP! clamd keeps stopping
oops!
I changed those to root owned now in etc.
I have /var/clamav and /var/log/clamav owned as qscand.
I changed those to root owned now in etc.
I have /var/clamav and /var/log/clamav owned as qscand.
Re: HELP! clamd keeps stopping
Hi,
clamd was stopped again this morning. I got 22 messages around 8:15 cst today and about 9:30 one of my clients called saying they were not able to send or receive emails.
/var/log/clamav/clamd.log
Feb 19 05:46:58 godslove clamd[2265]: SelfCheck: Database modification detected. Forcing reload.
Feb 19 05:46:58 godslove clamd[2265]: Reading databases from /var/clamav
I restarted clamd about here:
Feb 19 09:45:08 godslove clamd[20225]: clamd daemon 0.94.2 (OS: linux-gnu, ARCH: i386, CPU: i386)
Feb 19 09:45:08 godslove clamd[20225]: Running as user qscand (UID 10065, GID 103)
Feb 19 09:45:08 godslove clamd[20225]: Log file size limit disabled.
Feb 19 09:45:08 godslove clamd[20225]: Reading databases from /var/clamav
Feb 19 09:45:08 godslove clamd[20225]: Not loading PUA signatures.
Is there a script or something I can setup to keep clamd running?
clamd was stopped again this morning. I got 22 messages around 8:15 cst today and about 9:30 one of my clients called saying they were not able to send or receive emails.
/var/log/clamav/clamd.log
/var/log/messagesThu Feb 19 09:45:08 2009 -> +++ Started at Thu Feb 19 09:45:08 2009
Thu Feb 19 09:45:08 2009 -> clamd daemon 0.94.2 (OS: linux-gnu, ARCH: i386, CPU: i386)
Thu Feb 19 09:45:08 2009 -> Running as user qscand (UID 10065, GID 103)
Thu Feb 19 09:45:08 2009 -> Log file size limit disabled.
Thu Feb 19 09:45:08 2009 -> Reading databases from /var/clamav
Thu Feb 19 09:45:08 2009 -> Not loading PUA signatures.
Thu Feb 19 09:45:13 2009 -> Loaded 960013 signatures.
Thu Feb 19 09:45:13 2009 -> TCP: Bound to address 127.0.0.1 on port 3310
Thu Feb 19 09:45:13 2009 -> TCP: Setting connection queue length to 30
Thu Feb 19 09:45:13 2009 -> LOCAL: Removing stale socket file /tmp/clamd.socket
Thu Feb 19 09:45:13 2009 -> LOCAL: Unix socket file /tmp/clamd.socket
Thu Feb 19 09:45:13 2009 -> LOCAL: Setting connection queue length to 30
Thu Feb 19 09:45:13 2009 -> Limits: Global size limit set to 104857600 bytes.
Thu Feb 19 09:45:13 2009 -> Limits: File size limit set to 26214400 bytes.
Thu Feb 19 09:45:13 2009 -> Limits: Recursion level limit set to 16.
Thu Feb 19 09:45:13 2009 -> Limits: Files limit set to 10000.
Thu Feb 19 09:45:13 2009 -> Archive support enabled.
Thu Feb 19 09:45:13 2009 -> Algorithmic detection enabled.
Thu Feb 19 09:45:13 2009 -> Portable Executable support enabled.
Thu Feb 19 09:45:13 2009 -> ELF support enabled.
Thu Feb 19 09:45:13 2009 -> Detection of broken executables enabled.
Thu Feb 19 09:45:13 2009 -> Mail files support enabled.
Thu Feb 19 09:45:13 2009 -> OLE2 support enabled.
Thu Feb 19 09:45:13 2009 -> PDF support enabled.
Thu Feb 19 09:45:13 2009 -> HTML support enabled.
Thu Feb 19 09:45:13 2009 -> Self checking every 1800 seconds.
Thu Feb 19 09:45:29 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505472879120330/orig-godslove.designhosting.biz123505472879120330: Sanesecurity.Junk.9261.UNOFFICIAL FOUND
Thu Feb 19 09:45:45 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505474479120383/orig-godslove.designhosting.biz123505474479120383: Sanesecurity.Scam.9458.UNOFFICIAL FOUND
Thu Feb 19 09:45:51 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505475179120419/orig-godslove.designhosting.biz123505475179120419: Sanesecurity.Spam.9776.UNOFFICIAL FOUND
Thu Feb 19 09:45:59 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505475779120473/orig-godslove.designhosting.biz123505475779120473: Sanesecurity.Phishing.Cur.10028.UNOFFICIAL FOUND
Thu Feb 19 09:46:05 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505476379120568/orig-godslove.designhosting.biz123505476379120568: Sanesecurity.Spam.9075.UNOFFICIAL FOUND
Thu Feb 19 09:46:09 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505476979120640/orig-godslove.designhosting.biz123505476979120640: Sanesecurity.Hdr.8239.UNOFFICIAL FOUND
Thu Feb 19 09:46:16 2009 -> /var/spool/qscan/tmp/godslove.designhosting.biz123505477679120730/orig-godslove.designhosting.biz123505477679120730: Sanesecurity.Junk.4584.UNOFFICIAL FOUND
It looks like it might have stopped here:Feb 19 09:45:13 godslove clamd[20225]: Loaded 960013 signatures.
Feb 19 09:45:13 godslove clamd[20225]: TCP: Bound to address 127.0.0.1 on port 3310
Feb 19 09:45:13 godslove clamd[20225]: TCP: Setting connection queue length to 30
Feb 19 09:45:13 godslove clamd[20225]: LOCAL: Removing stale socket file /tmp/clamd.socket
Feb 19 09:45:13 godslove clamd[20225]: LOCAL: Unix socket file /tmp/clamd.socket
Feb 19 09:45:13 godslove clamd[20225]: LOCAL: Setting connection queue length to 30
Feb 19 09:45:13 godslove clamd[20299]: Limits: Global size limit set to 104857600 bytes.
Feb 19 09:45:13 godslove clamd[20299]: Limits: File size limit set to 26214400 bytes.
Feb 19 09:45:13 godslove clamd[20299]: Limits: Recursion level limit set to 16.
Feb 19 09:45:13 godslove clamd[20299]: Limits: Files limit set to 10000.
Feb 19 09:45:13 godslove clamd[20299]: Archive support enabled.
Feb 19 09:45:13 godslove clamd[20299]: Algorithmic detection enabled.
Feb 19 09:45:13 godslove clamd[20299]: Portable Executable support enabled.
Feb 19 09:45:13 godslove clamd[20299]: ELF support enabled.
Feb 19 09:45:13 godslove clamd[20299]: Detection of broken executables enabled.
Feb 19 09:45:13 godslove clamd[20299]: Mail files support enabled.
Feb 19 09:45:13 godslove clamd[20299]: OLE2 support enabled.
Feb 19 09:45:13 godslove clamd[20299]: PDF support enabled.
Feb 19 09:45:13 godslove clamd[20299]: HTML support enabled.
Feb 19 09:45:13 godslove clamd[20299]: Self checking every 1800 seconds.
Feb 19 09:45:29 godslove clamd[20299]: /var/spool/qscan/tmp/godslove.designhosting.biz123505472879120330/orig-godslove.designhosting.biz123505472879120330: Sanesecurity.Junk.9261.UNOFFICIAL FOUND
Feb 19 05:46:58 godslove clamd[2265]: SelfCheck: Database modification detected. Forcing reload.
Feb 19 05:46:58 godslove clamd[2265]: Reading databases from /var/clamav
I restarted clamd about here:
Feb 19 09:45:08 godslove clamd[20225]: clamd daemon 0.94.2 (OS: linux-gnu, ARCH: i386, CPU: i386)
Feb 19 09:45:08 godslove clamd[20225]: Running as user qscand (UID 10065, GID 103)
Feb 19 09:45:08 godslove clamd[20225]: Log file size limit disabled.
Feb 19 09:45:08 godslove clamd[20225]: Reading databases from /var/clamav
Feb 19 09:45:08 godslove clamd[20225]: Not loading PUA signatures.
Is there a script or something I can setup to keep clamd running?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: HELP! clamd keeps stopping
Yup, check out psmon
Re: HELP! clamd keeps stopping
Scott,
Your psmon doesn't work and don't know about other places.
Did any of those logs help?
Your psmon doesn't work and don't know about other places.
Did any of those logs help?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: HELP! clamd keeps stopping
It works great, we use it in ASL. And no, theres nothing in those logs I'm afraid