ClearOS 7 Business Edition, Silver current to 9/2020
Happens periodically. Has gone several weeks between issues. Have seen it on a few other COS 7 boxes but it is consistently breaking on this one. Last two mornings are most recent. Mail comes in with [UNCHECKED] in subject line. Check maillog reports:
Oct 31 05:20:17 lgedge amavis[4850]: (04850-09) (!)ClamAV-clamd av-scanner FAILED: run_av error: ask_daemon_internal: Exceeded allowed time at (eval 128) line 611.\n
but clamd.log reports (looks normal to my untrained eye):
Thu Oct 31 05:15:22 2019 -> SelfCheck: Database modification detected. Forcing reload.
Thu Oct 31 05:15:24 2019 -> Reading databases from /var/lib/clamav
Thu Oct 31 05:20:23 2019 -> Database correctly reloaded (6608708 signatures)
Thu Oct 31 05:20:46 2019 -> Pid file removed.
Thu Oct 31 05:20:46 2019 -> --- Stopped at Thu Oct 31 05:20:46 2019
Thu Oct 31 05:20:46 2019 -> Socket file removed.
Thu Oct 31 05:20:46 2019 -> +++ Started at Thu Oct 31 05:20:46 2019
Thu Oct 31 05:20:46 2019 -> Received 0 file descriptor(s) from systemd.
Thu Oct 31 05:20:46 2019 -> clamd daemon 0.101.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Oct 31 05:20:46 2019 -> Running as user clam (UID 989, GID 988)
Thu Oct 31 05:20:46 2019 -> Log file size limited to 4294967295 bytes.
Thu Oct 31 05:20:46 2019 -> Reading databases from /var/lib/clamav
Thu Oct 31 05:20:46 2019 -> Not loading PUA signatures.
So far the restarting services has not fixed it but I may not be doing a specific order. What "fixes" it is to uninstall mail antivirus and gateway antivirus which removes content filtering and clamav tools and reinstall from the Marketplace.
Need to get this behaving a bit more stable. I'm still digging but will welcome all ideas?
Happens periodically. Has gone several weeks between issues. Have seen it on a few other COS 7 boxes but it is consistently breaking on this one. Last two mornings are most recent. Mail comes in with [UNCHECKED] in subject line. Check maillog reports:
Oct 31 05:20:17 lgedge amavis[4850]: (04850-09) (!)ClamAV-clamd av-scanner FAILED: run_av error: ask_daemon_internal: Exceeded allowed time at (eval 128) line 611.\n
but clamd.log reports (looks normal to my untrained eye):
Thu Oct 31 05:15:22 2019 -> SelfCheck: Database modification detected. Forcing reload.
Thu Oct 31 05:15:24 2019 -> Reading databases from /var/lib/clamav
Thu Oct 31 05:20:23 2019 -> Database correctly reloaded (6608708 signatures)
Thu Oct 31 05:20:46 2019 -> Pid file removed.
Thu Oct 31 05:20:46 2019 -> --- Stopped at Thu Oct 31 05:20:46 2019
Thu Oct 31 05:20:46 2019 -> Socket file removed.
Thu Oct 31 05:20:46 2019 -> +++ Started at Thu Oct 31 05:20:46 2019
Thu Oct 31 05:20:46 2019 -> Received 0 file descriptor(s) from systemd.
Thu Oct 31 05:20:46 2019 -> clamd daemon 0.101.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Oct 31 05:20:46 2019 -> Running as user clam (UID 989, GID 988)
Thu Oct 31 05:20:46 2019 -> Log file size limited to 4294967295 bytes.
Thu Oct 31 05:20:46 2019 -> Reading databases from /var/lib/clamav
Thu Oct 31 05:20:46 2019 -> Not loading PUA signatures.
So far the restarting services has not fixed it but I may not be doing a specific order. What "fixes" it is to uninstall mail antivirus and gateway antivirus which removes content filtering and clamav tools and reinstall from the Marketplace.
Need to get this behaving a bit more stable. I'm still digging but will welcome all ideas?
Share this post:
Responses (4)
-
Accepted Answer
Nick Howitt wrote:
The single threaded performance of your processor is quite low. Can you try stopping clamd then time its startup?
Tried three times. 1st time services failed to start, rebooted after 6 minutes. 2nd time 4min, 6sec. 3rd time 4 min, 5 sec.
Trying changing clamd.conf turning on verbose logging and increasing ReadTimeout to 400. -
Accepted Answer
-
Accepted Answer
Appreciate you thinking through it with me, Nick.
From System Details.... It is a supermicro 1U box, Intel(R) Atom(TM) CPU C2550 @ 2.41GHz, Memory Size 15.5 GB, Load 0.19 0.35 0.29. There is also an 8GB swap but I don't remember seeing it used. Drives are Samsung 750 EVO SSDs in RAID1. Firewall duties, mail prefiltering, and one IPSEC VPN.
I had noted that as well the last time it happened on 10/8. It failed again this morning for a couple of minutes at 5:39am and at 7:49am when we were also experiencing bandwidth issues from ISP. Found unfinished transactions this morning when installing hdparm and cleared those with "yum-complete-transaction" which cleared the transactions. It found one transaction with four elements all dealing with app-antivirus-core, app-file-scan, clamav, app-antimalware, app-antiphishing, app-mail-antivirus, and app-content-filter. May be due to the uninstall/reinstall process yesterday.
I believe I had also checked to make sure we had no other repositories install other than the standard ClearOS ones last time this happened from a thread I had found. -
Accepted Answer
All I can do is google the error. If it happens straight after a database update (freshclam) then it may be that your system is under powered. You can change the start up timeout in /usr/lib/systemd/system/clamd.service but it is already allowed up to 300s to start. What is your processor and how much memory do you have?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »