I'd just like to ask whether a solution was ever found to this? I think I have a similar problem here. The difference though, is that mine is happening within a couple of minutes of starting the clamav-daemon and my server is newly built following Ubuntu Perfect Server tutorial (Ubuntu 18.04 and ISPConfig 3.1 dev) and it has 8GB of ram and very light load.
Had the same issue today and found this thread helpful, as the idea is: - set clamav log level verbosity up - start clamav-daemon - check the log for errors - start clamav-daemon again - use free -h repeatedly - see how free RAM goes down as well SWAP does My solution was: add more RAM to the VM (512 MB was too less even for a newly set up ISPconfig 3.1 system with just one fresh WordPress install)
Sometimes it makes sense to read the manual of a software, before using it: https://www.clamav.net/documents/introduction As stated above, the problem is that the virus signatures need to be in ram while scanning. And they are big now ... Important is the sentence below that requirements: So if you have web/mail/php/etc.. running, you should add correspondingly more ram. (For example, if you allow your php process(es) to use 512MB ram, your minimum rises to 1,5GB.)
You are completly right with that - I did the mistake just reading the ISPconfig requirements - but this is only part of the whole picture. So, for good: service creashed while setting up and not in productive state. Lession learned.
Hi Till, is there a website ispconfig.org? I just use howtoforge - just kidding. You yourself just mention the base server install as a requirement (with me: Debian 10) - with this I comply (https://www.ispconfig.org/ispconfig/) And Debian 10 states on https://www.debian.org/releases/stable/i386/ch02s05.de.html and https://www.debian.org/releases/stable/i386/ch03s04.de.html a minimum of 256 MB or 400 MB - and 512 MB as recommended. But to be honest, I think at least the second page is outdated. So finally your question is legitimate - you don't state in deep minimum requirements, I linked the chain and did not remember correctly where I read it.
have the same issue on three servers, at least on is is a system with very low traffic as it is at my home and nearly no load getting only my private mails, it is just mail server. 2 GB mem an half GB swap, just scanning mails and forward them to a backend mail system So memory should not be an issue. But it is crashing daily since last updates like two others. I have increased loglevel now and will see what happens Rainer.
What do you base your statement on? Your swap is almost completely used! If a process needs 1GB of ram (like scanning a mail for viruses) it will fail. If enough ram is available, swap will not be used. So that it was used is an indication, that there was not enough ram. If you really only have a mail server running, you should investigate, which processes eat up your memory! The recommendations on swap sizes vary, but usually people recommend 2x ram size for systems with 2GB or less of ram. For your system that would be 4GB of swap. If you do that, there is a good chance, your problem will disappear (apart from a slow system because of swapping)
What do you base your statement on, SWAP is about 25% free, RAM is about 25% free. I ran especially this server since 1 and half year in this configuration without any problems. Crashing clamav starts in the last days after latest OS Updates One other server ran fine since more than 2 years with Jessy, crashing starts after update to Buster, third server runs fine with Stretch a long time crashing starts with update to Buster. So do Buster need so much more RAM?
It is possible. Newer versions of software tend to use more memory. Feature creep, not conserving memory so much since systems have more memory and memory is cheaper, taking advantage of bigger memory etc..
Buster itself probably not. Although the minimum requirements increased a bit (from 128 MB to 256 MB) Buster: https://www.debian.org/releases/buster/amd64/ch03s04.en.html Stretch: https://www.debian.org/releases/stretch/amd64/ch03s04.html.en But "The minimum value assumes that swap will be enabled". The minimum requirement is just to get the system started. Then swap is needed for operation. Beware that "minimum" means: without any application. The problem with upgrading to buster might be that also all the applications get an update. Usually, newer versions need more ram (more functions, and developers don't care). But why not read the logfiles? Search for "amavis" in your mail log (/var/log/mail.log or via ISPC Webinterface). It will tell you why checking failed.
Server ist installed follow the buster minimal installation tutorial from Till and followed the Buster perfect server tutorial from Till too. Looking at log files is the first I do, but I the mail log I can't find any reason for the crash. Same in the clamav log, I have set the clamav log too verbose now and I am waiting the next crash
when scanning, clamav keeps the virus definitions in memory. there are a lot of virus definitions there, and the number most certainly isn't going down. this means the memory clamav needs is going up. all the time. clamav will easily use up 500MB of memory. and that will be physical memory, not swap. you can choose to use clamd, which will use that memory ALL the time, or clamscan, which will load the virus definitions into memory and run a scan when a new email arrives, it'll use the same amount of memory, just not all the time. here's a good explanation i found online: so basically, make sure you have enough free physical memory for clamscan, (and don't forget if it's doing something, it's because other applications are actively doing something, so these other processes are likely using more resources themselves, so you can't rely on free memory numbers when nothing's happening as being enough.) or expect process to get killed with OOM warnings.
This is definitely caused by lack of memory ... you can see it happening here in my console. root@mail:~# systemctl restart clamav-daemon.service - starting clamav-daemon.service here root@mail:~# systemctl status clamav-daemon.service - checking the status - it's running ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Mon 2021-05-17 00:19:27 PDT; 3s ago Docs: man:clamd(8) man:clamd.conf(5) Process: 498946 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 498947 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Main PID: 498948 (clamd) Tasks: 1 (limit: 2339) Memory: 363.0M CGroup: /system.slice/clamav-daemon.service └─498948 /usr/sbin/clamd --foreground=true May 17 00:19:27 mail.xxxxxxxx.com systemd[1]: Starting Clam AntiVirus userspace daemon... May 17 00:19:27 mail.xxxxxxxx.com systemd[1]: Started Clam AntiVirus userspace daemon. root@mail:~# free -h - checking free memory here total used free shared buff/cache available Mem: 1.9Gi 1.3Gi 122Mi 12Mi 492Mi 446Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.5Gi 73Mi 12Mi 385Mi 289Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.6Gi 70Mi 12Mi 228Mi 130Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.7Gi 66Mi 12Mi 182Mi 80Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 74Mi 12Mi 95Mi 38Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 60Mi 12Mi 63Mi 7.0Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.5Gi 344Mi 12Mi 71Mi 295Mi Swap: 0B 0B 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 918Mi 974Mi 12Mi 90Mi 935Mi Swap: 0B 0B 0B root@mail:~# systemctl status clamav-daemon.service - free memory goes back to normal clamav has crashed ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: failed (Result: signal) since Mon 2021-05-17 00:19:51 PDT; 4s ago Docs: man:clamd(8) man:clamd.conf(5) Process: 498946 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 498947 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 498948 ExecStart=/usr/sbin/clamd --foreground=true (code=killed, signal=KILL) Main PID: 498948 (code=killed, signal=KILL) May 17 00:19:27 mail.xxxxxxxx.com systemd[1]: Starting Clam AntiVirus userspace daemon... May 17 00:19:27 mail.xxxxxxxx.com systemd[1]: Started Clam AntiVirus userspace daemon. May 17 00:19:51 mail.xxxxxxxx.com systemd[1]: clamav-daemon.service: Main process exited, code=kill You should have at least 4GB ram with 3GB Free maybe a memory leak in the code. Adding swap space will decrease the servers over-all performance.
No. If amount of RAM is constant, adding swap disk does not make system slower. It can make system faster, when not right now used items are moved from RAM to swap, thus freeing RAM for other uses. Of course disk is slower than memory, so if you modify a system with 8 GB memory and no swap, to have 4 GB memory and 4 GB swap then the system does get slower. This slowing is due to the reduced amount of memory, not swap. Of course you do not believe me. so use Internet Search Engines with Code: Adding swap space will decrease the servers over-all performance. to find info on the subject.
Ya...I really should test this myself. I was just repeating what I've heard...sorry about that. I did test with more ram and it works perfectly. I can tell from my tests that clamav-daemon uses about 1.2GB memory when running. I only had 2GB of memory when I did itintial test. Thanks for the insight though. I will add swap on the other server and see how it performs.
Okay...here is clamav-daemon runing on 2GB of ram with 1 allocated to swap. total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 63Mi 3.0Mi 60Mi 14Mi Swap: 1.0Gi 1.0Gi 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 53Mi 3.0Mi 61Mi 4.0Mi Swap: 1.0Gi 1.0Gi 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 56Mi 3.0Mi 55Mi 4.0Mi Swap: 1.0Gi 1.0Gi 0B root@mail:~# free -h total used free shared buff/cache available Mem: 1.9Gi 1.8Gi 51Mi 3.0Mi 57Mi 0.0Ki Swap: 1.0Gi 1.0Gi 0B root@mail:~# sudo systemctl status clamav-daemon ● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Mon 2021-05-17 04:56:53 PDT; 5min ago Docs: man:clamd(8) man:clamd.conf(5) Process: 510723 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 510724 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Main PID: 510725 (clamd) Tasks: 2 (limit: 2339) Memory: 1.2G CGroup: /system.slice/clamav-daemon.service └─510725 [clamd] May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> ELF support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> Mail files support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> OLE2 support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> PDF support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> SWF support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> HTML support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> XMLDOCS support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> HWP3 support enabled. May 17 04:57:21 mail.xxxxxxx.com clamd[510725]: Mon May 17 04:57:21 2021 -> Self checking every 3600 seconds. May 17 05:00:51 mail.xxxxxxx.com clamd[510725]: Mon May 17 05:00:51 2021 -> Reading databases from /var/lib/clamav It used all of the swap but it's still running and postfix works well.
I would make 4 GB swap space, now your 1 GB swap is full all the time. That 4 GB is my new rule of thumb for swap size. Please post listings in CODE tags. See this info: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
