clamd: down

Hi guys,

I'm using the perfect stretch server with apache and so far so good.

Recently, I've been digging in /var/log/mail.log to understant what was going on and preparing myself to tune my email settings (postfix with external smtp, spf, dkim, dmarc, etc.) and I've seen few set of errors repeating themselves as showned in the code below.

After few research on the forum, I assumed that clamd was down.
Once clamd and amavis restarted, I do not get this error anymore.

The question are
- why clamd was down ? I know it is a broad question but what may be the usual cause ? or what should be checked ?
- how could i know that clamd was down without digging in mail.log ? ok mysql server do not let me know when it is down but it is visible, in this case no really. how do you deal with that ? how do you monitor that clamd and more broadly the service expecter to run are actually running ?
- finally insn't it supposed to restart by it's own ?

Thnak's for your guidances

Code:

Apr 23 22:23:38 vpsXXXXXX amavis[6100]: (06100-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:38 vpsXXXXXX amavis[6099]: (06099-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:39 vpsXXXXXX amavis[6100]: (06100-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:39 vpsXXXXXX amavis[6100]: (06100-10) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)                                                                 │
Apr 23 22:23:39 vps4XXXXXX amavis[6099]: (06099-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:39 vpsXXXXXX amavis[6099]: (06099-12) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)                                                                 │
Apr 23 22:23:45 vpsXXXXXX amavis[6100]: (06100-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:45 vpsXXXXXX amavis[6100]: (06100-10) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/c│
Apr 23 22:23:45 vpsXXXXXX amavis[6100]: (06100-10) (!)WARN: all primary virus scanners failed, considering backups                                       

Apr 23 22:23:45 vpsXXXXXX amavis[6099]: (06099-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory                │
Apr 23 22:23:45 vpsXXXXXX amavis[6099]: (06099-12) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/c│
Apr 23 22:23:45 vpsXXXXXX amavis[6099]: (06099-12) (!)WARN: all primary virus scanners failed, considering backups  

 

One reason I have seen is clamd running out of memory and crashing. But this should show in /var/log/syslog.

Code:

systemctl status clamav-daemon.service