Problem with clamav when receive mail

Hi,

I have a problem on my small VPS (2GO of RAM) when I receive mail on ispconfig 3.2.2

On my VPS I have only two website (small), and recently I have try to set some email adresses on ispconfig.

All works well for send e-mail from webmail, but when I receive mail I got in the subject of mail an extra text

When I look in my logs, in syslog I see a problem with clamav :

Code:

Feb  9 21:00:56 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Feb  9 21:00:57 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Feb  9 21:00:57 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Feb  9 21:01:01 mydomain CRON[18981]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
Feb  9 21:01:01 mydomain CRON[18982]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
Feb  9 21:01:03 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Feb  9 21:01:03 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
Feb  9 21:01:03 mydomain amavis[21895]: (21895-10) (!)WARN: all primary virus scanners failed, considering backups
Feb  9 21:01:20 mydomain amavis[21895]: (21895-10) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Warning: **************************************************\nLibClamAV Warning: ***  The virus database is older than 7 days!  ***\nLibClamAV Warning: ***   Please update it as soon as possible.    ***\nLibClamAV Warning: **************************************************\nLibClamAV Error: mpool_malloc(): Can't allocate memory (266240 bytes).\nLibClamAV Error: hm_addhash_bin: failed to grow hash array to 8193 entries\nLibClamAV Error: cli_loadhash: Malformed hash string at line 2330054\nLibClamAV Error: cli_loadhash: Problem parsing database at line 2330054\nLibClamAV Error: Can't load main.mdb: Can't allocate memory\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database"
Feb  9 21:01:20 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Warning: **************************************************\nLibClamAV Warning: ***  The virus database is older than 7 days!  ***\nLibClamAV Warning: ***   Please update it as soon as possible.    ***\nLibClamAV Warning: **************************************************\nLibClamAV Error: mpool_malloc(): Can't allocate memory (266240 bytes).\nLibClamAV Error: hm_addhash_bin: failed to grow hash array to 8193 entries\nLibClamAV Error: cli_loadhash: Malformed hash string at line 2330054\nLibClamAV Error: cli_loadhash: Problem parsing database at line 2330054\nLibClamAV Error: Can't load main.mdb: Can't allocate memory\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" at (eval 113...
Feb  9 21:01:20 mydomain amavis[21895]: (21895-10) (!)...) line 951.
Feb  9 21:01:20 mydomain amavis[21895]: (21895-10) (!!)AV: ALL VIRUS SCANNERS FAILED

I don't know if my problem come from this, but in the lot I see "Can't allocate memory" but in the forum I have see that some people have no problem with VPS 2GO for run clamAV.

Also I have try to do

and I get :

Code:

clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: failed (Result: exit-code) since Thu 2023-02-09 20:58:45 CET; 33min ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Process: 18425 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE)
  Process: 18426 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
  Process: 18428 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE)
 Main PID: 18428 (code=exited, status=1/FAILURE)

Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_mpool_strdup(): Can't allocate memory (24 bytes).
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_loadhash: Problem parsing database at line 2578087
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: Can't load main.mdb: Malformed database
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_tgzload: Can't load main.mdb
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database
Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld
Feb 09 20:58:45 mydomain.com clamd[18428]: Thu Feb  9 20:58:45 2023 -> !Malformed database
Feb 09 20:58:45 mydomain.com systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Feb 09 20:58:45 mydomain.com systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.

Have you an idea of why I get this errors and how can I try to resolve them ?

Thanks

 

2gb ram is no problem so long you provided a swap file of about 4gb as its backup.

 

Thanks for your answers, I think that I haven't swap space (I never configure it)

When I do a "top" command I get :

Code:

MiB Mem :   1949.7 total,   1120.4 free,    619.9 used,    209.4 buff/cache
MiB Swap:      0.0 total,      0.0 free,      0.0 used.   1149.8 avail Mem

And with "free -h" command I get :

Code:

              total        used        free      shared  buff/cache   available
Mem:          1.9Gi       618Mi       1.1Gi        40Mi       209Mi       1.1Gi
Swap:            0B          0B          0B

Can I create a swap partition on a VPS ? You have an advise link for do this ?

Also for freshclam I juste need to execute the command "freshclam" for update, but I have not found how delete the database before update ?

Thanks for your help

 

Thanks for your help till,

I use debian 10 for linux distribution, how can I process to create a swap file ?

For freshclam I have try to run freshclam but I was getting an error, so I have try :

Code:

apt update
apt upgrade clamav

And now the freshclam database are good update and also the "freshclam" command seems to works:

Code:

Fri Feb 10 21:25:48 2023 -> freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Fri Feb 10 21:25:48 2023 -> ClamAV update process started at Fri Feb 10 21:25:48 2023
Fri Feb 10 21:25:48 2023 -> daily.cvd database is up-to-date (version: 26808, sigs: 2020417, f-level: 90, builder: raynman)
Fri Feb 10 21:25:48 2023 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Feb 10 21:25:48 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

Also I have a little question about this, I am always afraid to do an "apt update and apt-upgrade" with a server in production,
should I avoid doing this for not breaking something ? or on the contrary should I always keep the system up to date?

But I still get the same error when I receive a new mail (probably because of no swap file / memory limit):

Code:

Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_mpool_strdup(): Can't allocate memory (25 bytes).\nLibClamAV Error: cli_loadhash: Problem parsing database at line 3234234\nLibClamAV Error: Can't load main.mdb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database"
Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_mpool_strdup(): Can't allocate memory (25 bytes).\nLibClamAV Error: cli_loadhash: Problem parsing database at line 3234234\nLibClamAV Error: Can't load main.mdb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" at (eval 113) line 951.
Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!!)AV: ALL VIRUS SCANNERS FAILED

Thanks

 

Thanks for your help till, my server is update and upgrade, the swapfile is created, and the error has disappeared.
All is working well !