Hi, I have a problem on my small VPS (2GO of RAM) when I receive mail on ispconfig 3.2.2 On my VPS I have only two website (small), and recently I have try to set some email adresses on ispconfig. All works well for send e-mail from webmail, but when I receive mail I got in the subject of mail an extra text When I look in my logs, in syslog I see a problem with clamav : Code: Feb 9 21:00:56 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused Feb 9 21:00:57 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused Feb 9 21:00:57 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2) Feb 9 21:01:01 mydomain CRON[18981]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) Feb 9 21:01:01 mydomain CRON[18982]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) Feb 9 21:01:03 mydomain amavis[21895]: (21895-10) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused Feb 9 21:01:03 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n Feb 9 21:01:03 mydomain amavis[21895]: (21895-10) (!)WARN: all primary virus scanners failed, considering backups Feb 9 21:01:20 mydomain amavis[21895]: (21895-10) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Warning: **************************************************\nLibClamAV Warning: *** The virus database is older than 7 days! ***\nLibClamAV Warning: *** Please update it as soon as possible. ***\nLibClamAV Warning: **************************************************\nLibClamAV Error: mpool_malloc(): Can't allocate memory (266240 bytes).\nLibClamAV Error: hm_addhash_bin: failed to grow hash array to 8193 entries\nLibClamAV Error: cli_loadhash: Malformed hash string at line 2330054\nLibClamAV Error: cli_loadhash: Problem parsing database at line 2330054\nLibClamAV Error: Can't load main.mdb: Can't allocate memory\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" Feb 9 21:01:20 mydomain amavis[21895]: (21895-10) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Warning: **************************************************\nLibClamAV Warning: *** The virus database is older than 7 days! ***\nLibClamAV Warning: *** Please update it as soon as possible. ***\nLibClamAV Warning: **************************************************\nLibClamAV Error: mpool_malloc(): Can't allocate memory (266240 bytes).\nLibClamAV Error: hm_addhash_bin: failed to grow hash array to 8193 entries\nLibClamAV Error: cli_loadhash: Malformed hash string at line 2330054\nLibClamAV Error: cli_loadhash: Problem parsing database at line 2330054\nLibClamAV Error: Can't load main.mdb: Can't allocate memory\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" at (eval 113... Feb 9 21:01:20 mydomain amavis[21895]: (21895-10) (!)...) line 951. Feb 9 21:01:20 mydomain amavis[21895]: (21895-10) (!!)AV: ALL VIRUS SCANNERS FAILED I don't know if my problem come from this, but in the lot I see "Can't allocate memory" but in the forum I have see that some people have no problem with VPS 2GO for run clamAV. Also I have try to do and I get : Code: clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: failed (Result: exit-code) since Thu 2023-02-09 20:58:45 CET; 33min ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Process: 18425 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE) Process: 18426 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 18428 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE) Main PID: 18428 (code=exited, status=1/FAILURE) Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes). Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_mpool_strdup(): Can't allocate memory (24 bytes). Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_loadhash: Problem parsing database at line 2578087 Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: Can't load main.mdb: Malformed database Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_tgzload: Can't load main.mdb Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database Feb 09 20:58:45 mydomain.com clamd[18428]: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld Feb 09 20:58:45 mydomain.com clamd[18428]: Thu Feb 9 20:58:45 2023 -> !Malformed database Feb 09 20:58:45 mydomain.com systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE Feb 09 20:58:45 mydomain.com systemd[1]: clamav-daemon.service: Failed with result 'exit-code'. Have you an idea of why I get this errors and how can I try to resolve them ? Thanks
I agree that 2GB should be fine in general when you have a swap space. if you don't have a swap partition, then you can e.g. add a swap file. The error also mentions a Malformed clamav signature database, so removing that and re-downloading a fresh database with freshclam might help as well o fix this issue.
Thanks for your answers, I think that I haven't swap space (I never configure it) When I do a "top" command I get : Code: MiB Mem : 1949.7 total, 1120.4 free, 619.9 used, 209.4 buff/cache MiB Swap: 0.0 total, 0.0 free, 0.0 used. 1149.8 avail Mem And with "free -h" command I get : Code: total used free shared buff/cache available Mem: 1.9Gi 618Mi 1.1Gi 40Mi 209Mi 1.1Gi Swap: 0B 0B 0B Can I create a swap partition on a VPS ? You have an advise link for do this ? Also for freshclam I juste need to execute the command "freshclam" for update, but I have not found how delete the database before update ? Thanks for your help
No, but you can add a swap file instead. Which Linux distribution do you use? try: rm /var/lib/clamav/main.cld and then run freshclam.
Thanks for your help till, I use debian 10 for linux distribution, how can I process to create a swap file ? For freshclam I have try to run freshclam but I was getting an error, so I have try : Code: apt update apt upgrade clamav And now the freshclam database are good update and also the "freshclam" command seems to works: Code: Fri Feb 10 21:25:48 2023 -> freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Fri Feb 10 21:25:48 2023 -> ClamAV update process started at Fri Feb 10 21:25:48 2023 Fri Feb 10 21:25:48 2023 -> daily.cvd database is up-to-date (version: 26808, sigs: 2020417, f-level: 90, builder: raynman) Fri Feb 10 21:25:48 2023 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Fri Feb 10 21:25:48 2023 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Also I have a little question about this, I am always afraid to do an "apt update and apt-upgrade" with a server in production, should I avoid doing this for not breaking something ? or on the contrary should I always keep the system up to date? But I still get the same error when I receive a new mail (probably because of no swap file / memory limit): Code: Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_mpool_strdup(): Can't allocate memory (25 bytes).\nLibClamAV Error: cli_loadhash: Problem parsing database at line 3234234\nLibClamAV Error: Can't load main.mdb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_mpool_strdup(): Can't allocate memory (25 bytes).\nLibClamAV Error: cli_loadhash: Problem parsing database at line 3234234\nLibClamAV Error: Can't load main.mdb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cld: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cld\nERROR: Malformed database" at (eval 113) line 951. Feb 10 21:22:36 mydomain amavis[32478]: (32478-08) (!!)AV: ALL VIRUS SCANNERS FAILED Thanks
You should run this regularly to keep the system up to date. these commands will not break your system. Regarding swap file, take a look here: https://linuxize.com/post/how-to-add-swap-space-on-debian-10/
Thanks for your help till, my server is update and upgrade, the swapfile is created, and the error has disappeared. All is working well !