Control Web Panel
WebPanel => CentOS-WebPanel Bugs => Topic started by: petrosvel on January 22, 2018, 04:25:33 PM
-
When I use this command
service clamd stop
rm -f /var/run/clamd.amavisd/clamd.sock
service clamd start
Work for some min only...
Where I can find logs or something??
-
The same problem.
Centos 7. CWP version: 0.9.8.427
When ClamAV is enabled one of core hit to 100% CPU
htop shows:
user: amavis
cpu: 100%
command: /user/sbin/clamd -c /etc/clamd/amavisd.conf --foreground=yes
when I disable ClamAV - everything is ok.
On Centos 6 with old CWP I do not have this problem.
-
Do you see anything suspicious in log file of clamd?
-
Jan 22 21:36:18 server1 clamd[24183]: Received 0 file descriptor(s) from systemd.
Jan 22 21:36:18 server1 clamd[24183]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 22 21:36:18 server1 clamd[24183]: Running as user amavis (UID 989, GID 987)
Jan 22 21:36:18 server1 clamd[24183]: Log file size limited to 1048576 bytes.
Jan 22 21:36:18 server1 clamd[24183]: Reading databases from /var/lib/clamav
Jan 22 21:36:18 server1 clamd[24183]: Not loading PUA signatures.
Jan 22 21:36:18 server1 clamd[24183]: Bytecode: Security mode set to "TrustSigned".
Jan 22 21:36:29 server1 clamd[24183]: Loaded 6392552 signatures.
Jan 22 21:36:31 server1 clamd[24183]: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.
-
Are you getting very frequent emails or can you check your RAM usage.
-
I have all the time big logs and I can't open... out of memory...
-
Do you see anything suspicious in log file of clamd?
Same problem for me
-
try to run this command
sh /scripts/clamd_fix_100_cpu_usage
-
Hi,
I just share my experience and my possible solution on this problem:
CWPpro version: 0.9.8.528 on CentOS 7.4.1708 (Core)
Symptom:
Obviously the constant 100% CPU usage on clamd
Log in /var/log/messages
Mar 4 11:25:30 vps6 clamd: ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.
But I also experienced database duplication as well. Deleting the one not in use or older did not solve the problem. Also I saw solutions removing the serviced scripts.
I found that there are two entries trying to start clamd and this must be somehow not right.
My solution is to clean up first and then activate the clamd/amavis in CentOS Web panel.
1. In CWP, mail Server Manager - Switch off the ClamAV/AMAVIS/Spamassassin and rebuild Mail server. This suppose to remove clamav. After this process you can still see the Clamd and Amavis entries on the Dashboard.
2. Check the installed packages with 'yum list installed' - amavisd-new and clamav still there. Remove them with 'yum remove'. I did remove only: amavisd-new, clamav, clamav-server, clamav-data.
3. Dashboard still shows ClamAV row. No sense. Remove /usr/lib/systemd/system/ clamd-scan.service clamd.service
4. Reloading Dashboard should not show clamd or amavis status etc.
5. Now in CWP switch ON ClamD/Amavis/Spamassassin support. This will install the related services and dependencies.
From now on the antivirus system works and clamd is back to normal. Tried in two servers.
The question is what stage the original clamav installed originally? Is it because an earlier CWP built?
I tried the SH script and did not help in my situation.
I hope it is a solution for some of you.
-
gerasandor method and clamd_fix_100_cpu_usage does not work for me. anyone have another solution?
-
I have had this problem a couple of times now. It seems to occur following a Yum Update.
The first time petrosvels solution worked for me:
# systemctl stop clamd.service
# rm -f /var/run/clamd.amavisd/clamd.sock
# systemctl start clamd.service
The problem is in the error message from the postfix log (var/log/maillog) - ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process. Deleting the file clamd.sock is what is required to fix the problem.
The above didn't fix the problem straight away on the most recent occasion, so what I did was:
- From the CWP Dashboard - stop ClamAV
- stop AMaViS (A Mail Virus Scanner)
- Waited until USER amavis no longer appeared in the Top 5 Processes list and the 1 minute load average dropped back to normal levels (below 0.1 in my case). This is probably not necessary, but I did it anyway to be absolutely sure amavis/clamd were not running.
- Open Filemanager and browse to the folder /var/run/clamd.amavisd. Delete the file clamd.sock. It was an empty file (0 bytes)
- From the CWP Dashboard Start AMaViS
- Start ClamAV
If that does not fix the problem, check the postfix log for other possible causes:
# tail -100 var/log/maillog | grep clamd
-
Since this morning where I was running yum updates on my VPS, amavis was using 1 full CPU almost all the time.
Your below command fixed the issue (at least for now), so THANK YOU!
try to run this command
sh /scripts/clamd_fix_100_cpu_usage
-
I just encountered this after the last update to CWPpro version: 0.9.8.855 a couple of days ago.
I tried the /scripts/clamd_fix_100_cpu_usage and it didn't work.
I then tried gerasandor and added some additions and still not working.
First stop clamAV and AMaViS
- rm -f /var/run/clamd.amavisd/clamd.sock
- rm -f /var/run/clamd.amavisd/clamd.pid
- cd /var/lib/clamav && rm -f *cld *cvd
- freshclam update virus definitions
Database is updated and cpu is still at 100%.
I would love some help here please.
-
I faced exactly the same problem. I do not use my VPS for emails. What exactly have I to do in order to STOP AMAVIS?
It eats 98% of my CPU.
-
in your /scripts directory there is a bash file called clamd_fix_100_cpu_usage you could try running that?
cd /scripts
sh ./clamd_fix_100_cpu_usage
X
-
alternative solution
- admin panel
- mail services
- ClamAV
- Stop
- File Manager
- /var/run/clamd.amavisd/
- clamd.sock permission 755
- back admin panel
- mail services
- ClamAV
- Start
Well done!
-
Same issue.
Tried script above - didn't help.
Then I tried the alternate solution above - also failed.
There is no clamd.sock file in /var/run/clamd.amavisd/.
Anyway I've assigned 755 to /var/run/clamd.amavisd/ and to /var/run/clamd.scan/ that didn't help.
Then I checked /var/log/messages:
It has cycled error:
Apr 20 23:19:01 cwp systemd: Started clamd scanner () daemon.
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: **************************************************
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: *** The virus database is older than 7 days! ***
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: *** Please update it as soon as possible. ***
Apr 20 23:19:01 cwp clamd: LibClamAV Warning: **************************************************
Apr 20 23:19:09 cwp clamd: LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_ac_addpatt: Can't allocate memory for new->trans
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_parse_add(): Problem adding signature (3).
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Problem parsing database at line 64534
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Can't load daily.ldb: Can't allocate memory
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_tgzload: Can't load daily.ldb
Apr 20 23:19:09 cwp clamd: LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Apr 20 23:19:09 cwp clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
Apr 20 23:19:09 cwp clamd: ERROR: Malformed database
Apr 20 23:19:09 cwp systemd: clamd.service: main process exited, code=exited, status=1/FAILURE
Apr 20 23:19:09 cwp systemd: Unit clamd.service entered failed state.
Apr 20 23:19:09 cwp systemd: clamd.service failed.
Apr 20 23:19:10 cwp systemd: clamd.service holdoff time over, scheduling restart.
Apr 20 23:19:10 cwp systemd: Stopped clamd scanner () daemon.
From it it's clear that it fails to extract signature database daily.ldb because it Can't allocate memory.
The same I see in the usage resources (I have 1 GB RAM on VPS) - normally 0.5 GB is consumed, after ClamAV start it raises from 0.5 to max and restarts.
Is there any way to load the db file on 1 GB RAM?
-
you need to wait for a little after running the script.
-
Do I need to stop services before running a script?
-
The one thing none of you are posting is your system specs. If you only have a 1 core 1ghz process you really can't run ClamV. I personally wouldn't run a mail server on anything less than 2 cores, preferabble 4 cores.
-
I have had this problem a couple of times now. It seems to occur following a Yum Update.
The first time petrosvels solution worked for me:
# systemctl stop clamd.service
# rm -f /var/run/clamd.amavisd/clamd.sock
# systemctl start clamd.service
The problem is in the error message from the postfix log (var/log/maillog) - ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process. Deleting the file clamd.sock is what is required to fix the problem.
The above didn't fix the problem straight away on the most recent occasion, so what I did was:
- From the CWP Dashboard - stop ClamAV
- stop AMaViS (A Mail Virus Scanner)
- Waited until USER amavis no longer appeared in the Top 5 Processes list and the 1 minute load average dropped back to normal levels (below 0.1 in my case). This is probably not necessary, but I did it anyway to be absolutely sure amavis/clamd were not running.
- Open Filemanager and browse to the folder /var/run/clamd.amavisd. Delete the file clamd.sock. It was an empty file (0 bytes)
- From the CWP Dashboard Start AMaViS
- Start ClamAV
If that does not fix the problem, check the postfix log for other possible causes:
# tail -100 var/log/maillog | grep clamd
Thank you all
================//============
PS.*[I leave an administration idea]*
[ I leave here an Idea, It would be good to have a premium for those who help more in the forum]
[And a big hug to MR. rcschaff Because it is an excellent support in the Forum, for aselha (difficulties) like me.]
===============//=============
My server CentOS Linux release 7.8.2003 (Core) CWPpro version: 0.9.8.971
very good | five start***** Tutorial
Your tutorial helped me a lot thanks ***(RESOLVED)***
-
Edit /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes
# Reload the database
ExecReload = /bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec = 420
IOSchedulingPriority = 7
CPUSchedulingPolicy = 5
MemoryLimit = 768M
CPUQuota = 25%
Nice = 19
[Install]
WantedBy = multi-user.target
systemctl daemon-reload
systemctl restart clamd
-
You got any running monit or chkroot stuff?
-
cynique's solutions fixed my ClamAV crashing constantly.
My error was:
unit clamd.service entered failed state.
clamd.service failed.
Now it's running smooth. Thank you cynique!
-
@ponch9
You are very welcome and thank you taking the time to acknowledge the fix, which I took time to research and check/test.
Note: it is worthwhile to try reducing the memory limit to 512M. YMMV.
-
Hi,
I just share my experience and my possible solution on this problem:
CWPpro version: 0.9.8.528 on CentOS 7.4.1708 (Core)
Symptom:
Obviously the constant 100% CPU usage on clamd
Log in /var/log/messages
Mar 4 11:25:30 vps6 clamd: ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.sock is in use by another process.
But I also experienced database duplication as well. Deleting the one not in use or older did not solve the problem. Also I saw solutions removing the serviced scripts.
I found that there are two entries trying to start clamd and this must be somehow not right.
My solution is to clean up first and then activate the clamd/amavis in CentOS Web panel.
1. In CWP, mail Server Manager - Switch off the ClamAV/AMAVIS/Spamassassin and rebuild Mail server. This suppose to remove clamav. After this process you can still see the Clamd and Amavis entries on the Dashboard.
2. Check the installed packages with 'yum list installed' - amavisd-new and clamav still there. Remove them with 'yum remove'. I did remove only: amavisd-new, clamav, clamav-server, clamav-data.
3. Dashboard still shows ClamAV row. No sense. Remove /usr/lib/systemd/system/ clamd-scan.service clamd.service
4. Reloading Dashboard should not show clamd or amavis status etc.
5. Now in CWP switch ON ClamD/Amavis/Spamassassin support. This will install the related services and dependencies.
From now on the antivirus system works and clamd is back to normal. Tried in two servers.
The question is what stage the original clamav installed originally? Is it because an earlier CWP built?
I tried the SH script and did not help in my situation.
I hope it is a solution for some of you.
Это сработало в моем случаи.
Мой сервер с 2Гб памяти. После обновления загрузка процессора стала 100%. SWAP достигала 100%
1. Остановил службы clamav & amavis
2. Пересобрал почту
3. удалил все пакеты clamav & amavis
4. удалить вручную остатки в /usr/lib/systemd/system/ clamd-scan.service clamd.service
5. перезапустить
6. пересобрать почту с clamav & amavis
7. Проверить в startup_services включен ли запуск amavisd.service и clamd.service
8. Перезапуститься
В моем случаи в логах появились сообщения о не хватке прав
9. В файле /etc/clamd.d/scan.conf заменил строку
LocalSocket /run/clamd.scan/clamd.sock
на
LocalSocket /run/clamd.amavisd/clamd.sock
10. Добавить пользователя clamscan (является владельцем clamd.sock) в группу clamupdate (доступ к папке clamd.amavisd)
Теперь все запустилось и нет нагрузки. Все стало как раньше
-
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.
Any suggestions for solution?
https://prnt.sc/uj47u6
-
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.
Any suggestions for solution?
https://prnt.sc/uj47u6
Did you try the solution that was posted earlier by studio4host?
This is part of CWP.
sh /scripts/clamd_fix_100_cpu_usage
Also how many CPU's and Memory are you running?
-
+1
-
Guys, I tried all methods but none of them work.
The problem is starting again after a while.
This is really a bad situation.
Any suggestions for solution?
https://prnt.sc/uj47u6
Did you try the solution that was posted earlier by studio4host?
This is part of CWP.
sh /scripts/clamd_fix_100_cpu_usage
Also how many CPU's and Memory are you running?
Yes, I tried but it didn't work
3 CPU's and 4 GB RAM
-
???
-
Pls, help...?!?
-
run this in your /scripts directory,
its a known issue.
sh ./clamd_fix_100_cpu_usage
X
-
Hi,
I read somewhere that after the execution of the command sh ./clamd_fix_100_cpu_usage and when the system is restarted, the problem is restored ...?!?
Thanks in advance!
BR
Venty
-
Edit /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes
# Reload the database
ExecReload = /bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec = 420
IOSchedulingPriority = 7
CPUSchedulingPolicy = 5
MemoryLimit = 768M
CPUQuota = 25%
Nice = 19
[Install]
WantedBy = multi-user.target
systemctl daemon-reload
systemctl restart clamd
I had the same problem, only this solution solved it for me. Now calmd runs with MAX 512M and taking 50% of 1 of 2 cores, so server is running smoothly. Thank you cynique!
-
Edit /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes
# Reload the database
ExecReload = /bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec = 420
IOSchedulingPriority = 7
CPUSchedulingPolicy = 5
MemoryLimit = 768M
CPUQuota = 25%
Nice = 19
[Install]
WantedBy = multi-user.target
systemctl daemon-reload
systemctl restart clamd
I had the same problem, only this solution solved it for me. Now calmd runs with MAX 512M and taking 50% of 1 of 2 cores, so server is running smoothly. Thank you cynique!
swap/disk usage will be increased if you've it.
-
Thank you cynique!
You are very welcome.
Let's see: unstable/unusable server or correctly uses swap where required. hmmm. ::)
-
swap/disk usage will be increased if you've it.
Do you know a better solution for this when the FIX script provided by CWP doesn't work? I'll appreciate that!
-
Let's see: unstable/unusable server or correctly uses swap where required. hmmm. ::)
My file is like this, running like a charm:
24789 amavis 39 19 398716 261180 2968 R 12.5 25.7 0:07.05 clamd
My server:
CPU Details: 2 Core (2600 MHz)
RAM: 1Gb SWAP: 512Mb
Distro Name: CentOS Linux release 7.8.2003 (Core)
Kernel Version: 3.10.0-1127.19.1.el7.x86_64
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
IOSchedulingPriority = 7
CPUSchedulingPolicy = 5
MemoryLimit = 256M
CPUQuota = 13%
Nice = 19
[Install]
WantedBy = multi-user.target
-
You should wrap the above in CODE tags. ;)
Note that I tested quite extensively and if you drop values too low, they simply get ignored.
512M/25% seemed to be a good balance, for most 'lower-end' server/VPS specifications.
-
You should wrap the above in CODE tags. ;)
DONE!
Note that I tested quite extensively and if you drop values too low, they simply get ignored.
512M/25% seemed to be a good balance, for most 'lower-end' server/VPS specifications.
Thanks for the update. For now, seems like it's working fine like that, but I'll keep an eye on it!
-
Hi,
again, today I updated the clam and regarding the same problem...
Pls, help...
thanks in advance!
BR
Venty
-
gerasandor method and clamd_fix_100_cpu_usage does not work for me. anyone have another solution?
-
gerasandor method and clamd_fix_100_cpu_usage does not work for me. anyone have another solution?
Run the fix in the /scripts directory, and then log into the admin panel and manually STOP ClamAV & AMaViS.
After CPU goes down to 0%, Start Just ClamAV, wait for it to run a quick scan, it should go back to 0, then Start AMaViS.
You should be good to go.
Had the same problem, and this worked.
-
I have faced the same issue yesterday with my server...
My server details:
CPU Model: Intel Xeon Processor (Skylake, IBRS)
CPU Details: 1 Core (2100 MHz)
Distro Name: CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.49.1.el7.x86_64
Memory: 2GB
The only solution that made my server go back again and work normally with ClamAV and AmAvis up and running was to create a swap image. I add a 4GB swap image and after a server reboot, both ClamAV and AmAvis started normally and did not take CPU time abnormally.
Here is a tutorial on how to create a swap image on Centos 7 CWP -> https://www.mysterydata.com/create-and-add-swap-on-linux-os-cwp-centos-webpanel-and-vesta-cp/
The main problem that I have faced is that AmAvis could not find a socket and connect to ClamAV. This is an error I found in maillog: "host amavis[1975]: (01975-01) (!)connect to /run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /run/clamd.amavisd/clamd.sock: No such file or directory"
The clamd.sock file was not created after restarting ClamAV service or server reboot. After swap image creating and activating, that file was created automatically when I start the ClamAV service.
Hope that this would help someone with the same issue.