How can I check the status of ClamAV and fix any problems?

Check the Status of the ClamAV Daemon

You can check the ClamAV daemon status under the Anti-virus line in the Services dashboard widget. It should be green and Active. You can click on the Active or Inactive in the status column to get more information.

Clamd status

Check the Status of the ClamAV Daemon From the Command Line

AlmaLinux/Centos/RockyLinux/RHEL/CloudLinux

systemctl status clamd@scan 

Debian/Ubuntu

systemctl status clamav-daemon

Checking the Current Configuration From the Command Line

You can view the current ClamAV configuration using the clamconf command:

clamconf

Viewing the ClamAV Daemon Logs

You can view the ClamAV daemon logs under Warden -> Logs -> Anti-virus Logs. To view the logs on the command line:

AlmaLinux/Centos/RockyLinux/RHEL/CloudLinux

tail -f /var/log/clamd.scan

Debian/Ubuntu

tail -f /var/log/clamav/clamav.log

Monitoring the ClamAV Daemon Memory and CPU Usage

Administrators can use the clamdtop command to monitor ClamAV daemon memory and CPU usage statistics from the command line:

RHEL/Almalinux/CloudLinux/RockyLinux

clamdtop --config-file=/etc/clamd.d/scan.conf

Debian/Ubuntu

clamdtop --config-file=/etc/clamav/clamd.conf

clamdtop

High Server Load / CPU Usage Problems

Normally high server load is caused by the clamscan binary when the ClamAV daemon is down. By default Amavis will fall back to the secondary clamscan binary when the ClamAV daemon is down or having problems. Note that the clamscan binary is NOT the same as clamd. Clamd is the highly efficient daemon version of ClamAV while clamscan is the inefficient non-demonized version. Clamscan is not suitable for scanning large amounts of mail because the ClamAV signatures have to be loaded into memory for every scan (This is what causes the high load on the server). Look below for how to disable the clamscan secondary fallback scanner if you don't want Amavis to fall back to it.

How to Disable the Clamscan Fallback Scanner

To disable the secondary fallback scanner go to Warden -> Settings -> Scanner Settings -> Scanner backup template -> set it to None. Then press the Update button to save the page.

Secondary scanner

To check that the backup scanner is disabled on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and look for the following line. It should look like the following:

@av_scanners_backup = ();

ClamAV Memory Problems

The most common problem is not enough free memory for the ClamAV daemon. You can check the free memory of the server using the command: free -m (look at the free column):

# free -m
              total        used        free      shared  buff/cache   available
Mem:          64049       30895       15313        3113       17840       29387
Swap:         15259        4333       10926

If the server is running low on free memory sometimes the out of memory killer (OOM Killer) will kill the ClamAV daemon. We recommend a minimum of at least 4 GB of server memory (sometimes more depending on how many additional services you have running):

// AlmaLinux/Centos/RockyLinux/CloudLinux/RHEL
zgrep "Out of memory" /var/log/messages*  

// Debian/Ubuntu
zgrep "Out of memory" /var/log/syslog* 

Jun 19 19:35:21 el8p18 kernel: Out of memory: Killed process 1650121 (clamd) total-vm:3118856kB, anon-rss:2262988kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5888kB oom_score_adj:0
Jun 19 20:30:33 el8p18 kernel: Out of memory: Killed process 1992340 (clamd) total-vm:3072516kB, anon-rss:1895824kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5792kB oom_score_adj:0
Jun 19 21:22:52 el8p18 kernel: Out of memory: Killed process 2007089 (clamd) total-vm:3093760kB, anon-rss:1779240kB, file-rss:0kB, shmem-rss:0kB, UID:981 pgtables:5816kB oom_score_adj:0

Create a Swap File if your VM Doesn't Have One

Some times service providers create a virtual machine without any swap file. If your virtual machine doesn't have a swap file then you should create one. You can check if your VM has a swap file using the command:

# cat /proc/swaps 
Filename                                Type            Size            Used            Priority
/dev/dm-1                               partition       2097148         735832          -2

Instructions for creating a swap file can be found here.

Disable the Out of Memory Killer for ClamAV

Edit the ClamAV service file:

// RHEL/CloudLinux/AlmaLinux/RockyLinux
systemctl edit --full clamd@scan

// Debian/Ubuntu
# systemctl edit --full clamav-daemon

Add the option OOMScoreAdjust=-1000 to the [Service] section:

Example (taken from Ubuntu 22.04):

[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Service]
ExecStart=/usr/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
StandardOutput=syslog
TimeoutStartSec=420
OOMScoreAdjust=-1000

[Install]
WantedBy=multi-user.target

Restart ClamAV

// RHEL/CloudLinux/AlmaLinux/RockyLinux
systemctl restart clamd@scan

// Debian/Ubuntu
systemctl restart clamav-daemon

Disable Concurrent Database Reloads to Free Up Memory

If the option ConcurrentDatabaseReload in enabled in ClamAV then during a database reload clamd will load the new DB first and then drop the old one. This concurrent database reload strategy allows it to keep scanning files while loading the new database. The drawback is that it requires twice as much memory as during normal operations. As a result the clamd process can keep getting killed. For servers with under 8 GB of memory we recommend that you disable this option. You can disable this under Warden -> Settings -> Anti-virus Settings -> Concurrent database reload (make sure it is unchecked).

Adjusting How Much Memory Amavis Uses

Admins can adjust how much free memory Amavis uses by lowering the Max servers option under Warden -> Settings -> Content Filter -> Filter Settings. This will free up memory for use by the ClamAV daemon. See here for more information.

  • CPU, clamav, memory, server load
  • 1 Bu dökümanı faydalı bulan kullanıcılar:
Bu cevap yeterince yardımcı oldu mu?

İlgili diğer dökümanlar

How can I fix any statistics generation problems?

Missing the Warden Crontab Entry There is a crontab entry that will update Warden statistics...

How can I fix the error: "milter-reject: END-OF-MESSAGE from..." in the log and found the AV in error (cannot read /etc/clam.d/scan.conf).

Cloudlinux / Imunify360 added their own version of ClamAV to their repo which accidentally...

How can I fix the error: Can't connect to TCP port 10024 on 127.0.0.0 [Address already in use] when trying to start Amavis?

When trying to start Amavis you see this in the mail log: Oct 02 03:20:15 condor3648 systemd[1]:...

How can I fix the error: Can't connect to TCP port 10024 on ::1 [Cannot assign requested address] when trying to start Amavis?

When trying to start Amavis you see this in the mail log: Oct 02 03:20:15 condor3648 systemd[1]:...

How can I fix the error: Error [Contentfilter_Settings_Contentfilter]. Message [[QUARANTINEDIR] must be a valid directory?

This error means that Amavis was not installed correctly. Try running the Warden from the command...