"ClamAV Virus Scanning Server" stopped?

Hello there,

so suddenly, on the start page (the dashboard) I see that “ClamAV Virus Scanning Server” is stopped. I click on the play button but nothing happens. I read somewhere that I have to run sudo systemctl status clamd@scan but it does not help, the status still shows as stopped. This service is not enabled at all so it does not start on boot.

I didn’t do any updates on the system recently so that’s rather strange.

  • Which service has to be enabled for the ClamAV server to work?
  • What is the status page monitoring exactly and how to fix the status?

Packages look OK to me and database seems to be updated.

[root@delirium ~]# freshclam
ClamAV update process started at Sat Jul 11 00:34:00 2020
daily.cld database is up to date (version: 25869, sigs: 3297216, f-level: 63, builder: raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
[root@delirium ~]# rpm -qa | grep clam
clamav-filesystem-0.102.3-1.el7.noarch
clamd-0.102.3-1.el7.x86_64
clamav-update-0.102.3-1.el7.x86_64
clamav-lib-0.102.3-1.el7.x86_64
clamav-0.102.3-1.el7.x86_64

I can get the service to start without problems.

[root@delirium ~]# sudo systemctl status clamd@scan
● clamd@scan.service - clamd scanner (scan) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-07-11 00:40:27 CEST; 8s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
  Process: 22694 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS)
 Main PID: 22779 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─22779 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

Jul 11 00:40:23 delirium.lol clamd[22779]: ELF support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: Mail files support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: OLE2 support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: PDF support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: SWF support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: HTML support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: XMLDOCS support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: HWP3 support enabled.
Jul 11 00:40:23 delirium.lol clamd[22779]: Self checking every 600 seconds.
Jul 11 00:40:27 delirium.lol systemd[1]: Started clamd scanner (scan) daemon.

I’m on CentOS Linux 7.8.2003. Webmin 1.942. Authentic theme 19.46.

Cheers
Keanu

Anyone? Please?

In Webmin -> System -> Bootup and Shutdown do you see an entry for clamav-freshclam.service or clamonacc.service? If so, set it to start on boot by using the Virtualmin GUI.

If not, you will have to create a new systemd service by clicking on the so named button in the Virtualmin GUI.

freshclam is the AV database updater, and it is not the clamd daemon. Has no relation to it at all, except that the data it updates is used by clamd. So, while they’re associated, frreshclam isn’t relevant to the problem at hand (clamd will start with an old database and warn about it).

clamonacc.service is not the name of the clam service on Virtualmin systems, by default. I think it is usually clamd@scan or clamd.service (but maybe something different on Debian/Ubuntu, i don’t recall off-hand). But, no onacc anywhere I can think of.

It really shouldn’t be necessary to create one. If the service doesn’t exist, something went wrong during installation or something has been removed since installation. The clamd@scan (or clamd@anything) service is sort of magic in that there isn’t actually a service file named clamd@scan.service. It’s called clamd@.service, and then every config file in a specified place is another clamd@name.service

Thanks @Joe for the info about the database updater.

Since @Keanu is running CentOS Linux 7.8.2003, I picked this up from one of my recently installed CentOS Linux 7.8.2003 systems running Webmin version 1.942 and Virtualmin version 6.09. In Webmin -> System -> Bootup and Shutdown, I see:

|clamav-freshclam.service|ClamAV virus database updater|No|No|
|clamonacc.service|Clam AntiVirus userspace daemon for OnAccess Scanning|No|No|

On this I have probably manually disabled Clam after Virtualmin was installed. On another VPS I have with CentOS Linux 7.8.2003, Webmin version 1.953 and Virtualmin version 6.10. I recall choosing not to use Clam during install and so do not have any entries for it in Webmin -> System -> Bootup and Shutdown but everything else works perfectly.

If you like, I could do a few test installs across VPS hosts like Linode, AWS etc. and send you a report about what shows here if Clam is disabled.

Huh. That’s weird. I guess they’ve changed their damned packages again. Insane. EPEL changes how things are done in this package all the time, it’s infuriating.

Ah, I see. It’s not something we (probably) care about. https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html

And, it is not what you’d use for scanning email.

Well spotted, Joe. It explains why I see a clamonacc.service on that system.

@Keanu check if Clam is listed in Webmin -> System -> Bootup and Shutdown. If so, enable it; if not, add it. You will have to tread carefully if you need to add it.

I prefer not to run a virus scanner on performant systems but the choice is yours.

Yeah, I think we’re approaching a time and environment where we should be discouraging use of ClamAV. It’s just so incredibly demanding of resources, and for dubious benefit. I mean, it needs about a GB of RAM to operate! I’d wager that’s all (or more) of the memory half of Virtualmin installations have available. So many people are running on little VMs, and it just doesn’t make sense to run Clam there.

I’m hesitant to say we should remove it from the default installation, and just provide instructions for enabling it, but the temptation is there…and it may be something I’m thinking more seriously about in a year.

1 Like