Fresh install on Ubuntu 18.04 lts fails Clamav

Hello, freshly installed this,

On checking virtual min config, we fail due to a clam av related error.

I do not know what was wrong with it.

Just nuked the VM and am trying again on Debian 10.2.

Just a bit a of feedback, I suppose your waiting for 20.04 to drop before updating?

Anyway, difficult to debug/progress, even with clamav disabled ect, cannot progress (Which is sad)

Hi,

Have a look at this link.

ClamAV is so poorly maintained upstream (it took literally years for them to merge a patch I sent that fixed a simple CLI bug), and it’s so resource-intensive, that I’m tempted to remove it completely from the stack for Virtualmin 7. It needs a tremendous amount of RAM, and it increases in size constantly. It takes longer and longer to start, especially on VMs with disk speed that is sometimes very slow where timeouts are more likely to happen. We’ve tried to accommodate all of that, but it just keeps getting worse, so I don’t know that it’s ever gonna be nice. At this point, it’s probably not worth the pain of trying to keep it running.

AFAIK this isn’t a thing that always happens, and is probably due to slow disk performance or low memory (unless there’s some new issue I don’t know about). You could try the --minimal installation (you can add back components missing from minimal, if you need, e.g. SpamAssassin, but it seems likely that ClamAV is just too resource-intensive for the system you’re working with).

1 Like

Thanks for your help guys, sorry I never replied back.

I think that link may have helped me, I am not sure. but my webmin/virtualmin works ok now.

there is a minor bug that does not effect usage, but the main Bind DNS server (from the webmin section) does not contain the root’s or domains that virtualmin on the same server is hosting.

I have to edit the dns entries for each domain in the Virtualmin section manually, or via the command line by manually editing config files.

this may be down to the fact that I restored all of these domains from a backup on another server.
Any Ideas?

it’s so resource-intensive, that I’m tempted to remove it completely from the stack for Virtualmin 7. It needs a tremendous amount of RAM, and it increases in size constantly.

I’m currently having issues with clamscan which was supposed to work better on low RAM servers, but every time that ClamAV runs it freezes the entire server and ends up with an OOM killing the clamscan process.

Do you already have another software in mind in order to replace ClamAV?

No, it’s not supposed to work better on low-memory servers. It just won’t work at all on low-memory servers. It can take 2+ minutes to start if something has to be swapped out to load it. Absolutely disastrous for system performance. Where’d you get that idea? (If our docs or something suggest that, I’d like to update it to reflect current reality.)

There are no Open Source alternatives to ClamAV worth speaking of, so if we switch to something else, it’ll have to be a commercial add-on, which isn’t really something we’d want to do. I think you just have to accept that if you want anti-virus scanning, you need to spend a little extra to get enough RAM to run it. (It needs at least 1GB all to itself, currently, but the virus database keeps getting bigger, so that’s only good advice for now…a year from now it’ll be even bigger).

Oh, and if you have a lot of Virtualmin systems (VMs or dedicated), you might find it most cost-effective to scan for viruses/spam on one central host. Cloudmin Pro supports setting that up mostly automatically.

Thanks for your reply!

It just won’t work at all on low-memory servers.

Oh, good to know. I learned it the hard way :smile:. 2 days ago I tried the clamd option because I read in the forums it could work, but again the server froze. The only difference is that it did after booting hehe.

Where’d you get that idea? (If our docs or something suggest that, I’d like to update it to reflect current reality.)

I followed Virtualmin tutorial video more than a year ago, it uses a 1 GB RAM server too. I just searched the video to check the wizard text:

Run ClamAV server scanner?
- Yes (more RAM used, faster mail processing - approximately 600M)
- No (less RAM used, slower mail processing)

Nothing suggests is intended for low-memory servers. I probably got confused with the “less RAM used”, suggesting less than 600M is used. Anyway, now I know it’s still a big amount of RAM.

Also, in this doc: https://www.virtualmin.com/documentation/email/spam-av says

If your system is receiving a large amount of email, I recommend the use of clamd . It probably isn’t worth running on a system used primarily as a web server though, as it consumes about 64M of RAM at all times.

is 64M the right value? I didn’t have luck with clamd.


Another question, in this forum a user said:

Ever since I turned on blacklisting (via Spamhaus Zen) and greylisting on my previous mail server, nearly no viruses at all made it through anymore, despite I had no virus filter. (It was a low-traffic server though, so not fully representative).

I already have blacklisting on and I don’t know if I should disable ClamAV, since the OOM killer is killing it anyway. I know the best solution will be to increase the server RAM. Regarding security, is it crazy to disable ClamAV just because of having a good spam filter? seems like a security hole.

If I set all the emails on a Virtual Server as Mail aliases and redirect all mails to Gmail accounts for instance, could I safely disable ClamAV?
I don’t have much experience with mail servers, so I don’t know if redirection can still present a security issue without ClamAV enable.

64 MB is not even close to the right value (but it was when that doc was written). Even 600MB is low today. ClamAV grows every day, because they never prune old signatures and new signatures are constantly being added. I’ve updated the spam/AV doc to more closely reflect reality.

I’ll update the help text in the wizard. It is misleading to the point of being wrong today. It used to be possible to start it on-demand, when it was only 64MB. It was slow, but could be done. Today it’s just not feasible. We should probably just remove the option to use it on-demand, at all.

Your server is not at risk from viruses or malware that ClamAV would capture. It is only useful for your email users. The security of the server relies on other things. ClamAV is literally useless to preventing attacks on the server.

Obviously, if you cannot increase RAM, you cannot use ClamAV. The decision is already made by your budget, since ClamAV is not getting any smaller.

2 Likes

I’ve updated the spam/AV doc to more closely reflect reality.

Excellent! now it is clearer that it needs more resources :+1:

I’ll update the help text in the wizard. It is misleading to the point of being wrong today. It used to be possible to start it on-demand, when it was only 64MB. It was slow, but could be done. Today it’s just not feasible. We should probably just remove the option to use it on-demand, at all.

Thanks!

I’m seeing that at Virtualmin > Email Settings > Spam and Virus Scanning the option Virus scanning program has no way of disabling ClamAV for the whole server. However, I found it at Features and Plugins (maybe it could be useful to mention it in the option help popup for Virus scanning program).

By the way, at Features and Plugins the option Virus filtering should include the “email” word somewhere. It could be confused with some virus scanner for the server files, for instance.

Also, when I tried to disable Virus filtering I got the error:
The feature Virus filtering cannot be disabled, as it is used by the following virtual servers: ...

I think it will be useful to ask the user if he wants to disable the feature for all the virtual servers listed. Thus, if he confirms the feature is automatically disable for all domains. In my case, I now need to manually disable the feature on 7 domains. That’s why I mention this.

Your server is not at risk from viruses or malware that ClamAV would capture. It is only useful for your email users. ClamAV is literally useless to preventing attacks on the server.

That’s it, thanks! I was confusing some concepts but now is clearer to me what the actual function of ClamAV is.

Continuing with this, I just disable Virus filtering at the server level.

I went to Webmin > System > Bootup and Shutdown and the services clamav-freshclam and clamav-freshclam.service still have a Yes value for Start at boot? and Running now?.

Since I disabled ClamAV, shouldn’t these services be stopped too? or am I missing something?

If you won’t be using ClamAV in any capacity, you can disable that service as well.

Freshclam just updates the virus signatures.

Exactly. What I tried to point out is that Virtualmin should stop these services and remove them from boot after disabling Virus filtering at Features and Plugins.

That’s not what Features and Plugins does (it never disables or enables services, it just determines whether Virtualmin is going to create domain-related configs for them). It configures Virtualmin, it does not alter the system. But, I can see how this would be confusing. It probably should be more user-oriented, rather than system administrator oriented.

Way back in the day, there was an assumption that Virtualmin would just be part of a big server doing all sorts of things, and that we didn’t want to interfere with other stuff the admin might have setup (like disabling services, epecially mail-related services, because a lot of people used to build their own custom mail config to tie into LDAP or AD or whatever). That hasn’t really reflected reality for a long time; today we assume Virtualmin pretty much manages the whole server, because that’s what people expected.

It’s actually a pretty big change to make Features and Plugins do things to the system rather than simply configure things in Virtualmin, but I’ll talk it over with Jamie.

Oh, since moving from clamscan to clamd changed the clamav services at boot I thought that Features and Plugins would do it too.

Then, maybe to make regular users & admins happy a confirmation message could be useful. That is, after disabling a feature ask the user if he also wants to stop/remove the service from boot.

Please, also add this to the discussion with Jamie. Thanks!

1 Like

It does? I thought that happened in the wizard, but not in Features and Plugins. But, I guess Jamie has already started making Features and Plugins do things. I’ll have to have a look.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.