carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
Hello,

I get tons of notifications that clamAV appears to be down and fails to restart. It says that there is a duplicate database and should be manually removed. I followed the instructions on another thread with this same issue, but did not work, and reverted to previous situation, but now I don't know what to do next. I'm a rookie, and I'll probably always be, I aprecciate some guidance.

This is what happened:

[[email protected] ~]# mkdir /root/clamav-backup
[[email protected] ~]# mv /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld /root/clamav-backup
[[email protected] ~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Wed Feb 20 00:13:02 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read ClamavNet
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25365.cdiff [100%]
daily.cld updated (version: 25365, sigs: 2254643, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6820986 signatures) from database.clamav.net (IP: 104.16.219.84)
[[email protected] ~]# /scripts/restartsrv_clamd
Waiting for “clamd” to stop ………finished.

info [restartsrv_clamd] systemd failed to start the service “clamd” (The “/usr/bin/systemctl restart clamd.service --no-ask-password” command (process 13010) reported error number 1 when it ended.): Job for clamd.service failed because the control process exited with error code. See "systemctl status clamd.service" and "journalctl -xe" for details.

Waiting for “clamd” to start ………failed.

Cpanel::Exception::Services::StartError
Service Status

Service Error
(XID qmcehw) The “clamd” service failed to start.

Startup Log
Feb 20 00:14:00 xxx.xxxxxx.xxx systemd[1]: Starting clamd antivirus daemon...
Feb 20 00:14:19 xxx.xxxxxx.xxx systemd[1]: clamd.service: control process exited, code=exited status=1
Feb 20 00:14:19 xxx.xxxxxx.xxx systemd[1]: Failed to start clamd antivirus daemon.
Feb 20 00:14:19 xxx.xxxxxx.xxx systemd[1]: Unit clamd.service entered failed state.
Feb 20 00:14:19 xxx.xxxxxx.xxx systemd[1]: clamd.service failed.

clamd has failed. Contact your system administrator if the service does not automagically recover.
[[email protected] ~]# mv /root/clamav-backup/bytecode.cld /usr/local/cpanel/3rdparty/share/clamav
[[email protected] ~]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Wed Feb 20 00:17:59 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read ClamavNet
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cld is up to date (version: 25365, sigs: 2254643, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
[[email protected] ~]# /scripts/restartsrv_clamd
Service “clamd” is already stopped.

info [restartsrv_clamd] systemd failed to start the service “clamd” (The “/usr/bin/systemctl restart clamd.service --no-ask-password” command (process 13304) reported error number 1 when it ended.): Job for clamd.service failed because the control process exited with error code. See "systemctl status clamd.service" and "journalctl -xe" for details.

Waiting for “clamd” to start ………failed.

Cpanel::Exception::Services::StartError
Service Status

Service Error
(XID faxrvx) The “clamd” service failed to start.

Startup Log
Feb 20 00:19:31 xxx.xxxxxx.xxx systemd[1]: Starting clamd antivirus daemon...
Feb 20 00:19:48 xxx.xxxxxx.xxx clamd[13305]: LibClamAV Warning: Detected duplicate databases /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld and /usr/local/cpanel/3rdparty/share/clamav/bytecode.cvd. The /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld database is older and will not be loaded, you should manually remove it from the database directory.
Feb 20 00:19:51 xxx.xxxxxx.xxx systemd[1]: clamd.service: control process exited, code=exited status=1
Feb 20 00:19:51 xxx.xxxxxx.xxx systemd[1]: Failed to start clamd antivirus daemon.
Feb 20 00:19:51 xxx.xxxxxx.xxx systemd[1]: Unit clamd.service entered failed state.
Feb 20 00:19:51 xxx.xxxxxx.xxx systemd[1]: clamd.service failed.

clamd has failed. Contact your system administrator if the service does not automagically recover.
[[email protected] ~]#
 

sparek-3

Well-Known Member
Aug 10, 2002
1,929
178
343
cPanel Access Level
Root Administrator
How much memory does this system have?

Are you sure you aren't running up against a memory limit?

ClamAV is a huge memory hog.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,115
663
263
Houston
cPanel Access Level
DataCenter Provider
Hi @carolainn


Can you tell me what is present in the following?

Code:
ls -lah /usr/local/cpanel/3rdparty/share/clamav/
My assumption is there's more than one .cld file there.

You might try mv'ing them all and if that's not successful I'd suggest reinstalling cpanel-clamav you can do this by doing the following:

Here's what I did on my server to remove and reinstall (note you may want to ensure the rpm name specifically first:
Identify the specific ClamAV versions:
Code:
rpm -qa |grep clamav
cpanel-clamav-0.100.2-1.cp1170.x86_64
cpanel-clamav-virusdefs-0.100.2-1.cp1170.x86_64
Remove those
Code:
rpm -e --nodeps cpanel-clamav-0.100.2-1.cp1170.x86_64 cpanel-clamav-virusdefs-0.100.2-1.cp1170.x86_64
reinstall ClamAV and the virus defs
Code:
/scripts/check_cpanel_rpms --fix
I'd also be curious to know if you're running on CentOS or CloudLinux and/or do you have Imunify360 installed?

Thanks!
 
Last edited:
  • Like
Reactions: eva2000

carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
How much memory does this system have?

Are you sure you aren't running up against a memory limit?

ClamAV is a huge memory hog.
Thanks for your reply.

The system has 2 GB of memory.

(WHM) Home »Server Status »Service Status

Service Information
Service clamd
Version 0.100.2-1
Status down

System Information
Memory Used 42.2% (794,336 of 1,882,220)

(WHM) Home »Server Status »Server Information

Memory Information
[ 0.000000] Memory: 1860764k/2097008k available (7664k kernel code, 392k absent, 235852k reserved, 6055k data, 1876k init)

Current Memory Usage

>>>>>>> total - used - free - shared - buff/cache - available
Mem: 1882220 - 773744 - 507236 - 25744 - 601240 - 916416
Swap: 0 - 0 - 0
Total: 1882220 - 773744 - 507236

Thanks again.
 

carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
Hi @carolainn


Can you tell me what is present in the following?

Code:
ls -lah /usr/local/cpanel/3rdparty/share/clamav/
My assumption is there's more than one .cld file there.

You might try mv'ing them all and if that's not successful I'd suggest reinstalling cpanel-clamav you can do this by doing the following:

Here's what I did on my server to remove and reinstall (note you may want to ensure the rpm name specifically first:
Identify the specific ClamAV versions:
Code:
rpm -qa |grep clamav
cpanel-clamav-0.100.2-1.cp1170.x86_64
cpanel-clamav-virusdefs-0.100.2-1.cp1170.x86_64
Remove those
Code:
rpm -e --nodeps cpanel-clamav-0.100.2-1.cp1170.x86_64 cpanel-clamav-virusdefs-0.100.2-1.cp1170.x86_64
reinstall ClamAV and the virus defs
Code:
/scripts/check_cpanel_rpms --fix
I'd also be curious to know if you're running on CentOS or CloudLinux and/or do you have Imunify360 installed?

Thanks!
Hello! thanks for your reply.

Code:
ls -lah /usr/local/cpanel/3rdparty/share/clamav/
total 273M
drwxrwxr-x 3 clamav clamav 165 Feb 20 04:49 .
drwxr-xr-x 79 root root 4.0K Feb 4 14:13 ..
-rw-r--r-- 1 root root 314K Feb 17 23:55 bytecode.cld
-rw-r--r-- 1 clamav clamav 196K Jan 31 10:40 bytecode.cvd
-rw-r--r-- 1 clamav clamav 156 Oct 10 17:01 clamavconnector.conf
-rwxr-xr-x 1 root root 15K Oct 10 17:01 copyright
-rw-r--r-- 1 clamav clamav 160M Feb 20 00:13 daily.cld
drwxr-xr-x 2 clamav clamav 136 Feb 17 23:55 .first-install
-rw-r--r-- 1 clamav clamav 113M Feb 17 23:55 main.cvd
-rw------- 1 clamav clamav 364 Feb 20 04:49 mirrors.dat


There is two .cld but with different names. Which should I remove?

Thanks for your time.
 

carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
Hi @carolainn

Both of the .cld files should be removed then try and restart the software.
Ok, I did that and then restarted the service and had no error.

I checked the log and there is a lot of this type of messages:

Feb 20 17:00:01 server systemd: Started Session 686 of user root.
Feb 20 17:00:04 server systemd: Removed slice User Slice of root.

What are those about?
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,115
663
263
Houston
cPanel Access Level
DataCenter Provider
Hi @carolainn
Ok, I did that and then restarted the service and had no error.
I'm glad to hear that the service started successfully! My hope now is that it continues to run normally. Were you able to check if you had imunify or CloudLinux installed on the server? My concern there is that they have their own version of ClamAV being used for scanning and there have been some cases in which there are conflicts.


I checked the log and there is a lot of this type of messages:

Feb 20 17:00:01 server systemd: Started Session 686 of user root.
Feb 20 17:00:04 server systemd: Removed slice User Slice of root.
These are unrelated to anything occurring with ClamAV or even Out of Memory errors, these occur every time a user logs on and can be dismissed - redhat explains this here as well: Logs flooded with systemd messages: Created slice & Starting Session - Red Hat Customer Portal

Thanks!
 

carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
My hope now is that it continues to run normally.
I hope that too!. I will post again if something changes.

Were you able to check if you had imunify or CloudLinux installed on the server?
My VPS is running on CentOS, and I don't have Inmunify360 installed.

These are unrelated to anything occurring with ClamAV ...
Oh I see! So I shouldn't worry then.

Thanks so much for the help! <3
 
  • Like
Reactions: cPanelLauren

carolainn

Active Member
Feb 22, 2018
30
11
8
Argentina
cPanel Access Level
Root Administrator
Hi @carolainn

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
Hello Lauren,

I had a problem with the creation of the ticket because when I entered the Server IP that is in Home »Support »Support Center, I received a notification that the IP and ID did not match. So I changed the IP for the IP in the URL, and worked, I don't know why I have different IPs...

My Support Request ID is: 11603741

Thanks for your time and help!
 
  • Like
Reactions: cPanelLauren