named.service killed after clamd fail

More frequently, lately, I've awoken to discover that named.service has failed and not restarted. This always follows a failure of clamd.

It may have begun when I initiated this thread:
Increase in clamd failures after manually updating

One of my clients notified me early this morning that all of their sites hosted with me were unavailable. I rebooted the server and all sites are back online but I would like to get to the bottom of the issue and fix whatever has caused this to happen.

Here are the entries from /var/log/messages leading up to the named.service being killed.

Code:

Oct 26 20:50:43 server pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Oct 26 20:50:43 server pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__4HEcC7DM32YN10E_Zjcyv_mfGG6uCxsxrr3HQvLDtU_eqXjqG5DIv4uxJuDqFKfQ is now logged in
Oct 26 20:50:43 server pure-ftpd: (__cpanel__service__auth__ftpd__4[email protected]127.0.0.1) [INFO] Logout.
Oct 26 20:55:01 server systemd: Created slice User Slice of root.
Oct 26 20:55:01 server systemd: Starting User Slice of root.
Oct 26 20:55:01 server systemd: Started Session 15936679 of user root.
Oct 26 20:55:01 server systemd: Starting Session 15936679 of user root.
Oct 26 20:55:04 server systemd: Removed slice User Slice of root.
Oct 26 20:55:04 server systemd: Stopping User Slice of root.
Oct 26 20:55:43 server pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Oct 26 20:55:43 server pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__4HEcC7DM32YN10E_Zjcyv_mfGG6uCxsxrr3HQvLDtU_eqXjqG5DIv4uxJuDqFKfQ is now logged in
Oct 26 20:55:43 server pure-ftpd: (__cpanel__service__auth__ftpd__4[email protected]127.0.0.1) [INFO] Logout.
Oct 26 20:58:15 server systemd: clamd.service: main process exited, code=killed, status=9/KILL
Oct 26 20:58:15 server systemd: Unit clamd.service entered failed state.
Oct 26 20:58:15 server systemd: clamd.service failed.
Oct 26 20:58:18 server mysqld_safe: /usr/bin/mysqld_safe: line 183: 21725 Killed                  nohup /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=server.websitehosting101.com.err --open-files-limit=10000 --pid-file=server.websitehosting101.com.pid < /dev/null >> /var/lib/mysql/server.websitehosting101.com.err 2>&1 >> /var/lib/mysql/server.websitehosting101.com.err 2>&1
Oct 26 20:58:21 server mysqld_safe: 181026 20:58:21 mysqld_safe Number of processes running now: 0
Oct 26 20:58:21 server systemd: named.service: main process exited, code=killed, status=9/KILL

I scanned journalctl specifically for named and the only entries within were from after this morning's reboot of the VPS. I scanned this forum for similar issues and the first thread that popped up was the one that I started in September and posted above. I have searched the internet for exact match errors and I can find no help out in the wild, either.

As I mentioned above, I would like to find and resolve the root cause of this problem. I'm not sure where to begin so I'm seeking some guidance from folks who might know.

 

When I opened the support thread in September, @cPanelLauren and I exchanged about a possible RAM shortage and she indicated that she didn't think that was the problem. I notified A2 to add 2GB RAM just to eliminate this as the potential cause.

About every 2 hours since I rebooted the server, clamd has failed and recovered. I still think it is related to that, somehow. The email notification that I receive shows that the top process is spamd and that is only using around 4% of available memory.

You ask if I am looking at or monitoring ram utilization. Can you tell me what tools or scripts you use to do this?

 

Thanks for the info and suggestions

 

I have initiated a request for a memory upgrade through A2. The billing has been authorized but I don't know when they will be performing that upgrade.

Thanks for suggesting that I open a support ticket, @cPanelMichael. The support ticket number is: 10597881. I hope I did an adequate job of explaining everything.

 

@rpvw, thanks for sharing your analysis with this thread. What you've offered makes sense. On my local computers, I suppose I could compare it to the amount of resources Malwarebytes uses during its database updates and scans.

My woes on this issue began in mid-May of this year. I may have added a couple of development sites, since then, but traffic is not impacted by these sites. Since most of my development work is done offline using Xampp, the new sites on my VPS are there merely for review and tweaking prior to moving them over to their final destination.

Yesterday (October 28, 2018), I uninstalled the ClamAV plugin and reinstalled the latest version through WHM. This morning, there were issues with a duplicate clam database so I resolved that by following the advice on this thread in the forum.
CLAMD duplicate database?

I won't know if that solved the problem until tomorrow morning.

Another correspondent on this thread suggested installing Munin. I would but I'm afraid it will exacerbate the overuse of memory.

I have contacted A2 Hosting and requested a memory upgrade for my Dynamic VPS. I'm not sure if that is the root cause or when the memory upgrade will be scheduled.

If there are any revelations to share with the public after cPanel Support has looked things over, I will do so in order to assist others who might be experiencing similar issues.