Server Hangs, is it Chkservd?

[LordLiverpool]

Hello cPanel.

Roughly once every 7-14 days my server hangs, obviously all websites are affected.

I get a rash of emails like this:



I'm unable to determine the cause.

Chkservd kills off processes usually always ClamD and Dovecot, sometime HTTPD.
But chkservd itself usually hangs as well, (a false positive?)

Has anyone else experienced this behaviour? If so what's the solution?

My current chkservd settings are the default ones:



Any help is greatly appreciated.

Kind Regards

 

[cPanelMichael]

Hello,

Do you notice any error output in /var/log/exim_mainlog or /var/log/exim_paniclog at the times the clamd or spamd services fail?

Thank you.

 

[LordLiverpool]

Hi Michael,

Thanks for replying, I really appreciate your help.

I looked in both those files:

• exim_mainlog - only went back 3 days, so the log was lost.
• exim_paniclog - was completely empty, file size of 0 bytes.

Next time the server falls over I will check those 2 logs and report back here.

Best Regards

 

[LordLiverpool]

As predicted it didn't take long for my server to fall over again.

This is the contents of exim_paniclog

'
[email protected] [~]# vi /var/log/exim_paniclog
2018-02-25 16:19:35 1epz1S-0001ht-6W malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:19:41 1epz1Z-0001iH-7Z malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:23:54 1epz5d-0002Vd-L6 malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:26:36 1epz8F-0002iX-OT malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:29:36 1epzB9-0002s4-Ku malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:29:52 1epzBP-0002tG-VA malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
'

There are over 320 lines posted to exim_mainlog at the time(s) of the failure(s).

Will I upload the file or is there something specific I should look for?

Thanks in advance.

 

[cPanelMichael]

Hello,

You can try searching /var/log/chkservd.log for the time of the most recent service failures to see if any additional information is available. For instance, do any of the entries reference the server load? Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

Thank you.

 

[LordLiverpool]

@cPanelMichael

Thanks for replying, I really do appreciate the help.

OK I combed through /var/log/chkservd.log at the time of the outage and there was nothing.

So thanks I will definitely open a ticket.

Afterwards I will post back here the outcome to try and help future readers.

Best Regards