LordLiverpool

Well-Known Member
Dec 27, 2014
57
11
8
cPanel Access Level
Root Administrator
Hello cPanel.

Roughly once every 7-14 days my server hangs, obviously all websites are affected.

I get a rash of emails like this:

cPanel.JPG

I'm unable to determine the cause.

Chkservd kills off processes usually always ClamD and Dovecot, sometime HTTPD.
But chkservd itself usually hangs as well, (a false positive?)

Has anyone else experienced this behaviour? If so what's the solution?

My current chkservd settings are the default ones:

chkservd.JPG

Any help is greatly appreciated.

Kind Regards
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

Do you notice any error output in /var/log/exim_mainlog or /var/log/exim_paniclog at the times the clamd or spamd services fail?

Thank you.
 

LordLiverpool

Well-Known Member
Dec 27, 2014
57
11
8
cPanel Access Level
Root Administrator
Hi Michael,

Thanks for replying, I really appreciate your help.

I looked in both those files:
  • exim_mainlog - only went back 3 days, so the log was lost.
  • exim_paniclog - was completely empty, file size of 0 bytes.
Next time the server falls over I will check those 2 logs and report back here.

Best Regards
 

LordLiverpool

Well-Known Member
Dec 27, 2014
57
11
8
cPanel Access Level
Root Administrator
As predicted it didn't take long for my server to fall over again.

This is the contents of exim_paniclog

'
[email protected] [~]# vi /var/log/exim_paniclog
2018-02-25 16:19:35 1epz1S-0001ht-6W malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:19:41 1epz1Z-0001iH-7Z malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:23:54 1epz5d-0002Vd-L6 malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:26:36 1epz8F-0002iX-OT malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:29:36 1epzB9-0002s4-Ku malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
2018-02-25 16:29:52 1epzBP-0002tG-VA malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): Connection refused
'

There are over 320 lines posted to exim_mainlog at the time(s) of the failure(s).

Will I upload the file or is there something specific I should look for?

Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello,

You can try searching /var/log/chkservd.log for the time of the most recent service failures to see if any additional information is available. For instance, do any of the entries reference the server load? Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

Thank you.
 
  • Like
Reactions: LordLiverpool

LordLiverpool

Well-Known Member
Dec 27, 2014
57
11
8
cPanel Access Level
Root Administrator
@cPanelMichael

Thanks for replying, I really do appreciate the help.

OK I combed through /var/log/chkservd.log at the time of the outage and there was nothing.

So thanks I will definitely open a ticket.

Afterwards I will post back here the outcome to try and help future readers.

Best Regards
 
  • Like
Reactions: cPanelMichael