clamd@scan - can't run
- Thread starter djcart
- Start date
Same problem here but only with almalinux 8 and rhel 8.
I think can be related with this update:
Even after remove clamav and reinstalling, the problem persists.
I think can be related with this update:
Code:
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-0.103.8-3.el8.x86_64
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-data-0.103.8-3.el8.noarch
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-devel-0.103.8-3.el8.x86_64
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-filesystem-0.103.8-3.el8.noarch
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-lib-0.103.8-3.el8.x86_64
2023-03-01T06:04:28-0300 DEBUG Upgraded: clamav-update-0.103.8-3.el8.x86_64Even after remove clamav and reinstalling, the problem persists.
Richard G
Verified User
That might be the case, our Alma 8 servers do not have these issues, but we have not upgraded yet, might do that tonight.
@djcart error looks to be the duplicate database from an update
Make a backup but try removing the /var/lib/clamav/bytecode.cld file and restart service.
Code:
mar 01 14:24:31 server.hostline.pl clamd[3952654]: LibClamAV Warning: Detected duplicate databases /var/lib/clamav/bytecode.cvd and /var/lib/clamav/bytecode.cld, please manually remove one of themMake a backup but try removing the /var/lib/clamav/bytecode.cld file and restart service.
Richard G
Verified User
@dmtinc are you also on Cloudlinux or just normale Almalinux 8?
Could you try this and look if this fixes the issue?
Edit: you might also need to remove both the bytecode.* files and then restart freshclam to get a new database update.
and
I've found the same error from some years ago. Seems clamav-data is obsolete and does not need to be installed anymore and they forgot to get it out.
Could you try this and look if this fixes the issue?
dnf remove clamav-dataEdit: you might also need to remove both the bytecode.* files and then restart freshclam to get a new database update.
djcart
Verified User
- Joined
- Jun 29, 2021
- Messages
- 122
I did the command and manually deleted the files as well. Unfortunately, the service keeps restarting
Just Almalinux and RHEL, not cloudlinux, but the package (clamav) depends on epel, I dont know if the cloudlinux kernel can do a difference.
Even after remove the "clamav-data" package, the problem still.
I'm trying or looking for a workaround, as the epel packages cant be downgraded with yum/dnf (because epel removes the old packaged with a new one its published).
djcart
Verified User
- Joined
- Jun 29, 2021
- Messages
- 122
I can write a ticket but the question is whether to write to cloudlinux or DirectAdmin?
Richard G
Verified User
Neither I guess. Since the issue is occuring on both DA and Cloudlinux and after the clamav update, which is an OS update, it's most likely an OS clamav issue.
I also have the "normal" (so no Cloudlinux) Alma. I'm going to update now and see what happens.
Richard G
Verified User
Update went fine, no issues, no stopping.
Status also showed all fine.
Restarting the clamd@scan service takes a lot of time (often), but this time indeed extra long.
But still fine, no error notices.
So I think you can add clamav-data again, since I have that running too. I do have bytecode.cld but not bytecode.cvd.
Try adding clamav-data again and remove the /var/lib/clamav/bytecode.cvd file and restart services.
Status also showed all fine.
Restarting the clamd@scan service takes a lot of time (often), but this time indeed extra long.
But still fine, no error notices.
Code:
[root@server: ~]# service clamd@scan status
Redirecting to /bin/systemctl status [email protected]
● [email protected] - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Active: activating (start) since Wed 2023-03-01 15:53:42 CET; 24s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 2175595 (code=exited, status=0/SUCCESS); Control PID: 2175760 (clamd)
Tasks: 2 (limit: 203028)
Memory: 927.2M
CGroup: /system.slice/system-clamd.slice/[email protected]
├─2175760 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
└─2175762 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Mar 01 15:53:42 server.wereldstadrtd.nl systemd[1]: Starting clamd scanner (scan) daemon...
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: Received 0 file descriptor(s) from systemd.
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: clamd daemon 0.103.8 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: Log file size limited to 1048576 bytes.
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: Reading databases from /var/lib/clamav
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: Not loading PUA signatures.
Mar 01 15:53:42 server.wereldstadrtd.nl clamd[2175762]: Bytecode: Security mode set to "TrustSigned".So I think you can add clamav-data again, since I have that running too. I do have bytecode.cld but not bytecode.cvd.
Try adding clamav-data again and remove the /var/lib/clamav/bytecode.cvd file and restart services.
djcart
Verified User
- Joined
- Jun 29, 2021
- Messages
- 122
How to add clamav-data?
Richard G
Verified User
Noup, I dont use any related con cloudlinux or their subproducts.
But I have a workaround to downgrade the clamav version. ONLY for RHEL 8 or rhel8 based distros (almalinux8/rockylinux8/cloudlinux8/etc..)
(I host some linux public mirrors, so I use the same server to create a custom repo).
First, remove clamav:
** Dont execute this commands on the /usr/local/directadmin/custombuild directory, in /root/ will be fine
Code:
dnf erase clamav*Exclude clamav from epel:
In /etc/yum.repos.d/epel.repo, add this line to the first repo:
Code:
exclude= clamav*Must look like this
Code:
[epel]
name=Extra Packages for Enterprise Linux 8 - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/8/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
exclude= clamav*Add a new repo:
Create the file "nonprod.repo" in /etc/yum.repos.d/ with this content:
Code:
[nonprodclam]
name=Workaround to downgrade clamav rhel8
baseurl=http://mirror.hnd.cl/nonprod-clamd
enabled=1
priority=10
countme=1Clean the local dnf/yum cache:
Code:
dnf clean allReinstall clamav using custombuild:
Code:
cd /usr/local/directadmin/custombuild
./build clamavAnd done, clamav working fine again
You can check the repo content at:
Its just a work around to fix this until a new clamav version its released on epel.
I'm think DirectAdmin needs to provide repos for rhel/deb/ubuntu for the system required packaged (as cpa...) as work with external repos, always will be a bet of compatibility.
Richard G
Verified User
Also I just updated both my centos 7 servers and they have both the bytecode files and no errors or issues there either.
Maybe the removal was not complete enough the first time you removed it? Wasn't it enough to remove the bytecode.cvd file maybe?
Building clamav via custombuild will use the OS anyway and not build from source anymore like before. So I'm curious as to what your server used now when using the build command or if it enabled the epel repo again.
Last edited:
Richard G
Verified User
Oeps... spoken too soon.
On all servers clamd.scan is running but in DA it's stated as not running. So I stopped it there an started again.
That succeeded after a bit of waiting, but it keeps these processes on all servers:
They shouldn't be active right?
And then they stop again.
On all servers clamd.scan is running but in DA it's stated as not running. So I stopped it there an started again.
That succeeded after a bit of waiting, but it keeps these processes on all servers:
Code:
ps faux | grep clamd@scam
root 2182054 0.0 0.0 1283248 20932 ? Ssl 16:30 0:00 \_ /usr/local/directadmin/directadmin taskq --syslog
root 2182166 0.0 0.0 25988 3292 ? S 16:32 0:00 | \_ sh -c /usr/bin/systemctl restart [email protected] >/dev/null 2>/de
root 2182168 0.0 0.0 82188 6676 ? S 16:32 0:00 | \_ /usr/bin/systemctl restart [email protected]
root 2182117 0.0 0.0 1283248 22640 ? Ssl 16:31 0:00 \_ /usr/local/directadmin/directadmin taskq --syslog
root 2182167 0.0 0.0 25988 3364 ? S 16:32 0:00 | \_ sh -c /usr/bin/systemctl restart [email protected] >/dev/null 2>/de
root 2182169 0.0 0.0 82188 6828 ? S 16:32 0:00 | \_ /usr/bin/systemctl restart [email protected]
root 2182213 0.0 0.0 1283504 19564 ? Ssl 16:32 0:00 \_ /usr/local/directadmin/directadmin taskq --syslog
root 2182228 0.0 0.0 25988 3440 ? S 16:32 0:00 | \_ sh -c /usr/bin/systemctl start [email protected] >/dev/null 2>/dev/
root 2182229 0.0 0.0 82188 6880 ? S 16:32 0:00 | \_ /usr/bin/systemctl start [email protected]
root 2182565 1.0 0.0 1283504 21400 ? Ssl 16:33 0:00 \_ /usr/local/directadmin/directadmin taskq --syslog
root 2182580 0.0 0.0 25988 3476 ? S 16:33 0:00 \_ sh -c /usr/bin/systemctl start [email protected] >/dev/null 2>/dev/
root 2182581 0.0 0.0 82188 6792 ? S 16:33 0:00 \_ /usr/bin/systemctl start [email protected]They shouldn't be active right?
And then they stop again.