Frequently receiving clamav-freshclam service notification

[mbsmt]

I've stopped ClamAV and FreshClam, and removed them from CentOS 7 completely using different ways I have found on forum and Google.

1- yum remove clamav*
2- yum remove freshclam*
3- Making related items OFF in /usr/local/directadmin/data/admin/services.status
4- And something like this: https://forum.directadmin.com/threads/uninstall-clamav.67892/

But still I am receiving this notification everyday:

The service 'clamav-freshclam' on server X is currently down

Please help me to stop this notification.

 

[zEitEr]

Hello,

da build clamav no
da build remove_items

 

[mbsmt]

Hello,

da build clamav no
da build remove_items

I used this guide, but still I am receiving messages.

The service 'clamav-freshclam' on server XXX is currently down

 

[Richard G]

Check this file:
/usr/local/directadmin/data/admin/services.status

See if any of these lines are present.

clamav-freshclam=ON
clamd@scan=ON

Either set them both to OFF and if they are already at off, just remove them and restart directadmin.
That should stop the warning messages.

 

[SupermanInNY]

going back into this subject - just in reverse:

I see many servers with CentOS 7 (and one Ubuntue 20.04) where I have the clamav installed,. and I started getting in the last week and a half repeating notices that the service of freshclam is down:

A new message or response with subject:

The service 'clamav-freshclam' on server server23.myserver.com is currently down

has arrived for you to view.

I tried to refresh the install, re-install, restarted the service and it kept for "quiet" for one day and then it returned again with this msg.

I want to keep it running - hoping it will do some protection for the users, so I'm not trying to remove it.

But, I don't know why its failing/down status all of a sudden.

(yes,. I konw I should migrate the users to AlmaLinux 9+, but for now I'm "stuck" with these servers).

 

[sysdev]

Getting them om CentOS 7 too sinds a couple of days.

 

[xar123]

Same here, always around the same time. Since a few days.
Server or DirectAdmin is not updated recent.

 

[paulonichio]

Same issue here.
All CentOS 7 servers are receiving this message at the same time every day.

 

[Richard G]

Well... time to upgrade then. Centos 7 is EOL since last year june and the DA EOL date is september 2025.
If it's just a warning but clamav is in fact running, then I would suggest to remove the Clamav check from DA and create a check yourself.

That can be easily done with a custom script.

 

[zEitEr]

If it is about freshclam:

New Message: The service 'freshclam' on server server.ABC is currently down

which stopped working and keeps alerting:

# service freshclam status
freshclam dead but subsys locked

then the following might be the possible reason (found in logs):

freshclam daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Mon Oct  6 06:44:56 2025
Your ClamAV installation is OUTDATED!
Local version: 0.103.3 Recommended version: 1.0.9
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 27778, remote version: 27780)
downloadPatch: Can't download daily-27779.cdiff from https://database.clamav.net/daily-27779.cdiff
Incremental update failed, trying to download daily.cvd
Can't download daily.cvd from https://database.clamav.net/daily.cvd
FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:
 1. You are running an out-of-date version of ClamAV / FreshClam.
    Ensure you are the most updated version by visiting https://www.clamav.net/downloads
 2. Your network is explicitly denied by the FreshClam CDN.
    In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
      https://bugzilla.clamav.net under the 'Mirrors' component
      and we will investigate why your network is blocked.
Database update process failed: Forbidden; Blocked by CDN
Update failed.
FreshClam was forbidden from downloading a database.
This is fatal. Retrying later won't help. Exiting now.

and these lines from manual run:

WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:
 1. You are running an out-of-date version of ClamAV / FreshClam.
    Ensure you are the most updated version by visiting https://www.clamav.net/downloads
 2. Your network is explicitly denied by the FreshClam CDN.
    In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
      https://bugzilla.clamav.net under the 'Mirrors' component
      and we will investigate why your network is blocked.
ERROR: Database update process failed: Forbidden; Blocked by CDN
ERROR: Update failed.

Run the following code as root:

perl -pi -e "s#freshclam=ON\n##" /usr/local/directadmin/data/admin/services.status
service directadmin restart

to stop directadmin from monitoring Freshclam. And you will be running Clamav with outdated virus definition databases.

 

[SupermanInNY]

If it is about freshclam:

New Message: The service 'freshclam' on server server.ABC is currently down

which stopped working and keeps alerting:

# service freshclam status
freshclam dead but subsys locked

then the following might be the possible reason (found in logs):

freshclam daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Mon Oct  6 06:44:56 2025
Your ClamAV installation is OUTDATED!
Local version: 0.103.3 Recommended version: 1.0.9
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 27778, remote version: 27780)
downloadPatch: Can't download daily-27779.cdiff from https://database.clamav.net/daily-27779.cdiff
Incremental update failed, trying to download daily.cvd
Can't download daily.cvd from https://database.clamav.net/daily.cvd
FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:
 1. You are running an out-of-date version of ClamAV / FreshClam.
    Ensure you are the most updated version by visiting https://www.clamav.net/downloads
 2. Your network is explicitly denied by the FreshClam CDN.
    In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
      https://bugzilla.clamav.net under the 'Mirrors' component
      and we will investigate why your network is blocked.
Database update process failed: Forbidden; Blocked by CDN
Update failed.
FreshClam was forbidden from downloading a database.
This is fatal. Retrying later won't help. Exiting now.

and these lines from manual run:

WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd
WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN).
This could mean several things:
 1. You are running an out-of-date version of ClamAV / FreshClam.
    Ensure you are the most updated version by visiting https://www.clamav.net/downloads
 2. Your network is explicitly denied by the FreshClam CDN.
    In order to rectify this please check that you are:
   a. Running an up-to-date version of FreshClam
   b. Running FreshClam no more than once an hour
   c. If you have checked (a) and (b), please open a ticket at
      https://bugzilla.clamav.net under the 'Mirrors' component
      and we will investigate why your network is blocked.
ERROR: Database update process failed: Forbidden; Blocked by CDN
ERROR: Update failed.

Run the following code as root:

perl -pi -e "s#freshclam=ON\n##" /usr/local/directadmin/data/admin/services.status
service directadmin restart

to stop directadmin from monitoring Freshclam. And you will be running Clamav with outdated virus definition databases.

After running the perl code,.. now I get:

The service 'clamav-php-fpm82' on server server.rdsnew.com is currently down

 

[zEitEr]

What will you see?

cat /usr/local/directadmin/data/admin/services.status

 

[SupermanInNY]

How I see, its taking too much energy to maintain these old servers.

I just removed the clamav entirely from DA with the Remove option.

I have this issue on old servers that will be retired soon, so at this point, I'm just kicking the clamav service out.

thanks for input on this.

 

[zEitEr]

The suggested command works fine, and it does not break anything:

- Before:

[root@server etc]# cat /usr/local/directadmin/data/admin/services.status
clamd=ON
dovecot=ON
exim=ON
freshclam=ON
httpd=ON
lfd=ON
mysqld=OFF
named=ON
proftpd=ON
sshd=ON
da-popb4smtp=ON
spamd=ON
[root@server etc]#

- Patching:

[root@server etc]# perl -pi -e "s#freshclam=ON\n##" /usr/local/directadmin/data/admin/services.status
[root@server etc]#

- After:

[root@server etc]# cat /usr/local/directadmin/data/admin/services.status
clamd=ON
dovecot=ON
exim=ON
httpd=ON
lfd=ON
mysqld=OFF
named=ON
proftpd=ON
sshd=ON
da-popb4smtp=ON
spamd=ON
[root@server etc]#

The line "freshclam=ON" was correctly removed as expected