Clamav stops by itself

On my firewall, there is clamav which stops itself.
I have to restart it through the services interface, but it stops again.
I attach the clamav log if it can help me. (1,6 Ko)

Your clamav log does not show clamav being stopped.

There is a section when clamav has been started via the services interface.

11:30:58 clamd[27123]: Received 0 file descriptor(s) from systemd. ===========> CLAMAV restarted via Services interface
11:30:58 clamd[27123]: clamd daemon 0.105.1 (OS: Linux, ARCH: x86_64, CPU: x86_64)
11:30:58 clamd[27123]: Log file size limited to 1048576 bytes.
11:30:58 clamd[27123]: Reading databases from /var/lib/clamav
11:30:58 clamd[27123]: Not loading PUA signatures.
11:30:58 clamd[27123]: Bytecode: Security mode set to “TrustSigned”.
11:31:33 clamd[27123]: Loaded 8647652 signatures.
11:31:38 clamd[27123]: LOCAL: Removing stale socket file /var/run/clamav/clamd
11:31:38 clamd[27123]: LOCAL: Unix socket file /var/run/clamav/clamd
11:31:38 clamd[27123]: LOCAL: Setting connection queue length to 200
11:31:38 clamd[27123]: Limits: Global time limit set to 120000 milliseconds.
11:31:38 clamd[27123]: Limits: Global size limit set to 419430400 bytes.
11:31:38 clamd[27123]: Limits: File size limit set to 104857600 bytes.
11:31:38 clamd[27123]: Limits: Recursion level limit set to 17.
11:31:38 clamd[27123]: Limits: Files limit set to 10000.
11:31:38 clamd[27123]: Limits: MaxEmbeddedPE limit set to 41943040 bytes.
11:31:38 clamd[27123]: Limits: MaxHTMLNormalize limit set to 41943040 bytes.
11:31:38 clamd[27123]: Limits: MaxHTMLNoTags limit set to 8388608 bytes.
11:31:38 clamd[27123]: Limits: MaxScriptNormalize limit set to 20971520 bytes.
11:31:38 clamd[27123]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
11:31:38 clamd[27123]: Limits: MaxPartitions limit set to 50.
11:31:38 clamd[27123]: Limits: MaxIconsPE limit set to 100.
11:31:38 clamd[27123]: Limits: MaxRecHWP3 limit set to 16.
11:31:38 clamd[27123]: Limits: PCREMatchLimit limit set to 100000.
11:31:38 clamd[27123]: Limits: PCRERecMatchLimit limit set to 2000.
11:31:38 clamd[27123]: Limits: PCREMaxFileSize limit set to 104857600.
11:31:38 clamd[27123]: Archive support enabled.
11:31:38 clamd[27123]: AlertExceedsMax heuristic detection disabled.
11:31:38 clamd[27123]: Heuristic alerts enabled.
11:31:38 clamd[27123]: Portable Executable support enabled.
11:31:38 clamd[27123]: ELF support enabled.
11:31:38 clamd[27123]: Mail files support enabled.
11:31:38 clamd[27123]: OLE2 support enabled.
11:31:38 clamd[27123]: PDF support enabled.
11:31:38 clamd[27123]: SWF support enabled.
11:31:38 clamd[27123]: HTML support enabled.
11:31:38 clamd[27123]: XMLDOCS support enabled.
11:31:38 clamd[27123]: HWP3 support enabled.
11:31:38 clamd[27123]: Self checking every 600 seconds.
11:41:38 clamd[27123]: SelfCheck: Database status OK.
11:54:58 clamd[27123]: SelfCheck: Database status OK.

and that is a successful start.

All messages after that in the log are from freshclam being woken to check if the databases need to be updated with one clamd line after a database update was carried out

12:04:11 clamd[27123]: Reading databases from /var/lib/clamav

indicating clamav was running correctly.

I think you need to look in the log from one clamav start by the service interface to the next service start by the service interface after clamav has stopped itself. If there are no additional lines beyond what is shown in the above log section then the stop is not being shown in the log or clamav has not really stopped although the services page is showing it as stopped.

1 Like

I just tested this out in my vm testbed by installing squidclamav which installed clamav as a dependency.

The wiki says that clamav should automatically start, which it did as shown on services page but after a short time it stopped. I enabled squidclamav in the web proxy page as instructed by the wiki page but clamav still will not stay started. Also the log in my case shows no information about clamav not wanting to start.

I don’t use squidclamav/clamav with the web proxy so I don’t have more knowledge about this.

Hopefully someone else who is using it will be able to respond with some more help.

Are you trying to set up squidclamav/clamnav in IPFire or is this something that was working but has stopped working?

I have found that the problem only happens if you install clamav on its own or if you first install clamav and then later on install squidclamav which is what I did first time round when testing it.

I removed squidclamav and clamav from my vm testbed system and then installed squidclamav with clamav as a dependency. Clamav then started successfully and has stayed running, at least for 10 mins so far.

If you want to run clamav on its own as an anti virus system, then you will need to modify the configuration files in line with what you are trying to achieve.