After last system update (there was only the package in the subject), about one week ago (today is 2 may 19) i can’t run clamd anymore.
in the webgui i get the follow:
Task completed with errors

(exit status )

when i try to enable antifirus in “web content filter”

Furthermore:
On reboot the service c-icap (ICAP server) and clamd@squidclamav have a red label “Stopped”
Randomly, but very often, while i browse the web i get SSL_ERROR_RX_RECORD_TOO_LONG, if i refresh the browser, then the page will shows.

I have two system for testing, one at home ad the other in my office, and they run the same trouble.

I’m using SSL transparent proxy and Université Toulouse (free) blacklist. the one in the office have FTP server too.

Starting clamd manually in a terminal could explain what it is occurring

I can confirm this behaviour. Updated a VM and after update the services stopped:

grafik.png1008×160 3.7 KB

BUT: I did systemctl status calmd@squidclamav and the service was shown as running??

Pressed F5 in Browser and services turned to green.
Systemload is normal. Seems that the service needs more time to start now.

I try do do as flatspin says: but nothing to do.

The command systemctl status clamd@squidclamav.service report as follow:

clamd@squidclamav.service - clamd scanner (squidclamav) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; static; vendor preset: disabled)
Drop-In: /etc/systemd/system/clamd@squidclamav.service.d
ââc-icap.conf
Active: activating (start) since Thu 2019-05-02 11:40:48 CEST; 14s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Control: 12214 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@squidclamav.service
ââ12214 /usr/sbin/clamd -c /etc/clamd.d/squidclamav.conf

May 02 11:40:48 strapdm.mvdmv.it systemd[1]: Starting clamd scanner (squidclamav) daemon…
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Received 0 file descriptor(s) from systemd.
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Running as user c-icap (UID 986, GID 981)
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Log file size limited to 1048576 bytes.
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Reading databases from /var/lib/squidclamav
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Not loading PUA signatures.
May 02 11:40:48 strapdm.mvdmv.it clamd[12214]: Bytecode: Security mode set to “TrustSigned”.

The command systemctl status c-icap report
â c-icap.service - C-ICAP Server
Loaded: loaded (/usr/lib/systemd/system/c-icap.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/c-icap.service.d
ââsquidclamav.conf
Active: inactive (dead) since Tue 2019-04-30 22:48:40 CEST; 1 day 12h ago
Main PID: 6854 (code=exited, status=0/SUCCESS)

May 02 11:37:47 strapdm.mvdmv.it systemd[1]: Dependency failed for C-ICAP Server.
May 02 11:37:47 strapdm.mvdmv.it systemd[1]: Job c-icap.service/start failed with result ‘dependency’.
May 02 11:39:18 strapdm.mvdmv.it systemd[1]: Dependency failed for C-ICAP Server.
May 02 11:39:18 strapdm.mvdmv.it systemd[1]: Job c-icap.service/start failed with result ‘dependency’.
May 02 11:40:48 strapdm.mvdmv.it systemd[1]: Dependency failed for C-ICAP Server.
May 02 11:40:48 strapdm.mvdmv.it systemd[1]: Job c-icap.service/start failed with result ‘dependency’.
May 02 11:42:19 strapdm.mvdmv.it systemd[1]: Dependency failed for C-ICAP Server.
May 02 11:42:19 strapdm.mvdmv.it systemd[1]: Job c-icap.service/start failed with result ‘dependency’.
May 02 11:43:49 strapdm.mvdmv.it systemd[1]: Dependency failed for C-ICAP Server.
May 02 11:43:49 strapdm.mvdmv.it systemd[1]: Job c-icap.service/start failed with result ‘dependency’.

There is something i can do?

On my system the service needs about 45 sec to restart.
Please ty to restart the service and wait until its finished and take a look at the status then.

If it doesn’t start at all please try to start it manually:
/usr/sbin/clamd --debug -F -c /etc/clamd.d/squidclamav.conf

I had some troubles after an manually started update of clamav in this thread:

Maybe you can find some usefull info there.
The solution there was signal-event nethserver-squidclamav-update.

something insteresting in /var/log/clamav/clamscan.log ?

I could reproduce your situation direkt after areboot:

grafik.png961×232 8.88 KB

grafik.png1004×243 11 KB

It looks like it’s only a matter of time.

oups I misunderstood something, I understood that my module nethserver-clamscan was the key of the issue…it is not the case

Flatspin, it is no matter of time, the service run (may be partially) but hangs
top says clamd takes 100% cpu but don’t start at all

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15969 c-icap 20 0 350744 239336 3280 R 100.0 6.2 1:25.65 clamd

c-icap report
Job c-icap.service/start failed with result ‘dependency’.

As I already explain, I have two nethserver systems installed: one in the office and the other for my house. In the office the system is on a HP ML350 G5 dual quad core Xeon 16GB Ram and mirroring of two very fast hdd (my old server).

The one at home is on a Alix APU2 with quad core cpu 4GB Ram and M2-SSD 64GB

In the office one the command:
/usr/sbin/clamd --debug -F -c /etc/clamd.d/squidclamav.conf

do nothing for about 15 minutes . After this long wait the following lines appears:

Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.

But web gui still report red label for the services c-icap and clamd@squidclamav

Same as the system running at my home. Same time to get response, same output.

The most sad parts of all is this output:
Job c-icap.service/start failed with result ‘dependency’.

What is mean?

no, i’m sad to say it doesn’t fix my problem…

AFAIK the c-icap service depends an clamd@squidclamav, so as long as the clamd not runs, the c-icap will not run. So this is normal.

As far as I can see, clamd is loaded correctly with debug. I get the same output here. But I get it after 45 sec on a not as powerfull system as yours, so 15 min is much to long.

Please post output of
rpm -qa clam*

EDIT: any relevant info in /var/log/clamav-unofficial-sigs/clamav-unofficial-sigs.log or messages.log ?

I finally found the trick!
Now all seems ok on both systems. I do the following steps:

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

then
vim /etc/clamd.d/scan.conf
edit the line “Example” to become
“# Example”

edit the line “#LocalSocket /var/run/clamd.scan/clamd.sock” to become
“LocalSocket /var/run/clamd.scan/clamd.sock”

then
systemctl restart clamd@squidclamav
systemctl stop clamd@squidclamav

yum remove clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

and finally reinstall what I need from webgui…

After reboot it is all ok!
Now the service starts immediately and take a very few percentage of cpu…

I get the fix but I’ve no idea why this fix works.

Good to hear you found a solution.

But it’s a really a strange behaviour.

Not all of the components are needed for nethserver-squidclamav and some should already be installed, so the first yum install should have given you those components to be installed already:

clamav-0.101.2-1.el7.x86_64
clamav-lib-0.101.2-1.el7.x86_64
clamav-update-0.101.2-1.el7.x86_64
clamav-filesystem-0.101.2-1.el7.noarch
clamav-data-0.101.2-1.el7.noarch
clamd-0.101.2-1.el7.x86_64
clamav-unofficial-sigs-5.6.2-7.el7.noarch
clamav-server-systemd-0.101.2-1.el7.x86_64

Can you remenber the output of rpm -qa clam* before you fixed?

no, unfortunately I solved it before I could read your post and I didn’t check the output of that command

Hi flatspin,
I have the same behaviour (clamd takes 100% cpu and Job c-icap.service/start failed with result ‘dependency’)…
The output of rpm -qa clam* on my machine is

clamav-unofficial-sigs-5.6.2-7.el7.noarch

nothing else.
Do you recommend me to do this steps from al-cresio?

Hi Mario,

sorry for late response, but I didn’t see your post.
If you want to tag someone, please put a @ before his/ her username.
i.e. @NhFan so you see it like this in the right window, then this person is notified.

please show output of
rpm -qa | grep clam

Good morning @flatspin,
thank you for the tip…

The output for the command rpm -qa | grep clam is:

clamav-update-0.101.2-1.el7.x86_64
clamav-data-0.101.2-1.el7.noarch
nethserver-squidclamav-3.0.0-1.ns7.noarch
clamd-0.101.2-1.el7.x86_64
clamav-filesystem-0.101.2-1.el7.noarch
clamav-server-systemd-0.101.2-1.el7.x86_64
clamav-0.101.2-1.el7.x86_64
squidclamav-6.16-1.ns7.x86_64
clamav-lib-0.101.2-1.el7.x86_64
clamav-unofficial-sigs-5.6.2-7.el7.noarch

Yesterday I executed a command signal-event nethserver-squidclamav-update, followed by init 6 to restart the machine. So today the services c-icap and clamd@squidclamav are up and running, no 100% cpu load anymore.
Regardless of this, I suspect that the wrong condition will occur again. This has already happened in the past.
Mario

The packages are all o.k.
Good to hear that the signal-event helped again!
I’m not sure, but I think this happens during freshclam updates.
We will keep an eyes on this.