1

Topic: Clamav lately stops without errors

==== Required information ====
- iRedMail version 0.9.4:
- Linux/BSD distribution name and version: Ubuntu 14.04.4
- Store mail accounts in which backend MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

clamav.log

Wed Apr 13 10:45:22 2016 -> SelfCheck: Database status OK.
Wed Apr 13 12:26:59 2016 -> SelfCheck: Database status OK.
Wed Apr 13 13:30:37 2016 -> SelfCheck: Database status OK.
Wed Apr 13 14:30:37 2016 -> SelfCheck: Database status OK.
Wed Apr 13 15:42:55 2016 -> SelfCheck: Database status OK.
Wed Apr 13 16:44:45 2016 -> SelfCheck: Database status OK.
Wed Apr 13 17:46:25 2016 -> SelfCheck: Database status OK.
Thu Apr 14 00:11:52 2016 -> +++ Started at Thu Apr 14 00:11:52 2016
Thu Apr 14 00:11:52 2016 -> clamd daemon 0.98.7 (OS: linux-gnu, ARCH:
Thu Apr 14 00:11:52 2016 -> Log file size limited to 4294967295 bytes.
Thu Apr 14 00:11:52 2016 -> Reading databases from /var/lib/clamav
Thu Apr 14 00:11:52 2016 -> Not loading PUA signatures.
Thu Apr 14 00:11:52 2016 -> Bytecode: Security mode set to "TrustSigne
Thu Apr 14 00:12:03 2016 -> Loaded 4298295 signatures.
Thu Apr 14 00:12:05 2016 -> LOCAL: Removing stale socket file /tmp/cla
Thu Apr 14 00:12:05 2016 -> LOCAL: Unix socket file /tmp/clamd.socket
Thu Apr 14 00:12:05 2016 -> LOCAL: Setting connection queue length to
Thu Apr 14 00:12:05 2016 -> Limits: Global size limit set to 104857600
Thu Apr 14 00:12:05 2016 -> Limits: File size limit set to 26214400 by
Thu Apr 14 00:12:05 2016 -> Limits: Recursion level limit set to 10.
Thu Apr 14 00:12:05 2016 -> Limits: Files limit set to 10000.
Thu Apr 14 00:12:05 2016 -> Limits: MaxEmbeddedPE limit set to 1048576
Thu Apr 14 00:12:05 2016 -> Limits: MaxHTMLNormalize limit set to 1048
Thu Apr 14 00:12:05 2016 -> Limits: MaxHTMLNoTags limit set to 2097152
Thu Apr 14 00:12:05 2016 -> Limits: MaxScriptNormalize limit set to 52
Thu Apr 14 00:12:05 2016 -> Limits: MaxZipTypeRcg limit set to 1048576
Thu Apr 14 00:12:05 2016 -> Limits: MaxPartitions limit set to 50.
Thu Apr 14 00:12:05 2016 -> Limits: MaxIconsPE limit set to 100.
Thu Apr 14 00:12:05 2016 -> Archive support enabled.
Thu Apr 14 00:12:05 2016 -> Algorithmic detection enabled.
Thu Apr 14 00:12:05 2016 -> Portable Executable support enabled.
Thu Apr 14 00:12:05 2016 -> ELF support enabled.
Thu Apr 14 00:12:05 2016 -> Mail files support enabled.
Thu Apr 14 00:12:05 2016 -> OLE2 support enabled.
Thu Apr 14 00:12:05 2016 -> PDF support enabled.
Thu Apr 14 00:12:05 2016 -> SWF support enabled.
Thu Apr 14 00:12:05 2016 -> HTML support enabled.
Thu Apr 14 00:12:05 2016 -> Self checking every 3600 seconds.

It has happened already 5 or 6 times. Does anyone know why can clamav quit without errors? I find the warnings in the server logs that get sent by e-mail.

Trying to fix the clamav issue I noticed that my server was rather quiet, and I see this:

postfix/error[20759]: 7C4672743264: to=<.......com>, relay=none, delay=0.05, delays=0.04/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Why is it temporarily suspended? Will I start receiving e-mails after a while?

I tried restarting postfix, iredapd, clamav-daemon, postfix but it did not help.

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Clamav lately stops without errors

How much memory does your server have? as mentioned in iRedMail installation guide, at least 2GB memory is required for a low traffic server.

If your server doesn't have enough memory, Amavisd will have issue to call SpamAssassin and ClamAV for spam/virus checking, this will cause amavisd service stopped automatically (lack of memory).

3

Re: Clamav lately stops without errors

I restarted the server and e-mails started arriving again.

It looks like I have 4Gb of memory:

free -m
             total       used       free     shared    buffers     cached
Mem:          4096        914       3181         99          0        370
-/+ buffers/cache:        544       3551
Swap:            0          0          0

The strange thing is, the server has been running fine for a few years. Only during the last weeks clamav quits without warning. I was wondering if people found a way to crash it remotely... Or maybe it's caused by high traffic peaks? (there's just two e-mail accounts and a few low traffic web sites hosted on it)

4

Re: Clamav lately stops without errors

gaudec wrote:

connect to 127.0.0.1[127.0.0.1]:10024: Connection refused

Port 10024 (and 10026, 9998) is Amavisd service, seems Amavisd stopped accidently. Maybe there's some related error in Postfix log file (amavisd logs to postfix log file too).

5

Re: Clamav lately stops without errors

You are right. Amavis stops together with Clamav.

It happened last night again, and the services were down for 15 hours.

This is a 'grep amavis' from mail.log:

Apr 15 17:15:05 SERVER amavis[IP]: (13594-01) Passed CLEAN {RelayedInbound}, [IP]:50058 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 1562C2741586, Message-ID: <***@***.com>, mail_id: 3LCkrssKk6J0, Hits: -1.787, size: 5075, queued_as: 44D0C27438C4, 1006 ms
Apr 15 17:22:15 SERVER amavis[IP]: (13737-01) Passed CLEAN {RelayedInbound}, [IP]:35396 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 92F522741586, Message-ID: <***@***.com>, mail_id: SJ3r46J1rc6j, Hits: 6.189, size: 5698, queued_as: 7A8A527438C4, 650 ms
Apr 15 17:28:12 SERVER amavis[IP]: (13802-01) Blocked SPAM {DiscardedInbound}, [IP]:50431 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 4039D2741586, Message-ID: <***@***.com>, mail_id: 9dSJYzpKVsdz, Hits: 13.788, size: 1489, 490 ms
Apr 15 17:40:14 SERVER amavis[IP]: (13819-01) Blocked SPAM {DiscardedInbound}, [IP]:1469 [IP] <***@***.com> -> <***@***.com>, Queue-ID: CEEBF2741586, mail_id: r3FiXAnjEVcK, Hits: 6.342, size: 9276, 618 ms
Apr 15 18:34:28 SERVER amavis[IP]: (13899-01) Blocked SPAM {DiscardedInbound}, [IP]:37391 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 91ABE2741586, Message-ID: <***@***.com>, mail_id: bTXsilouJuFP, Hits: 10.787, size: 7630, 753 ms
Apr 15 18:47:23 SERVER amavis[IP]: (14153-01) Passed CLEAN {RelayedInbound}, [IP]:50567 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 47E012741586, Message-ID: <***@***.com>, mail_id: mCHRy5BeiI9i, Hits: -0.086, size: 27239, queued_as: 1B73A27438C4, 573 ms
Apr 15 19:04:17 SERVER amavis[IP]: (14225-01) Passed CLEAN {RelayedInbound}, [IP]:51116 [IP] <***@***.com> -> <***@***.com>, Queue-ID: D36462741586, mail_id: 3fuHAV3lN90a, Hits: 4.339, size: 30604, queued_as: 805D227438C4, 936 ms
Apr 15 19:15:34 SERVER amavis[IP]: (14346-01) Passed CLEAN {RelayedInbound}, [IP]:50148 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 7FD772741586, Message-ID: <***@***.com>, mail_id: 8201bfvOqKy9, Hits: -1.787, size: 9015, queued_as: 8023527438C4, 820 ms
Apr 15 20:22:05 SERVER amavis[IP]: (14438-01) Passed CLEAN {RelayedInbound}, [IP]:3919 [IP] <***@***.com> -> <***@***.com>, Queue-ID: C51302741586, Message-ID: <***@***.com>, mail_id: 3m4OaEHzIyJ3, Hits: 4.504, size: 42476, queued_as: BEA7727438C4, 878 ms
Apr 15 20:29:51 SERVER amavis[IP]: (14745-01) Blocked SPAM {DiscardedInbound}, [IP]:43516 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 316562741586, Message-ID: <***@***.com>, mail_id: hcXYFTIQBwTF, Hits: 8.046, size: 17802, 605 ms
Apr 15 21:33:19 SERVER amavis[IP]: (14768-01) Passed CLEAN {RelayedInbound}, [IP]:58939 [IP] <***@***.com> -> <***@***.com>, Queue-ID: AEC552741586, Message-ID: <***@***.com>, mail_id: gAyMMhpLnnM9, Hits: -2.897, size: 2195, queued_as: A8EE227438C4, 4278 ms
Apr 15 21:35:26 SERVER amavis[IP]: (15066-01) Passed CLEAN {RelayedInbound}, [IP]:1987 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 832D32741586, Message-ID: <***@***.com>, mail_id: GAY7YAVcHYLZ, Hits: 3.328, size: 44260, queued_as: D822227438C4, 6332 ms
Apr 15 21:36:21 SERVER amavis[IP]: (15090-01) Blocked SPAM {DiscardedInbound}, [IP]:48685 [IP] <***@***.com> -> <***@***.com>, Queue-ID: 169AB2741586, Message-ID: <***@***.com>, mail_id: Br8Nknrbts4s, Hits: 7.287, size: 18643, 3810 ms

Apr 16 12:32:26 SERVER amavis[IP]: starting. /usr/sbin/amavisd-new at SERVER.serverprofi24.de amavisd-new-2.7.1 (20120429), Unicode aware, LANG="en_GB.UTF-8"
Apr 16 12:32:27 SERVER amavis[IP]: Net::Server: Group Not Defined.  Defaulting to EGID '114 114'
Apr 16 12:32:27 SERVER amavis[IP]: Net::Server: User Not Defined.  Defaulting to EUID '110'
Apr 16 12:32:27 SERVER amavis[IP]: Module Amavis::Conf        2.303
Apr 16 12:32:27 SERVER amavis[IP]: Module Archive::Zip        1.30
Apr 16 12:32:27 SERVER amavis[IP]: Module BerkeleyDB          0.54
Apr 16 12:32:27 SERVER amavis[IP]: Module Compress::Zlib      2.06
Apr 16 12:32:27 SERVER amavis[IP]: Module Convert::TNEF       0.18
Apr 16 12:32:27 SERVER amavis[IP]: Module Convert::UUlib      1.4
Apr 16 12:32:27 SERVER amavis[IP]: Module Crypt::OpenSSL::RSA 0.28
Apr 16 12:32:27 SERVER amavis[IP]: Module DBD::mysql          4.025
Apr 16 12:32:27 SERVER amavis[IP]: Module DBI                 1.63
Apr 16 12:32:27 SERVER amavis[IP]: Module DB_File             1.827
Apr 16 12:32:27 SERVER amavis[IP]: Module Digest::MD5         2.52
Apr 16 12:32:27 SERVER amavis[IP]: Module Digest::SHA         5.84_01
Apr 16 12:32:27 SERVER amavis[IP]: Module File::Temp          0.23
Apr 16 12:32:27 SERVER amavis[IP]: Module IO::Socket::INET6   2.71
Apr 16 12:32:27 SERVER amavis[IP]: Module MIME::Entity        5.505
Apr 16 12:32:27 SERVER amavis[IP]: Module MIME::Parser        5.505

The only thing I notice is that amavis normally takes about half second to process an e-mail, but at some point it becomes slower, up to 6 seconds. And then it just stops.

Why doesn't it restart? Worst case I can make a cron job that restarts amavis and clamav if they go down...

6

Re: Clamav lately stops without errors

Since you have 4GB memory, you can try to slightly increase the number of concurrently processed emails by following our tutorial:
http://www.iredmail.org/docs/concurrent.processing.html

if it doesn't work, try to decrease it as a testing.

7

Re: Clamav lately stops without errors

Thank you! I'll try that. I noticed I had

$max_servers = 1;
$max_requests = 1;

since 2 years ago, as it was suggested at http://www.iredmail.org/forum/topic2536 … ailed.html for a low traffic server. It worked fine so far.

But I noticed the postfix smtp value was

smtp-amavis unix -  -   -   -   10  smtp

I just set all those values at 4 for now to see if there's any difference (at least they're 4 to 4 instead of 10 to 1).

I'll report back.

8

Re: Clamav lately stops without errors

Since I made the mentioned changes, clamav has not stopped by itself. So far the problem seems solved.