Fixing Stopped Clam Service in DirectAdmin on CentOS 7

by | Apr 7, 2024 | Technical Help, Web Hosting

This article about fixing stopped Clam service is more technical than most I post here. It addresses an issue that arose on a server a couple times over the past years. That box has been around for a bit. I’ll be rebuilding and upgrading it in the near future. But servers have to work correctly until that upgrade actually happens. So I thought I’d speak to the issue on the off chance that this article might help someone else out there.

Introduction to ClamAV (Clam Antivirus)

ClamAV antivirus versatility graphicClam Antivirus (ClamAV) is a free, open-source antivirus tool used widely across various operating systems, including CentOS. It is particularly valuable for scanning emails, web content, and files for malware and viruses, making it an essential tool for maintaining the security and integrity of a production web server. Running such a service on a production server not only ensures the security of the server’s data but also safeguards the users who interact with the server’s resources.

Encountering and Resolving ClamAV Issues

On this DirectAdmin server, I’ve encountered a recurring issue where the ClamAV service, specifically clamd@scan, would intermittently stop running. This service is crucial for scanning files and emails for threats, and its downtime could potentially expose the server to undetected threats. It’s an utmost priority to avoid this.

Identifying the Problem

The first sign of trouble was a notification message from the system indicating that clamd@scan was down. The notifications happen each hour. Confirming this, the Service Monitor within DirectAdmin showed the status of clamd@scan as Stopped.

Steps for Fixing Stopped Clam Service

Resolving this issue involves several steps, executed via SSH (using tools like PuTTY). Then it involves editing files with Nano, (my favorite Linux text editor). Nano is available on CentOS and in most Linux versions.

Ensuring Root Access:
To perform the necessary steps, ensure you have root access. This can typically be achieved by placing your SSH key in the /root/.ssh/authorized_keys file, allowing for secure, password-less login as the root user. Or you can simply log in using your username and password either online or if you have physical access to the box as I have here at CharlesWorks.

Addressing the Issue:
1. Disabling ClamAV in DirectAdmin:

    • Navigate to the /usr/local/directadmin/data/admin/services.status file.
    • Temporarily set the ClamAV lines to off by editing the file with Nano:
      nano /usr/local/directadmin/data/admin/services.status

      Then, change the lines for clamav-freshclam and clamd@scan to OFF.

2. Manually Starting the ClamAV Service:

    • Use the command:
      systemctl start clamd@scan

      This command initiates the ClamAV service manually, allowing it to fully start and load its databases.

3. Monitoring the Service:

    • After manually starting the service, it is advisable to monitor it through DirectAdmin’s Service Monitor to ensure it remains running.

Understanding DirectAdmin and ClamAV Configurations

It’s important to differentiate between CustomBuild settings and the services.status file in DirectAdmin:

    • CustomBuild Settings: These determine if ClamAV is enabled on the server and should include its configurations in other services like Exim.
    • Service Status File: The /usr/local/directadmin/data/admin/services.status file controls process monitoring by DirectAdmin. Setting a service to OFF here means DirectAdmin won’t attempt to restart it automatically, but does not disable the service itself.

Troubleshooting Tips

    • Always ensure your server has enough resources to handle ClamAV’s demands.
    • Regularly check the DirectAdmin Service Monitor for the status of ClamAV services.
    • Keep your server’s SSH access secure and functional for quick interventions.

By following these steps, you can ensure that ClamAV continues to protect your server without causing unnecessary downtime.

Conclusion

Though ClamAV is resource-intensive, proper management and configuration can prevent it from becoming a point of failure. If the server has sufficient resources, like my 32GB RAM setup, ClamAV should run smoothly with minimal intervention. However, unexpected shutdowns or power losses can still lead to service interruptions, necessitating the outlined manual restart procedures. For more information about ClamAV (Clam AntiVirus) there is documentation at the https://docs.clamav.net/ site.

Understanding the Fix

DirectAdmin technicians showed me how to isolate and manually restart the ClamAV service. This method is grounded in system administration best practices. Such a strategy clears any lingering issues by first stopping all ClamAV instances and then carefully restarting the service. It addresses potential problems related to resource contention and improper initialization. These are common when multiple instances of a resource-intensive service like ClamAV attempt to start simultaneously. Or they can happen when the service fails to properly load its extensive virus databases due to interrupted starts or system resource limitations.

Resource contention” refers to a situation where multiple processes or services simultaneously attempt to use the same resources (such as CPU, memory, disk I/O, or network bandwidth) in a way that the demands exceed the available capacity. This competition for limited resources can lead to various problems, including decreased performance, slower response times, and in extreme cases, service failures or crashes.

In the context of a server running ClamAV (Clam AntiVirus), if multiple instances of the ClamAV service were to start at the same time, they would all try to access the server’s CPU and memory resources concurrently to load their virus databases and perform initializations. Given that ClamAV is known to be resource-intensive, especially during startup when it loads its databases, having multiple instances trying to initialize simultaneously can strain the server’s resources. This strain might not only impede ClamAV’s ability to start properly but could also affect the performance of other services running on the server, leading to a scenario of resource contention where not all processes can be adequately served.

Moreover, adjusting DirectAdmin’s service monitoring to accommodate ClamAV’s unique requirements helps prevent the service from entering a restart loop, a scenario where the service repeatedly attempts to restart without sufficient time to fully initialize. This nuanced understanding of ClamAV’s operational characteristics and the distinction between DirectAdmin’s CustomBuild settings and the services.status configuration ensures that ClamAV can effectively safeguard the server without unnecessary interruptions, providing a stable and secure server environment.

CLICK HERE to find your domain name!   CLICK HERE to transfer your domain name!

Archives

Tags

24 hour (1) Accessibility (2) Accounting (1) Advertising (16) AdWare (1) Alex Johnson (2) Alignment (1) Android (2) Anti-Virus (1) Antivirus (1) Antrim Computer Repair and Service (3) APC Back-UPS (1) Appearance (2) Apple Mail (4) Apple Mobile Mail (2) Attachments (1) Audit (1) Authorized (1) Autoresponder (5) Availability (1) Backups (1) Badges (3) Bank Account (1) Bank Statement (1) Battery Backup (2) Better Business Bureau (3) Bob Hill (1) Bookkeeper (1) Branding (8) Budget (2) Business (27) Business Management (1) Catalog (1) Categories (1) Charles Oropallo (1) CharlesWorks (42) Cherryl Jensen (1) Chrome (1) CleanTalk (1) Cloud (1) Code (2) Communicating (1) Competition (1) Computer (2) Computer Cache (1) Computer Hardware (1) Computer Security (2) Constant Contact (1) Consultation (1) Contact Information (2) Content (1) Content Management (37) Content Management System (1) Copiers (1) Copy Machine (1) Coronavirus (2) Courteous (1) COVID-19 (3) Credibility (9) Credit Card (1) Credit Card Processing (1) CSS (9) Customer Service (2) Database (1) Debian (1) Design (47) Design Expertise (1) Desktop (1) Dialup (1) DirectAdmin (4) Directions (1) DIVI (7) DNS (2) Do-it-Yourself (1) Documentation (1) Domains (18) Domain Transfers (5) E-Commerce (1) ecommerce (1) Elementor (1) Email (65) Email Lists (4) Email Management (4) Email marketing (4) Etiquette (3) Eudora 6 (1) Exchange (1) Expanding (1) Facebook (2) Financial (1) Finish (1) Firefox (1) Fonts (1) Forms (2) Forms Protection (1) Fraud (2) Galaxy S4 (1) General Info (1) Gmail (1) GoDaddy (1) Google (1) Google Adwords Certified Partner (1) Google Chrome (2) Groups (1) Happy Holidays (1) Hardware Help (1) Hill Specialty Networks (1) Hosting (1) Images (1) IMAP (1) include (1) Infected (1) Information (35) insert pages (1) Internet Browsing Errors (1) Internet Consultant (1) Internet Explorer (1) Joomla! (1) Keywords (2) Laptop (1) Legibility (1) Linux (12) Logging on (1) Macintosh (1) Mail 6.0 (1) Mail 2011 (2) Make-Over (1) Malicious (1) Malware (1) Marketing (8) Matt Burke (3) MDaemon (3) MelbourneIT (2) menu (1) Merchant (1) meta (1) Microsoft (1) Microsoft Edge (1) Microsoft Hosted Exchange (5) Microsoft Live (2) Mobile Email Setup (1) Monadnock Region (1) Mozilla Firefox (2) MySQL (1) Nathan Wesley (1) Netscape (1) Netscape Messenger (1) Office Copiers (1) OfficeLive (1) Online (1) Outlook (9) Outlook 2010 (2) Outlook Express (1) PayPal (1) Pay Per Click (2) PC (1) Personal (1) Peter Harris (1) Peter Harris Creative (1) Phishing (2) PHP (3) pixel (1) plugins (1) Pop Email (1) Popularity (1) Portfolio (1) Power Grid Failure (1) PPC (1) Prevent Fraud (1) Privacy (1) Private (1) Product (6) products (1) Professional (6) Projects (2) Protect (1) Protection (1) QR codes (1) Quality (2) QuickBooks (1) Reconciliation (1) Reduce Risk (1) Register (1) Reliability (2) Renew (1) Reseller (2) Resolution (1) Restrict User Access (1) Results (1) Review (2) Risk (1) Robin Snow (1) Roundcube (1) Safe (1) Samsung (2) Scam (16) Scammer (16) Search (1) Search and Replace (1) Search Engine Optimization (SEO) (21) Security (27) Security Risk (1) Selling (1) Servers (2) Service (11) Shopping Cart (1) Site (1) SmarterMail (9) Social Engineering (1) Social Networking (1) Software (1) solar flares (1) Solutions for Today (1) Spam (1) Spam Filtering (16) Spammer (1) Spyware (2) SquirrelMail (1) SSL (8) Statistics (2) Stats (2) Stone Pond Technology (1) Storage (1) Support (1) Tablet (1) Target Market (1) Technical Help (1) Testimonials (9) The CW Corner (1) Thom Little (1) Thom Little Associates (1) Thunderbird (3) Thunderbird 10 (2) TLD (1) Topic (1) Top Level Domains (3) Transaction (2) Transfer Data (1) Transfer Funds (1) Typography (1) Update (2) Uploading (1) UPS System (2) Up to Date (1) Virtualmin (1) Virus (2) Viruses (1) Vista (1) Web (1) Web-Over (1) Web Development (100) Web Hoster (1) Web Hosting (2) Web Hosting Company (1) Webmail (8) Web Mail (1) Webmaster (10) Webmin (1) Web Presence (28) Website (113) Website Development (1) websites (2) Web Stats (1) Web terms (1) Web Writing (1) Windows 7 (2) Windows Mail (6) Windows XP (1) WooCommerce (5) WordPress (89) WordPress Updates (1) Working Remote (2) Writing (1) YouTube (1)
Protected by CleanTalk Anti-Spam