[Pkg-clamav-devel] Bug#775112: systemd: repeatedly tries to start clamav

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Thu Jan 15 21:15:16 GMT 2015 

clone 775112 -1 -2
reassign -1 systemd
retitle -1 systemd: don't start services every few ms if condition fails
reassign -2 systemd
retitle -2 systemd: log if a condition prevents starting a unit
thanks

Hi,

On 12.01.2015 10:42, Russell Coker wrote:
> On Sun, 11 Jan 2015 07:56:31 PM Andreas Cadhalpun wrote:
>> On 11.01.2015 20:17, Michael Biebl wrote:
>>> Am 11.01.2015 um 16:14 schrieb Russell Coker:
>>>> After a fresh install of a mail server running Jessie I get the above
>>>> repeatedly in my daemon.log until the filesystem becomes full.
>>>>
>>>> When I run "journalctl -u clamav-daemon" I just get the same as the
>>>> above with no additional information.  What should I do next to try and
>>>> track this down?
>>
>> Please provide the output of:
>> sudo systemctl status clamav-daemon.service
>
> # systemctl status clamav-daemon.service
> ● clamav-daemon.service - Clam AntiVirus userspace daemon
>     Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
>     Active: inactive (dead)
>             start condition failed at Mon 2015-01-12 09:39:42 UTC; 4ms ago
>             ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} was not
> met

So this condition fails and systemd retries to start the service every 
few milliseconds.

>       Docs: man:clamd(8)
>             man:clamd.conf(5)
>             http://www.clamav.net/lang/en/doc/
>
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.
> Jan 12 09:39:26 newsmtp systemd[1]: Started Clam AntiVirus userspace daemon.

Apparently nothing is logged about the condition failure.

>> sudo systemctl status clamav-daemon.socket
>
> # systemctl status clamav-daemon.socket
> ● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
>     Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
>     Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago
>       Docs: man:clamd(8)
>             man:clamd.conf(5)
>             http://www.clamav.net/lang/en/doc/
>     Listen: /run/clamav/clamd.ctl (Stream)
>    Process: 289 ExecStartPost=/bin/chown -R clamav:clamav /run/clamav/
> (code=exited, status=0/SUCCESS)
>
> Jan 12 09:32:59 newsmtp systemd[1]: Starting Socket for Clam AntiVirus
> user...n.
> Jan 12 09:32:59 newsmtp systemd[1]: Listening on Socket for Clam AntiVirus
> ...n.
> Hint: Some lines were ellipsized, use -l to show in full.
>
>> sudo systemctl status clamav-freshclam.service
>
> # systemctl status clamav-freshclam.service
> ● clamav-freshclam.service - ClamAV virus database updater
>     Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled)
>     Active: active (running) since Mon 2015-01-12 09:38:43 UTC; 1min 44s ago
>       Docs: man:freshclam(1)
>             man:freshclam.conf(5)
>             http://www.clamav.net/lang/en/doc/
>   Main PID: 682 (freshclam)
>     CGroup: /system.slice/clamav-freshclam.service
>             └─682 /usr/bin/freshclam -d --foreground=true
>
> Jan 12 09:38:58 newsmtp freshclam[682]: ClamAV update process started at
> Mon...5
> Jan 12 09:38:58 newsmtp freshclam[682]: WARNING: Can't download main.cvd
> fro...t
> Jan 12 09:38:58 newsmtp freshclam[682]: Trying again in 5 secs...
> Jan 12 09:39:03 newsmtp freshclam[682]: ClamAV update process started at
> Mon...5
> Jan 12 09:39:03 newsmtp freshclam[682]: ERROR: Can't download main.cvd from
> ...t
> Jan 12 09:39:03 newsmtp freshclam[682]: Giving up on db.local.clamav.net...
> Jan 12 09:39:03 newsmtp freshclam[682]: ClamAV update process started at
> Mon...5
> Jan 12 09:39:04 newsmtp freshclam[682]: ERROR: Can't download main.cvd from
> ...t
> Jan 12 09:39:04 newsmtp freshclam[682]: Giving up on database.clamav.net...
> Jan 12 09:39:04 newsmtp freshclam[682]: Update failed. Your network may be
> d....
> Hint: Some lines were ellipsized, use -l to show in full.
>
>> ls -l /var/lib/clamav
>
> #  ls -l /var/lib/clamav
> total 4
> -rw------- 1 clamav clamav 1248 Jan 12 09:39 mirrors.dat

Somehow freshclam can't download the virus definition databases.

>>> I'm going to re-assign this bug report to clamav-daemon (not sure, if
>>> it's actually a bug), since its package maintainer is probably more able
>>> to help you.
>>>
>>> If this turns out to be an actual bug in systemd, please re-assign back.
>
> Should systemd be able to limit the frequency of starting the daemon?  I don't
> think it's reasonable for it to take the entire CPU power of a core of a 64bit
> CPU for repeatedly starting a daemon.

I think systemd should handle this case better, either with a mechanism 
like you suggest, or by simply changing the socket state from active to 
failed if the associated service can't be started due to a condition 
failure. That is what systemd does if the service fails to start.
Thus I've cloned a bug for that issue.

Let's keep this bug (#775112) about improving the situation from the 
clamav side. I see two options. Either we add the conditions also to the 
socket unit, or we remove them from the service unit. In the latter 
case, clamd will fail to start and both service and socket will enter 
failed state, if no databases are present.

>> My guess is that the clamav databases are not present.
>> The clamav-daemon.service contains:
>> ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
>> ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
>>
>> So systemd will not start clamav-daemon, if the databases are absent
>> (and if it did, clamd would fail to start).
>> But these conditions should probably also be in the socket, so that the
>> socket is not created, if no databases are present.
>
> It should log the reason why it doesn't start.

It should, so I've made another clone.

>> Anyway, freshclam should have downloaded the databases in the mean time,
>> so it should work now.
>
> No, it's still having problems doing that, but that's another issue.

You probably need to check your network connection, firewall settings etc..

Best regards,
Andreas

More information about the Pkg-systemd-maintainers mailing list