Hi there, On Thu, 6 Feb 2020, Tom Ossman via clamav-users wrote:
So I have Clam setup in network mode.
I'm not sure that I know what that means. Please elaborate in as much detail as it would take for me to reproduce your system.
On the server I have the VirusEvent line in the clamd.conf file
So I guess you're running clamd. Be aware that there have been some problems with the VirusEvent feature which have only fairly recently been fixed (as late as October 2019 - see for example this link: https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html), and you might expect that, depending on your use case, there could be relatively new code in there which hasn't yet been as well exercised as some of the other code has been.
uncommented and in place of the example I have it set to run a script which is supposed to grab the last line of the clamd.log file add that to a text file which is then emailed to us.
Please tell us What is the server; what resources it has (particularly CPU & memory); what operating system it uses; what version of ClamAV it uses and how that was installed; the full configuration files; the exact VirusEvent script; what you are scanning, how, and how it is presented to ClamAV; an example line of the log file that you're looking for; how you know that the last line is the one you're looking for; what other processes are running on the sever and what resources are used by them; relevant log extracts etc.; and as much about the client(s) too - how many of them; what they are; what load they present to the server; etc..
Starting two days ago the email stopped being sent when a virus was found when I was running tests. Saw the "fork failed" error and after some troubleshooting which did not reveal anything
Please tell us the EXACT error message; where you found it; what the troubleshooting was; the test results; what you were doing at the time; and what you were looking for which was not revealed in the test results.
I tried rebooting the server. After the server came back up VirusEvent started working
It seems like the server might have been running out of resources, but that's just my conjecture. Please tell us what you have done to verify that the server has enough resources to do the tasks which it has to do - for example, have you studied the 'man' page for 'top'?
so I chalked it up to the server just needing a reboot.
Very woolly thinking, a bit like working with Windows boxes. I run servers for sometimes more than a year without a reboot, including servers which run several clamd daemons. I never expect any server to be "just needing a reboot", and if a production server does need a reboot to make it work, in the absence of extenuating circumstances I will consider it broken, and fix it.
Yesterday same thing started to happen, during testing I realized that the emails were not being sent.
Please describe the testing - carefully - and the mail system.
Checked the logs on the server and saw the "fork failed" error again, tried another reboot but this time that has not worked.
Please tell us what IS working; what resources are being used; etc.
I have found two other threads in this mailing list with the same error, but neither has any solutions to the problem. I know this setup can work I'm just stuck on why this error keeps popping up.
Please point us to those threads as I'm sure some of the list threads about failed forks are not relevant to this issue. The only one I see which might be relevant is over three years old (January 2017, which is very old in terms of ClamAV development) and, as you say, it was in any case uninformative all round.
Is there anything I can do to get more information from Clam about what is happening to hopefully point me to a solution?
You might enable debug logging, but at the moment the issues are more about us getting information from you than you getting it from ClamAV. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
