[SOLVED] /var/log/clamav/freshclam.log is locked by another process

mdo

Renowned Member
Dec 5, 2010
49
9
73
New Zealand
After upgrading from 7.3-6 to 8.0.3, freshclam seems to behave differently.

On the command line (via ssh access as user root), running "freshclam -v" shows the below - which is the same when trying this in the GUI (Virus detector/Clamav/Update Now)

/var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!

Anyone else seeing this?

Thanks for a great product.
 
did you reboot after upgrading?
does the error persist after a reboot?

please share: ` journalctl -b -u clamav-freshclam.service` - maybe we see where the issue is coming from
 
did you reboot after upgrading?
does the error persist after a reboot?

please share: ` journalctl -b -u clamav-freshclam.service` - maybe we see where the issue is coming from
Yes, VM has been rebooted a few times and error message still persists after reboots. Journalctl as below looks good - but is reported there only once after VM restart (should show hourly download attempts):
Jul 04 05:25:42 mailgate systemd[1]: Started clamav-freshclam.service - ClamAV virus database updater.
Jul 04 05:25:42 mailgate freshclam[669]: Tue Jul 4 05:25:42 2023 -> ClamAV update process started at Tue Jul 4 05:25:42 2023
Jul 04 05:25:42 mailgate freshclam[669]: freshclam daemon 1.0.1 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Jul 04 05:25:42 mailgate freshclam[669]: ClamAV update process started at Tue Jul 4 05:25:42 2023
Jul 04 05:25:42 mailgate freshclam[669]: Tue Jul 4 05:25:42 2023 -> daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)
Jul 04 05:25:42 mailgate freshclam[669]: daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)
.. cut, more lines (we use additional Clam signatures from securiteinfo ...
Jul 04 05:25:44 mailgate freshclam[669]: Tue Jul 4 05:25:44 2023 -> winnow_bad_cw.hdb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: winnow_bad_cw.hdb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: Tue Jul 4 05:25:44 2023 -> MiscreantPunch099-Low.ldb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: MiscreantPunch099-Low.ldb is up-to-date (version: custom database)

Maybe a next, regular try

.. No newer entries here, 5 hrs later but in /var/log/syslog we see hourly updates, i.e.:
2023-07-04T10:27:43.065971+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> Received signal: wake up
2023-07-04T10:27:43.066436+12:00 mailgate freshclam[669]: Received signal: wake up
2023-07-04T10:27:43.066743+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> ClamAV update process started at Tue Jul 4 10:27:43 2023
2023-07-04T10:27:43.066869+12:00 mailgate freshclam[669]: ClamAV update process started at Tue Jul 4 10:27:43 2023
2023-07-04T10:27:43.908128+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)

Also systemctl looks correct
systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; preset: enabled)
Active: active (running) since Tue 2023-07-04 05:25:42 NZST; 5h 30min ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://docs.clamav.net/
Main PID: 669 (freshclam)
Tasks: 1 (limit: 7021)
Memory: 32.6M
CPU: 15.066s
CGroup: /system.slice/clamav-freshclam.service
└─669 /usr/bin/freshclam -d --foreground=true

Jul 04 10:27:58 mailgate freshclam[669]: securiteinfo.pdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.ndb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.ndb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.hdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.hdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.yara is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.yara is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> Clamd successfully notified about the update.
Jul 04 10:27:59 mailgate freshclam[669]: Clamd successfully notified about the update.

Interesting seems a difference in ownership of the freshclam log files:
ls -la /var/log/clamav/
total 496
drwxr-xr-x 2 clamav clamav 4096 Jul 2 00:00 .
drwxr-xr-x 13 root root 4096 Jul 2 00:00 ..
-rw-r----- 1 clamav adm 0 Jul 2 00:00 clamav.log
-rw-r----- 1 clamav adm 0 Jul 1 09:27 clamav.log.1
-rw-r----- 1 clamav adm 20 Apr 23 00:00 clamav.log.10.gz
..cut..
-rw-r----- 1 clamav adm 20 Apr 30 00:00 clamav.log.9.gz
-rw-r----- 1 root root 266 Jul 1 09:27 clamonacc.log
-rw-r----- 1 clamav clamav 334947 Jul 4 10:27 freshclam.log
-rw-r----- 1 clamav clamav 58375 Jul 2 00:00 freshclam.log.1
-rw-r----- 1 clamav adm 20 Apr 23 00:00 freshclam.log.10.gz
-rw-r----- 1 clamav adm 20 Apr 16 00:00 freshclam.log.11.gz
.. cut ..
Previously (I believe) the group for those was also "adm" but the freshclam log there was never used (0 size) as it looks like in another (PMG 7.3-3) installation.

However I look, it seems that the correct process (PID 669) is using that logfile.

lsof /var/log/clamav/freshclam.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
freshclam 669 clamav 3wW REG 253,1 334947 132317 /var/log/clamav/freshclam.log
 
Sorry, I found that I had something wrong in my freshclam.conf. Confused myself in the process of updating the template file :(
Now fixed and all is working as it was before.

Very sorry for the noise here and taking your time.

Michael
 
  • Like
Reactions: Stoiko Ivanov

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!