為什麼 Clam 防病毒守護程序不會以無法分配記憶體錯誤啟動?
/etc/init.d/clamd start
錯誤:
[FAILED] log gives ERROR: daemonize() failed: Cannot Allocate Memory
在
Cent OS
total Mem: 510876kb
/etc/init.d/clamd start
在
/var/log/clamav
ERROR: daemonize() failed: Cannot Allocate Memory
?這是一個可以解決的問題嗎?
我以為
Clamd
只需要20 - 40 mb
說
Memory Free: 273844k
strace 的結果:
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0) = 1658 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 --- SIGCHLD (Child exited) @ 0 (0) --- waitpid(-1, 0xbff84a2c, WNOHANG) = -1 ECHILD (No child processes) sigreturn() = ? (mask now []) rt_sigaction(SIGINT, {SIG_DFL, [], 0}, {0x80810f0, [], 0}, 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 read(255, "", 1694) = 0 exit_group(1) = ?
strace -f 的結果:
strace -f -o /tmp/clamd.txt service clamd start
幾乎相同,我在尋找某種錯誤嗎?
我也遇到過同樣的問題,發現像這個人一樣
saslauthd
佔用了很多記憶體。問題可能是記憶體洩漏,此處描述了可能的修復方法:https ://www.howtoforge.com/community/threads/saslauthd-memory-leak-fix.52750/
嘗試了修復,但我無法確認,因為問題(如果仍然存在)不會在幾週後出現。
我也遇到了同樣的問題。
我觀察到它
clamd
在記憶體中一次又一次地增長,然後因錯誤而崩潰:Jun 6 08:08:32 <server> clamd[5086]: Received 0 file descriptor(s) from systemd. Jun 6 08:08:32 <server> clamd[5086]: clamd daemon 0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jun 6 08:08:32 <server> clamd[5086]: Running as user clamupdate (UID 992, GID 990) Jun 6 08:08:32 <server> clamd[5086]: Log file size limited to 1048576 bytes. Jun 6 08:08:32 <server> clamd[5086]: Reading databases from /var/lib/clamav Jun 6 08:08:32 <server> clamd[5086]: Not loading PUA signatures. Jun 6 08:08:32 <server> clamd[5086]: Bytecode: Security mode set to "TrustSigned". Jun 6 08:08:46 <server> clamd[5086]: Loaded 6538218 signatures. Jun 6 08:08:48 <server> clamd[5086]: LOCAL: Unix socket file /var/run/clamd/clamd.sock Jun 6 08:08:48 <server> clamd[5086]: LOCAL: Setting connection queue length to 4 Jun 6 08:08:48 <server> clamd[5086]: daemonize() failed: Cannot allocate memory Jun 6 08:08:48 <server> clamd[5086]: Closing the main socket. Jun 6 08:08:48 <server> clamd[5086]: Socket file removed.
我觀察到
clamd
記憶體增長到532 MB# ps -o pid,size,rss,etime,start,cmd -p 16114|more PID SIZE RSS ELAPSED STARTED CMD 16114 580024 545672 00:15 08:18:21 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf # echo "scale=3; 545672/1024"|bc -l 532.882
我認為 532 MB 會很緊,但我仍然可以放入小型伺服器
# free -m total used free shared buff/cache available Mem: 1834 532 626 89 675 1004 Swap: 0 0 0
一直都知道它
clamd
會消耗很多記憶體,但它似乎隨著時間的推移變得越來越大。所以我想知道什麼會消耗這麼多記憶體並用
strace
.我發現它實際上正在將所有數據庫文件讀入記憶體,因為它在其日誌中聲明
Reading databases from /var/lib/clamav
並創建了一個記憶體索引6538218 signatures
:openat(AT_FDCWD, "/var/lib/clamav", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5 getdents(5, /* 6 entries */, 32768) = 176 stat("/var/lib/clamav/daily.cld", {st_mode=S_IFREG|0644, st_size=141535744, ...}) = 0 stat("/var/lib/clamav/main.cvd", {st_mode=S_IFREG|0644, st_size=117892267, ...}) = 0 stat("/var/lib/clamav/bytecode.cvd", {st_mode=S_IFREG|0644, st_size=153228, ...}) = 0 getdents(5, /* 0 entries */, 32768) = 0 close(5) = 0 stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266784, ...}) = 0 write(3, "Wed Jun 6 08:08:46 2018 -> Load"..., 55) = 55 sendto(4, "<22>Jun 6 08:08:46 clamd[5086]:"..., 59, MSG_NOSIGNAL, NULL, 0) = 59
在將所有病毒定義讀入記憶體後,它最終會嘗試
fork
嘗試複製 532 MB 記憶體索引的子程序clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fd70bb64b10) = -1 ENOMEM (Cannot allocate memory) stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266989, ...}) = 0 write(3, "Wed Jun 6 08:08:48 2018 -> ERRO"..., 78) = 78 write(2, "ERROR: daemonize() failed: Canno"..., 50) = 50 sendto(4, "<19>Jun 6 08:08:48 clamd[5086]:"..., 75, MSG_NOSIGNAL, NULL, 0) = 75
所以實際上在啟動的那一刻,它會消耗雙倍的記憶體,使其成為記憶體索引。
現在為了能夠啟動和執行這個服務,我至少需要創建一個交換分區來克服這個啟動序列。
正如其他人所評論的那樣,增加系統記憶體可以幫助您克服這種啟動記憶體增加。