/etc/init.d/clamd start
错误:
[FAILED] log gives ERROR: daemonize() failed: Cannot Allocate Memory
在Cent OS
total Mem: 510876kb
/etc/init.d/clamd start
在/var/log/clamav
ERROR: daemonize() failed: Cannot Allocate Memory?
这是一个可以解决的问题吗?
我以为Clamd只需要20 - 40 mb
说Memory Free: 273844k
strace 的结果:
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0) = 1658
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, 0xbff84a2c, WNOHANG) = -1 ECHILD (No child processes)
sigreturn() = ? (mask now [])
rt_sigaction(SIGINT, {SIG_DFL, [], 0}, {0x80810f0, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(255, "", 1694) = 0
exit_group(1) = ?
strace -f 的结果:
strace -f -o /tmp/clamd.txt service clamd start
几乎是一样的,我是不是在寻找某种错误?
答案1
我遇到了同样的问题,发现saslauthd占用了大量内存,就像这个人。
该问题可能是内存泄漏,可能的修复方法如下:https://www.howtoforge.com/community/threads/saslauthd-memory-leak-fix.52750/
尝试了修复,但我无法确认,因为问题(如果仍然存在)将不会在几周内出现。
答案2
我也遇到了同样的问题。
我发现clamd内存不断增加,然后崩溃并出现错误:
Jun 6 08:08:32 <server> clamd[5086]: Received 0 file descriptor(s) from systemd.
Jun 6 08:08:32 <server> clamd[5086]: clamd daemon 0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jun 6 08:08:32 <server> clamd[5086]: Running as user clamupdate (UID 992, GID 990)
Jun 6 08:08:32 <server> clamd[5086]: Log file size limited to 1048576 bytes.
Jun 6 08:08:32 <server> clamd[5086]: Reading databases from /var/lib/clamav
Jun 6 08:08:32 <server> clamd[5086]: Not loading PUA signatures.
Jun 6 08:08:32 <server> clamd[5086]: Bytecode: Security mode set to "TrustSigned".
Jun 6 08:08:46 <server> clamd[5086]: Loaded 6538218 signatures.
Jun 6 08:08:48 <server> clamd[5086]: LOCAL: Unix socket file /var/run/clamd/clamd.sock
Jun 6 08:08:48 <server> clamd[5086]: LOCAL: Setting connection queue length to 4
Jun 6 08:08:48 <server> clamd[5086]: daemonize() failed: Cannot allocate memory
Jun 6 08:08:48 <server> clamd[5086]: Closing the main socket.
Jun 6 08:08:48 <server> clamd[5086]: Socket file removed.
我观察到clamd记忆中不断增长532 兆
# ps -o pid,size,rss,etime,start,cmd -p 16114|more
PID SIZE RSS ELAPSED STARTED CMD
16114 580024 545672 00:15 08:18:21 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf
# echo "scale=3; 545672/1024"|bc -l
532.882
我以为 532 MB 会很紧张,但我仍然可以放入小型服务器
# free -m
total used free shared buff/cache available
Mem: 1834 532 626 89 675 1004
Swap: 0 0 0
众所周知clamd,它消耗大量内存,而且似乎随着时间的推移变得越来越大。
所以我想知道是什么会消耗这么多内存,并用 分析了进程strace。
我发现它实际上正在将所有数据库文件读入内存,正如它在日志中所述Reading databases from /var/lib/clamav,并使用 创建内存索引6538218 signatures:
openat(AT_FDCWD, "/var/lib/clamav", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5
getdents(5, /* 6 entries */, 32768) = 176
stat("/var/lib/clamav/daily.cld", {st_mode=S_IFREG|0644, st_size=141535744, ...}) = 0
stat("/var/lib/clamav/main.cvd", {st_mode=S_IFREG|0644, st_size=117892267, ...}) = 0
stat("/var/lib/clamav/bytecode.cvd", {st_mode=S_IFREG|0644, st_size=153228, ...}) = 0
getdents(5, /* 0 entries */, 32768) = 0
close(5) = 0
stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266784, ...}) = 0
write(3, "Wed Jun 6 08:08:46 2018 -> Load"..., 55) = 55
sendto(4, "<22>Jun 6 08:08:46 clamd[5086]:"..., 59, MSG_NOSIGNAL, NULL, 0) = 59
将所有病毒定义读入内存后,它最终尝试使用fork子进程克隆 532 MB 的内存索引
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fd70bb64b10) = -1 ENOMEM (Cannot allocate memory)
stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266989, ...}) = 0
write(3, "Wed Jun 6 08:08:48 2018 -> ERRO"..., 78) = 78
write(2, "ERROR: daemonize() failed: Canno"..., 50) = 50
sendto(4, "<19>Jun 6 08:08:48 clamd[5086]:"..., 75, MSG_NOSIGNAL, NULL, 0) = 75
因此实际上在启动时它会消耗双倍内存从而形成其内存索引。
现在,为了能够启动并运行此服务,我至少需要创建一个交换分区来克服此启动序列。
正如其他人所评论的那样,增加系统内存有助于您克服此启动内存增加问题。