为什么 Clam 防病毒守护程序无法启动并出现“无法分配内存错误”?

为什么 Clam 防病毒守护程序无法启动并出现“无法分配内存错误”?

/etc/init.d/clamd start

错误:

[FAILED] log gives ERROR: daemonize() failed: Cannot Allocate Memory

Cent OS

total Mem: 510876kb

/etc/init.d/clamd start

/var/log/clamav

ERROR: daemonize() failed: Cannot Allocate Memory

这是一个可以解决的问题吗?

我以为Clamd只需要20 - 40 mb

Memory Free: 273844k

strace 的结果:

waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0) = 1658
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, 0xbff84a2c, WNOHANG)        = -1 ECHILD (No child processes)
sigreturn()                             = ? (mask now [])
rt_sigaction(SIGINT, {SIG_DFL, [], 0}, {0x80810f0, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
read(255, "", 1694)                     = 0
exit_group(1)                           = ?

strace -f 的结果:

strace -f -o /tmp/clamd.txt service clamd start

几乎是一样的,我是不是在寻找某种错误?

答案1

我遇到了同样的问题,发现saslauthd占用了大量内存,就像这个人

该问题可能是内存泄漏,可能的修复方法如下:https://www.howtoforge.com/community/threads/saslauthd-memory-leak-fix.52750/

尝试了修复,但我无法确认,因为问题(如果仍然存在)将不会在几周内出现。

答案2

我也遇到了同样的问题。
我发现clamd内存不断增加,然后崩溃并出现错误:

Jun  6 08:08:32 <server> clamd[5086]: Received 0 file descriptor(s) from systemd.
Jun  6 08:08:32 <server> clamd[5086]: clamd daemon 0.99.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jun  6 08:08:32 <server> clamd[5086]: Running as user clamupdate (UID 992, GID 990)
Jun  6 08:08:32 <server> clamd[5086]: Log file size limited to 1048576 bytes.
Jun  6 08:08:32 <server> clamd[5086]: Reading databases from /var/lib/clamav
Jun  6 08:08:32 <server> clamd[5086]: Not loading PUA signatures.
Jun  6 08:08:32 <server> clamd[5086]: Bytecode: Security mode set to "TrustSigned".
Jun  6 08:08:46 <server> clamd[5086]: Loaded 6538218 signatures.
Jun  6 08:08:48 <server> clamd[5086]: LOCAL: Unix socket file /var/run/clamd/clamd.sock
Jun  6 08:08:48 <server> clamd[5086]: LOCAL: Setting connection queue length to 4
Jun  6 08:08:48 <server> clamd[5086]: daemonize() failed: Cannot allocate memory
Jun  6 08:08:48 <server> clamd[5086]: Closing the main socket.
Jun  6 08:08:48 <server> clamd[5086]: Socket file removed.

我观察到clamd记忆中不断增长532 兆

# ps -o pid,size,rss,etime,start,cmd -p 16114|more
  PID  SIZE   RSS     ELAPSED  STARTED CMD
16114 580024 545672     00:15 08:18:21 /usr/sbin/clamd -c /etc/clamd.d/clamd.conf
# echo "scale=3; 545672/1024"|bc -l
532.882

我以为 532 MB 会很紧张,但我仍然可以放入小型服务器

# free -m
              total        used        free      shared  buff/cache   available
Mem:           1834         532         626          89         675        1004
Swap:             0           0           0

众所周知clamd,它消耗大量内存,而且似乎随着时间的推移变得越来越大。
所以我想知道是什么会消耗这么多内存,并用 分析了进程strace
我发现它实际上正在将所有数据库文件读入内存,正如它在日志中所述Reading databases from /var/lib/clamav,并使用 创建内存索引6538218 signatures

openat(AT_FDCWD, "/var/lib/clamav", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5
getdents(5, /* 6 entries */, 32768)     = 176
stat("/var/lib/clamav/daily.cld", {st_mode=S_IFREG|0644, st_size=141535744, ...}) = 0
stat("/var/lib/clamav/main.cvd", {st_mode=S_IFREG|0644, st_size=117892267, ...}) = 0
stat("/var/lib/clamav/bytecode.cvd", {st_mode=S_IFREG|0644, st_size=153228, ...}) = 0
getdents(5, /* 0 entries */, 32768)     = 0
close(5)                                = 0
stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266784, ...}) = 0
write(3, "Wed Jun  6 08:08:46 2018 -> Load"..., 55) = 55
sendto(4, "<22>Jun  6 08:08:46 clamd[5086]:"..., 59, MSG_NOSIGNAL, NULL, 0) = 59

将所有病毒定义读入内存后,它最终尝试使用fork子进程克隆 532 MB 的内存索引

clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fd70bb64b10) = -1 ENOMEM (Cannot allocate memory)
stat("/var/log/clamd/clamd.log", {st_mode=S_IFREG|0600, st_size=266989, ...}) = 0
write(3, "Wed Jun  6 08:08:48 2018 -> ERRO"..., 78) = 78
write(2, "ERROR: daemonize() failed: Canno"..., 50) = 50
sendto(4, "<19>Jun  6 08:08:48 clamd[5086]:"..., 75, MSG_NOSIGNAL, NULL, 0) = 75

因此实际上在启动时它会消耗双倍内存从而形成其内存索引。

现在,为了能够启动并运行此服务,我至少需要创建一个交换分区来克服此启动序列。
正如其他人所评论的那样,增加系统内存有助于您克服此启动内存增加问题。

相关内容