Clam AV stopped working without notice

I was randomly browsing my logfiles when I found the exim panic log.
/var/log/exim4/paniclog

It should always be empty so I panicked too.

[email protected]:/var/log/exim4# head paniclog
2021-07-17 00:01:37 1m4Vtp-0003sl-Ob malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

[email protected]:/var/log/exim4# tail paniclog
2021-07-27 16:14:50 1m8Nr4-0005OY-RJ malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): Connection refused

My email server has been working for at least 10 days without clamav unnoticed.

I hit the start button and everything went back to normal.

Is there something I am missing? Is there a watchdog that should be activated? If I have to make my own watchdog will the hestia team accept a PR?

systemctl status clamav-daemon

I have no issues

This is what I get

[email protected]:/var/log/exim4# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: active (running) since Tue 2021-07-27 16:15:49 CEST; 19min ago
Docs: man:clamd(8)
man:clamd.conf(5)
Introduction - ClamAV Documentation
Process: 23900 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE)
Process: 23901 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Main PID: 23902 (clamd)
Tasks: 3 (limit: 4692)
Memory: 1.3G
CGroup: /system.slice/clamav-daemon.service
└─23902 /usr/sbin/clamd --foreground=true

Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → Mail files support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → OLE2 support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → PDF support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → SWF support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → HTML support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → XMLDOCS support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → HWP3 support enabled.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → Self checking every 3600 seconds.
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → *Listening daemon: PID: 23902
Jul 27 16:16:52 c02.xxx.com clamd[23902]: Tue Jul 27 16:16:52 2021 → *MaxQueue set to: 100

This might be the issue. How ever have no clue what can be wrong try to start and stop and check if there are any issues.

systemctl stop clamav-daemon

systemctl status clamav-daemon

Jul 27 16:39:59 c02.xxx.com systemd[1]: Starting Clam AntiVirus userspace daemon…
Jul 27 16:39:59 c02.xxx.com mkdir[31005]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

# ls -l /run/ | grep clamav
drwxr-xr-x 2 clamav root 80 Jul 27 16:42 clamav

# ls -l /run/clamav/
total 4
srw-rw-rw- 1 clamav clamav 0 Jul 27 16:42 clamd.ctl
-rw-rw-r-- 1 root root 6 Jul 27 16:42 clamd.pid

So clamav is complaining because it can’t create /run/clamav but should I change ownerships / permissions? I am positive that I have not touched that.

Maybe this is unrelated to the fact that it stops running or doesn’t always restart…

Permissions are the same as on my server. I assume it is Debian 10?

You can try to delete /run/clamav folder and try agian.