Clamd Stopping - Kernel (clamd) exited on Signal 10

  • Hi all,

    I have similar problem with clamd as described in topic:

    We have a pfsense on SG-3100 (2G RAM) appliance and every day we have problem with clam daemon which randomly stop (knocking out squid) and need restarting.
    From the logging we are getting the below message from the system:

    May 28 07:46:59 kernel pid 88718 (clamd), uid 106: exited on signal 10

    I use the Service Watchdog package to restart clamd if it stops, but after that squid runs improperlly (not always ) (in squid access table we have TCP_NONE/500 so there is no Internet for users in browsers - redirection to squid page with icap error).

    When AV is disabled squid works perfectly.
    From fleshclam table a I got info
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0

    Has anyone experienced anything like this before? Is it problem with to low RAM? Maybe problem with hardware?
    Any pointers on this would be great.

    On LAN we have max 25 users and services dhcpd, dpinger, ligsquid_web, ntopng, ntpd, openvpn, squid, sshd, syslogd, unboiund and watchdog)
    Memory usage is 25%.

    pfSense version
    2.4.3-RELEASE-p1 (arm)
    built on Thu May 10 15:59:52 CDT 2018
    FreeBSD 11.1-RELEASE-p10

    Many thanks for any suggestions

  • Yes. Same problem plus much more. I just deployed the SG-3100 and it keeps going unresponsive. I am trying to VPN in to the SG3100 I deployed yesterday and although I can see endpoints online via Logmein I cannot connect via OpenVPN or Logmein. I see some major issues with this box, I don't think ARMv7 is well suited for pfSense. I don't think I will be touching any Netgate hardware in the future.

  • I wouldn't even consider putting squid on any system with a 2-core cpu and 2GB's of memory.
    I think you will find that you exhausted all your memory consider that clamav can use up almost
    1 GB of memory by itself.

  • Turns out my problem had to do with a memory leak related to forwarding DNS over TLS via Unbound. After disabling the Google Safe Browsing rules, Squid + clamd seems to be stable.

  • ClamAV needs to be recompiled for ARM without the default optimizations and you must patch the binary. What a headache.

    See thread:

  • Rebel Alliance Developer Netgate

    You should now see squid pkg version 0.4.44_7 which includes the recompiled clamav package.