We have deployed ClamAV as an AWS ECS service using image Uri docker.io/clamav/clamav:latest.
However, the clamav service is not starting properly.
The file /var/log/clamav/clamd.log shows the lines:
Tue May 10 20:14:28 2022 -> +++ Started at Tue May 10 20:14:28 2022
Tue May 10 20:14:28 2022 -> Received 0 file descriptor(s) from systemd.
Tue May 10 20:14:28 2022 -> clamd daemon 0.105.0 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Tue May 10 20:14:28 2022 -> Log file size limited to 1048576 bytes.
Tue May 10 20:14:28 2022 -> Reading databases from /var/lib/clamav
Tue May 10 20:14:28 2022 -> Not loading PUA signatures.
Tue May 10 20:14:28 2022 -> Bytecode: Security mode set to "TrustSigned".
Tue May 10 20:14:45 2022 -> Loaded 8615352 signatures.
Tue May 10 20:14:49 2022 -> TCP: Bound to []:3310
Tue May 10 20:14:49 2022 -> TCP: Setting connection queue length to 200
Tue May 10 20:14:49 2022 -> LOCAL: Unix socket file /run/clamav/clamd.sock
Tue May 10 20:14:49 2022 -> LOCAL: Setting connection queue length to 200
Tue May 10 20:14:49 2022 -> Limits: Global time limit set to 120000 milliseconds.
Tue May 10 20:14:49 2022 -> Limits: Global size limit set to 419430400 bytes.
Tue May 10 20:14:49 2022 -> Limits: File size limit set to 104857600 bytes.
Tue May 10 20:14:49 2022 -> Limits: Recursion level limit set to 17.
Tue May 10 20:14:49 2022 -> Limits: Files limit set to 10000.
Tue May 10 20:14:49 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxPartitions limit set to 50.
Tue May 10 20:14:49 2022 -> Limits: MaxIconsPE limit set to 100.
Tue May 10 20:14:49 2022 -> Limits: MaxRecHWP3 limit set to 16.
Tue May 10 20:14:49 2022 -> Limits: PCREMatchLimit limit set to 100000.
Tue May 10 20:14:49 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Tue May 10 20:14:49 2022 -> Limits: PCREMaxFileSize limit set to 104857600.
Tue May 10 20:14:49 2022 -> Archive support enabled.
Tue May 10 20:14:49 2022 -> AlertExceedsMax heuristic detection disabled.
Tue May 10 20:14:49 2022 -> Heuristic alerts enabled.
Tue May 10 20:14:49 2022 -> Portable Executable support enabled.
Tue May 10 20:14:49 2022 -> ELF support enabled.
Tue May 10 20:14:49 2022 -> Mail files support enabled.
Tue May 10 20:14:49 2022 -> OLE2 support enabled.
Tue May 10 20:14:49 2022 -> PDF support enabled.
Tue May 10 20:14:49 2022 -> SWF support enabled.
Tue May 10 20:14:49 2022 -> HTML support enabled.
Tue May 10 20:14:49 2022 -> XMLDOCS support enabled.
Tue May 10 20:14:49 2022 -> HWP3 support enabled.
Tue May 10 20:14:49 2022 -> Self checking every 600 seconds.
Tue May 10 20:14:49 2022 -> Set stacksize to 1048576
Tue May 10 20:14:59 2022 -> Reading databases from /var/lib/clamav
The only way to recover is to manually start the service by executing the clamd command from the container. We did try using an image from http://docker.io/mkodockx/docker-clamav and that seemed to start properly. I need help understanding why the clamav service seems to hang after the container starts. Are there any other logs that will help understand the issue?
Regards,
John
Thanks. We resolved the issue by increasing the memory in the AWS::ECS::TaskDefinition present in the Cloudformation from 2GB to 3GB