ClamAV on Rocky 10 updates to a version that can not start.

andybro1 · September 11, 2025, 2:07am

Bug Report Template

Description

Fresh install of ApisCP on Rocky 10 everything works great for about a day until clamav somehow autoupdates. When it autoupdates, the clamav version does not start anymore. To fix it I have to do dnf remove clamav and than reinstall it with dnf install clamav (along with the signatures and modsecurity connector) which fixes the issue when I do dnf install it downgrades the dependencies.

Steps to Reproduce

Step 1: Install on new sever (Rocky 10), everything works great.
Step 2: After about 1-2 days, the ClamAV version autoupdates.
Step 3 : After the update, ClamAV fails to start.
Step 4: I check the version and it is a newer version than previously.
Step 5: If I remove the package and than reinstall via dnf, it reinstalls the older version and I am able to restart the ClamAV process from the ApisCP dashboard.
Step6: It auto updates the ClamAV to a newer version after about a day and it fails to start. I noticed it crashed from the ApisCP dashboard where it shows all the apps running (MySQL, Apache, ClamAV etc.)

Expected Behavior

Updates to a compatible newer version and does not crash, it starts normally.

Actual Behavior

ClamAV crashes and wont start after it autoupdates.

Environment

ApisCP version: cpcmd misc:cp-version
revision: d96f3eb1367df2527c4f787624c61ed4e8e55e72
timestamp: 1757444750
ver_maj: 3
ver_min: 2
ver_patch: 48
ver_pre: 14-gd96f3eb13
dirty: false
debug: false

Operating System: uname -r
6.12.0-55.29.1.el10_0.x86_64

Additional relevant information (e.g., PHP version, database, etc.):
The working version is clamav-1.4.2-1.el10_0.x86_64

Additional Information

Provide any additional information about the bug, such as error messages, logs, screenshots, or any other relevant details.

That’s all I have for now. Thanks! - Andy

msaladna · September 12, 2025, 5:47pm

journalctl -n50 -u clamd@scan

I bet you’ll seeing something like,

Sep 12 12:33:30 localhost.localdomain systemd[1]: clamd@scan.service: Main process exited, code=killed, status=9/KILL
Sep 12 12:33:30 localhost.localdomain systemd[1]: clamd@scan.service: Failed with result 'oom-kill'.
Sep 12 12:33:30 localhost.localdomain systemd[1]: clamd@scan.service: Consumed 22.470s CPU time, 1.4G memory peak, 568.>
Sep 12 12:33:31 localhost.localdomain systemd[1]: clamd@scan.service: Scheduled restart job immediately on client reque>
Sep 12 12:33:31 localhost.localdomain systemd[1]: Starting clamd@scan.service - clamd scanner (scan) daemon...

When signatures are updated, a second instance of ClamAV is started before the old one terminates. Server would require more RAM to safely run 2 copies of ClamAV in this scenario, concurrent reloads disabled (see override instructions), or if you have a separate server - centralize ClamAV scanning on a single server.

andybro1 · September 13, 2025, 3:05am

So now it is at version clamav-1.4.3-1.el10_1.x86_64 and it crashes and can not start. I am running ApisCP on baremetal at 192gb of ram so I don’t think it would be a memory issue. here is the log file , i truncated it since it just repeats:


[root@zeus ~]# journalctl -n50 -u clamd@scan

Sep 11 06:38:47 hostname.tld systemd[1]: clamd@scan.service: Failed with result 'exit-code'.

Sep 11 06:38:47 hostname.tld systemd[1]: Failed to start clamd@scan.service - clamd scanner (sca>

Sep 11 06:41:17 hostname.tld systemd[1]: clamd@scan.service: Start request repeated too quickly.

Sep 11 06:41:17 hostname.tld systemd[1]: clamd@scan.service: Failed with result 'exit-code'.

Sep 11 06:41:17 hostname.tld systemd[1]: Failed to start clamd@scan.service - clamd scanner (sca>

Sep 11 06:43:46 hostname.tld systemd[1]: Starting clamd@scan.service - clamd scanner (scan) daem>

Sep 11 06:43:46 hostname.tld clamd[447805]: /usr/sbin/clamd: symbol lookup error: /lib64/libclam>

Sep 11 06:43:46 hostname.tld systemd[1]: clamd@scan.service: Control process exited, code=exited>

Sep 11 06:43:46 hostname.tld systemd[1]: clamd@scan.service: Failed with result 'exit-code'.

Sep 11 06:43:46 hostname.tld systemd[1]: Failed to start clamd@scan.service - clamd scanner (sca>

Sep 11 06:45:16 hostname.tld systemd[1]: clamd@scan.service: Scheduled restart job, restart coun>

Sep 11 06:45:16 hostname.tld systemd[1]: Starting clamd@scan.service - clamd scanner (scan) daem>

Sep 11 06:45:16 hostname.tld clamd[447846]: /usr/sbin/clamd: symbol lookup error: /lib64/libclam>

Sep 11 06:45:16 hostname.tld systemd[1]: clamd@scan.service: Control process exited, code=exited>

Sep 11 06:45:16 hostname.tld systemd[1]: clamd@scan.service: Failed with result 'exit-code'.

Sep 11 06:45:16 hostname.tld systemd[1]: Failed to start clamd@scan.service - clamd scanner (sca>

Sep 11 06:46:46 hostname.tld systemd[1]: clamd@scan.service: Scheduled restart job, restart coun>

Sep 11 06:46:46 hostname.tld systemd[1]: Starting clamd@scan.service - clamd scanner (scan) daem>

Sep 11 06:46:46 hostname.tld clamd[447905]: /usr/sbin/clamd: symbol lookup error: /lib64/libclam>

Sep 11 06:46:46 hostname.tld systemd[1]: clamd@scan.service: Control process exited, code=exited>

Sep 11 06:46:46 hostname.tld systemd[1]: clamd@scan.service: Failed with result 'exit-code'.

Sep 11 06:46:46 hostname.tld systemd[1]: Failed to start clamd@scan.service - clamd scanner (sca>

andybro1 · September 13, 2025, 3:09am

Also I am unable to run freshclam , I get this error:

 [root@zeus ~]# freshclam
freshclam: symbol lookup error: /lib64/libclamav.so.12: undefined symbol: EVP_MD_CTX_get_size_ex, version OPENSSL_3.4.0

and here are the clam log at : /var/log/clamav/clamd.log

Thu Sep 11 05:20:29 2025 -> Database correctly reloaded (8895697 signatures)
Thu Sep 11 05:20:29 2025 -> Activating the newly loaded database...
Thu Sep 11 05:30:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 05:40:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 05:50:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 06:00:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 06:10:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 06:20:30 2025 -> SelfCheck: Database status OK.
Thu Sep 11 06:30:30 2025 -> SelfCheck: Database modification detected. Forcing reload.
Thu Sep 11 06:30:30 2025 -> Reading databases from /var/lib/clamav
Thu Sep 11 06:30:36 2025 -> Database correctly reloaded (8895945 signatures)
Thu Sep 11 06:30:36 2025 -> Activating the newly loaded database...
Thu Sep 11 06:33:19 2025 -> Pid file removed.
Thu Sep 11 06:33:19 2025 -> --- Stopped at Thu Sep 11 06:33:19 2025
Thu Sep 11 06:33:19 2025 -> Socket file removed.

msaladna · September 13, 2025, 8:17am

# ldd /usr/bin/freshclam
        libclamav.so.12 => /lib64/libclamav.so.12 (0x00007f4372000000)
        ...
        libssl.so.3 => /lib64/libssl.so.3 (0x00007f1963348000)

Looks irregular from my angle.

Here’s my reference:

# rpm -q --queryformat="%{NAME} %{VERSION} %{BUILDHOST}\n" clamav-freshclam clamav 
clamav-freshclam 1.4.2 buildvm-x86-26.iad2.fedoraproject.org
clamav 1.4.2 buildvm-x86-26.iad2.fedoraproject.org

# rpm -qf /lib64/libssl.so*
openssl-devel-3.2.2-16.el10.x86_64
openssl-libs-3.2.2-16.el10.x86_64
openssl-libs-3.2.2-16.el10.x86_64

msaladna · September 13, 2025, 6:07pm

Looks to be a bad build environment on EPEL upon further research, same issue on Alma.

Until things are sorted in both build environments -

dnf downgrade -y clamav-freshclam
dnf versionlock clamav-freshclam

If it’s still failing to start, take a look at journalctl but with more context - journalctl -n100 -u clamd@scan

andybro1 · September 14, 2025, 12:22am

Thank you, the downgrade and versionlock fixes the issue. I really appreciate your help.