ClamAV 0.105.0 service deployed as a Docker container on AWS ECS seem to stop abruptly on startup

Question

We have deployed ClamAV as an AWS ECS service using image Uri docker.io/clamav/clamav:latest.

However, the clamav service is not starting properly.

The file /var/log/clamav/clamd.log shows the lines:

Tue May 10 20:14:28 2022 -> +++ Started at Tue May 10 20:14:28 2022
Tue May 10 20:14:28 2022 -> Received 0 file descriptor(s) from systemd.
Tue May 10 20:14:28 2022 -> clamd daemon 0.105.0 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Tue May 10 20:14:28 2022 -> Log file size limited to 1048576 bytes.
Tue May 10 20:14:28 2022 -> Reading databases from /var/lib/clamav
Tue May 10 20:14:28 2022 -> Not loading PUA signatures.
Tue May 10 20:14:28 2022 -> Bytecode: Security mode set to "TrustSigned".
Tue May 10 20:14:45 2022 -> Loaded 8615352 signatures.
Tue May 10 20:14:49 2022 -> TCP: Bound to []:3310
Tue May 10 20:14:49 2022 -> TCP: Setting connection queue length to 200
Tue May 10 20:14:49 2022 -> LOCAL: Unix socket file /run/clamav/clamd.sock
Tue May 10 20:14:49 2022 -> LOCAL: Setting connection queue length to 200
Tue May 10 20:14:49 2022 -> Limits: Global time limit set to 120000 milliseconds.
Tue May 10 20:14:49 2022 -> Limits: Global size limit set to 419430400 bytes.
Tue May 10 20:14:49 2022 -> Limits: File size limit set to 104857600 bytes.
Tue May 10 20:14:49 2022 -> Limits: Recursion level limit set to 17.
Tue May 10 20:14:49 2022 -> Limits: Files limit set to 10000.
Tue May 10 20:14:49 2022 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue May 10 20:14:49 2022 -> Limits: MaxPartitions limit set to 50.
Tue May 10 20:14:49 2022 -> Limits: MaxIconsPE limit set to 100.
Tue May 10 20:14:49 2022 -> Limits: MaxRecHWP3 limit set to 16.
Tue May 10 20:14:49 2022 -> Limits: PCREMatchLimit limit set to 100000.
Tue May 10 20:14:49 2022 -> Limits: PCRERecMatchLimit limit set to 2000.
Tue May 10 20:14:49 2022 -> Limits: PCREMaxFileSize limit set to 104857600.
Tue May 10 20:14:49 2022 -> Archive support enabled.
Tue May 10 20:14:49 2022 -> AlertExceedsMax heuristic detection disabled.
Tue May 10 20:14:49 2022 -> Heuristic alerts enabled.
Tue May 10 20:14:49 2022 -> Portable Executable support enabled.
Tue May 10 20:14:49 2022 -> ELF support enabled.
Tue May 10 20:14:49 2022 -> Mail files support enabled.
Tue May 10 20:14:49 2022 -> OLE2 support enabled.
Tue May 10 20:14:49 2022 -> PDF support enabled.
Tue May 10 20:14:49 2022 -> SWF support enabled.                
Tue May 10 20:14:49 2022 -> HTML support enabled.               
Tue May 10 20:14:49 2022 -> XMLDOCS support enabled.   
Tue May 10 20:14:49 2022 -> HWP3 support enabled.      
Tue May 10 20:14:49 2022 -> Self checking every 600 seconds.
Tue May 10 20:14:49 2022 -> Set stacksize to 1048576        
Tue May 10 20:14:59 2022 -> Reading databases from /var/lib/clamav

The only way to recover is to manually start the service by executing the clamd command from the container. We did try using an image from http://docker.io/mkodockx/docker-clamav and that seemed to start properly. I need help understanding why the clamav service seems to hang after the container starts. Are there any other logs that will help understand the issue?

Regards,

John

Answer 1

Thanks. We resolved the issue by increasing the memory in the AWS::ECS::TaskDefinition present in the Cloudformation from 2GB to 3GB