Hi all, I have some problem with ClamAV for some months now and would like to get some attention on a question I already asked on superuser.com[1] and ask some additional ones to try to better understand the problem.
In the end, my problem breaks down to the fact that ClamAV startup or reload because of new signatures takes different time and CPU load on the same physical host, but in different VMs. The VMs are Ubuntu 14.04 and 16.04 LTS Servers and in only one of those I have the problem, while the version of ClamAV is all the same 0.99.2 and all use the same version b2f0b9ba2019d6293c0fefe142d7265592842157 of unofficial sigs with the the same sigs. In all but one VMs startup/reload is pretty fast and takes less than a minute always, in the one exception it never takes less than a minute, but instead 2-5 or in very bad cases it even takes 7-10 minutes. Additionally, in those very bad cases an enormous load is created in the VM with very high CPU load on all cores and everything is pretty slow. Even a simple SSH connection and using "mc" in the terminal with the cursor keys. In htop it looks like all actively running processes accumulate, regardless how CPU intensive they really are "normally". In those cases I have a lot of context switches in the physical host, ~500'000, far less in the VM, ~10'000, and practically no I/O in the VM or host. So here are my questions: 1. Does clamd scan memory during startup and/or restart?[1] The problem seems to occur less with less committed memory in the VM. 2. If memory is scanned, which? Does that depend on the user ClamAV is running or the users other services are running under? I couldn't reproduce the problem with only e.g. cached file content or large open logs as root. 3. Does ClamAV use more than one CPU core during startup/reload? Because if my problem occurs, htop shows a load of more than 100% for the ClamAV process, sometimes up to 500. 4. Is there any situation in which more CPU cores are known to lower performance of startup/reload? 5. What should be most likely the bottleneck during startup/reload, available time on one CPU core or I/O to read sigs? I don't seem to have any reasonable I/O when the high CPU load occurs. 6. Are there any "benchmarks" available how long startup/reload takes on other CPUs, so I could compare my times? Thanks for your answers! [1]: https://superuser.com/questions/1208220/does-clamd-scan-memory-during-startup-and-or-restart Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...........05151- 9468- 55 Fax...............05151- 9468- 88 Mobil..............0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
