On Fri, 6 Sep 2019, Matus UHLAR - fantomas wrote: > Date: Fri, 6 Sep 2019 11:00:20 +0200 > From: Matus UHLAR - fantomas <uh...@fantomas.sk> > Reply-To: ClamAV users ML <clamav-users@lists.clamav.net> > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] How to boost clamav? Reloading database > results in a talking timeout? > > >>On Fri, 6 Sep 2019, Reio Remma via clamav-users wrote: > >>>I guess many of us are just running too old hardware. :) > >>> > >>>Here's a comparison between my mail server and identical config > >>>running in a VM. > >>> > >>>Sep 6 09:41:06 mail clamd[31441]: Reading databases from > >>>/var/lib/clamav > >>>Sep 6 09:44:05 mail clamd[31441]: Database correctly reloaded > >>>(10741767 ... > >>> > >>>Sep 6 09:56:43 vm clamd[2108]: Reading databases from /var/lib/clamav > >>>Sep 6 09:57:17 vm clamd[2108]: Database correctly reloaded (10742128 ... > > Fri Sep 6 08:49:08 2019 -> Reading databases from /var/lib/clamav > Fri Sep 6 08:50:18 2019 -> Database correctly reloaded (8830356 signatures) > Fri Sep 6 09:48:25 2019 -> Reading databases from /var/lib/clamav > Fri Sep 6 09:49:49 2019 -> Database correctly reloaded (8830677 signatures) > Fri Sep 6 10:47:36 2019 -> Reading databases from /var/lib/clamav > Fri Sep 6 10:48:53 2019 -> Database correctly reloaded (8830954 signatures) > > average ~1:20 on X3440 CPU (10 years old).
I notice that the above clamd configuration is reloading the clamav databases every hour, but thats not how its supposed to work. My configuration only attempts a reload when actually new .cvd updates are received : from freshclam.log : -------------------------------------- ClamAV update process started at Sun Sep 1 10:07:00 2019 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cld is up to date (version: 25558, sigs: 1744125, f-level: 63, builder: raynman) bytecode.cvd is up to date (version: 330, sigs: 94, f-level: 63, builder: neo) -------------------------------------- ClamAV update process started at Sun Sep 1 11:07:00 2019 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily-25559.cdiff [100%] daily.cld updated (version: 25559, sigs: 1745720, f-level: 63, builder: raynman) Can't query daily.25559.105.1.0.6810DA54.ping.clamav.net bytecode.cvd is up to date (version: 330, sigs: 94, f-level: 63, builder: neo) Database updated (6312063 signatures) from db.nl.clamav.net (IP: 104.16.218.84) Clamd successfully notified about the update. -------------------------------------- ClamAV update process started at Sun Sep 1 12:07:00 2019 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cld is up to date (version: 25559, sigs: 1745720, f-level: 63, builder: raynman) bytecode.cvd is up to date (version: 330, sigs: 94, f-level: 63, builder: neo) -------------------------------------- At 11:07 the ClamAV update process (run hourly with 7 * * * * /usr/bin/freshclam --quiet) is started which actually has new updates : daily-25559.cdiff. Next freshclam notifies clamd : "Clamd successfully notified about the update." clamd.log from the same time period shows this : Sun Sep 1 09:56:55 2019 -> SelfCheck: Database status OK. Sun Sep 1 10:15:01 2019 -> SelfCheck: Database status OK. Sun Sep 1 10:33:03 2019 -> SelfCheck: Database status OK. Sun Sep 1 10:43:04 2019 -> SelfCheck: Database status OK. Sun Sep 1 10:58:44 2019 -> SelfCheck: Database status OK. Sun Sep 1 11:08:54 2019 -> SelfCheck: Database modification detected. Forcing reload. Sun Sep 1 11:08:55 2019 -> Reading databases from /var/lib/clamav Sun Sep 1 11:11:01 2019 -> Database correctly reloaded (6301816 signatures) Sun Sep 1 11:11:02 2019 -> Reading databases from /var/lib/clamav Sun Sep 1 11:13:07 2019 -> Database correctly reloaded (6301816 signatures) Sun Sep 1 11:23:07 2019 -> SelfCheck: Database status OK. Sun Sep 1 11:33:08 2019 -> SelfCheck: Database status OK. Sun Sep 1 11:46:32 2019 -> SelfCheck: Database status OK. Sun Sep 1 11:56:32 2019 -> SelfCheck: Database status OK. Sun Sep 1 12:10:41 2019 -> SelfCheck: Database status OK. So only when in fact real updates come through with freshclam, clamd, running its own check cycle of 10 to 15 minutes, will do the two minute long reload. > > >On 06/09/2019 11:31, G.W. Haywood wrote: > >>That's very useful, thanks. Can you compare the costs of running > >>them for us? > > On 06.09.19 11:54, Reio Remma via clamav-users wrote: > >I suspect the i9-9900 is cheaper to actually run than the old > >whichever Core is in the mail server. :D > > I think that virtual/cloud server has to be cheaper than power usage of the > existing server (plus housing, if you pay for that one). > Why everyone needs two minutes for this task, independent from which hardware is used, is a puzzle to me. Anyone who has the clamd .cvd files loaded on a fast SSD storage ? -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
