Hi > What kinds of threats do you care about? If for example you're not > expecting your Linux boxes to be attacked by Windows malware you could > reduce the size of the ClamAV databases very significantly which might > improve scanning performance.
Sorry could you point me in the right direction for how to do this? good hasn't helped me so far? thanks Tim -----Original Message----- From: Tim Stubbs <tim.stu...@telrock.com> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net> To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] OnAccess renders system unusable in ~24h Date: Tue, 24 Sep 2019 15:12:16 +0000 Hi, thanks for the quick response. We have been asked to run Realtime scans as part of our PCI requirement, otherwise I would agree with you 100%. that wasn't the best worst, example i had a VM this morning 56 49 47, which went back to 1 when I stopped clamd. I do however have other VMs where (with the same config) I've never had an issue. thanks for that, yes we are a linux house, ill try reducing the DB & I will reduce the paths and test that. failing that I will take a look at v102 thank you, I'll update with my findings. Tim -----Original Message----- From: G.W. Haywood via clamav-users < clamav-users@lists.clamav.net > Reply-To: ClamAV users ML < clamav-users@lists.clamav.net > To: ClamAV users ML < clamav-users@lists.clamav.net > Cc: G.W. Haywood < cla...@jubileegroup.co.uk > Subject: Re: [clamav-users] OnAccess renders system unusable in ~24h Date: Tue, 24 Sep 2019 15:39:22 +0100 Hi there, On Tue, 24 Sep 2019, Tim Stubbs wrote: > I am running clamd with OnAccess enabled, however its causing the > load > on the systems to make them almost unusable within about 24hours. This may be true, but I'd want to know that the suspicion is justified (and front and centre I personally think scanning most Linux boxes with ClamAV is a waste of CPU). > as you can see sys is at 98% ... No, I see CPU 27% idle and three clamd processes doing nothing. But I do see a load average of around seven. On my dual CPU 2.7GHz Opterons I routinely see an average of that sort of figure when they do backups for a bunch of other machines, and Nagios will whine about it when it gets over 8, but I don't usually worry about it until it gets into the double digits. > it seem clamd is stopping other > applications from processing somehow. cannot find anything in the > logs. > not sure what debugging would be helpful? any advice would be helpful > here? My immediate reaction is - if the suspicion is found to be justified - that you should try to reduce, initially to a bare minimum, the amount of work which you're asking the machine to do. > OnAccessIncludePath = "/home", "/root", "/etc", "/sftp", "/boot", \ > "/opt", "/media", "/mnt" For example you could remove most of the directories from this list to see if it helps. There are other things you might try, like limiting the number of threads. But again, I don't see anything in your 'top' output which tells me that clamd is heavily loading your machine. What kinds of threats do you care about? If for example you're not expecting your Linux boxes to be attacked by Windows malware you could reduce the size of the ClamAV databases very significantly which might improve scanning performance. ClamaV version 0.102 has just been released as a candidate for testing and I've been running it for some time before the RC was released. It contains some significant improvements for on-access scanning and, if you do intend to persevere with on-access scanning, I'd recommend that you install the latest version from the source. -- Thank you, Tim [Winner of the 2018 Consumer Credit Awards] _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml -- Thank you, Tim [Winner of the 2018 Consumer Credit Awards] _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
