Hi there,
On Mon, 14 Sep 2020, Per Jessen wrote:
G.W. Haywood via clamav-users wrote:
On Sun, 13 Sep 2020, bobby via clamav-users wrote:
I noticed on my CentOS 8 machine, there are two different services
listed: clamd@multi-user.service and system-clamd.slice. I don't
have enough memory to run the first one, but only the second one
(192M). Is clamd really running? What is the difference between
these two services? I only have 2 GB of memory. Is there any way to
run clamd? I get this error when I try to run it ...
You *might* *just* *possibly* be able to run clamd on a system with
only 2G of RAM
It _can_ be done, using cgroups to restrict the amount of memory used,
but it'll be doing a bit of swapping.
For email processing, we run clamd on virtual machines with slightly
less than 3Gb memory, of which clamd takes up 1Gb.
You and I run clamd on dedicated machines for scanning mail. The OP
will probably want to run a browser as well. :/ A browser can use a
gigabyte or more, so if you want to do everything on the same 2GB box
then something will have to give. Setting /proc/_pid_/oom_score_adj
to a large negative value might prevent the OOM killer from reaping a
clamd but you need to be careful; once upon a time I managed to get it
to kill rpc.mountd instead, the consequences of which were unpleasant.
The memory footprint in routine operation of course depends to some
extent on the size of signature databases in use. For recent versions
of ClamAV it may double during reloads unless the administrator takes
steps to prevent that. To scan mail we run a standalone clamd server
with 4GB RAM. The couple of dozen third-party signature databases we
use boost clamd's memory consumption up to about 1.3GB during normal
operation and twice that on reloads. Given that the size of signature
databases seems to be continually (albeit fitfully) increasing, it may
not be long before clamd needs 3GB just to reload the database without
either driving the box into swap or pausing the scans. If databases
get a lot bigger, then it isn't beyond question that you won't even be
able to run clamd with your chosen collection under 32-bit Linux.
I don't know what the performance impact on scanning will be like if
reloading does drive the system into swap, and wouldn't want to guess.
It seems pointless speculating since memory is so cheap. Our main
clamd server is a Raspberry Pi 4B, its cost with 4G RAM about 50USD.
You can get one with 8GB for 75USD (and I think they might have sorted
out the USB issues now too, when I have the time for it we'll get one
to see how it behaves. :)
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
