Setting the 'TestDatabases' option to false in freshclam.conf will prevent freshclam from loading the database file into memory before replacing the actual CVDs that clamd will use. The potential downside with this is that if a CVD ends up having load issues for some reason (which shouldn't happen given the testing we do on our end) clamd won't load in any signatures from that CVD. With the TestDatabases option enabled, there can be issues on memory constrained systems since clamd will have a copy of the CVDs loaded into memory and then freshclam will load another copy into memory at the same time, but the benefit is that if a new CVD does have issues loading for some reasons then it won't replace the previous set of CVDs that clamd has been able to load successfully.
-Andrew Andrew Williams Malware Research Team Cisco Talos On Fri, Mar 5, 2021 at 1:53 PM Mark Pizzolato - Clamav-Win32 via clamav-users <clamav-users@lists.clamav.net> wrote: > I've never seen any problem with freshclam's memory footprint. > > On my Windows box, freshclam runs taking up all of 2.6MB. > > Clamd, on the other hand sucks down 1.4GB. > > There is no need to run clamd for the situation you are dealing with. > > On Friday, March 5, 2021 at 10:45 AM, Joel Esler wrote: > > My current suggestion is setup Freshclam to do the initial update. > > > > Directly downloading the raw cld files is no longer scalable. > > > > > On Mar 5, 2021, at 1:29 PM, Ritch Parker <ri...@mixxum.com> wrote: > > > > > > I originally tried to setup Freshclam but found that, like the scan, it > > consumes a large amount of memory. I have an instance large enough to > run > > the scans, but it is on an internal subnet without external access… but > > downloading files takes almost no memory, so to save some cost I just > setup > > a small instance on the public subnet to download the daily file… doing > a once > > every four hour check, then move the file to the larger instance. Was > going > > to update further to do a head request, but then it stopped working :( > > ...Really was just looking for an update solution that could be run with > a very > > small amount of memory and resources and this seemed to be the best fit. > > > > > > > > >> On Mar 5, 2021, at 10:20 AM, Joel Esler (jesler) via clamav-users > <clamav- > > us...@lists.clamav.net> wrote: > > >> > > >> Are you using Freshclam to download the updates? > > >> > > >>> On Mar 5, 2021, at 12:58 PM, Ritch Parker <ri...@mixxum.com> wrote: > > >>> > > >>> Hello, > > >>> > > >>> Yesterday, for some reason, all my AWS VMs receive a 403 Forbidden > > response from clamav when attempting to pull the latest cvd files. I’ve > tried > > from two different instances, from a lambda, and then from my local > > machine. All result in the same response: > > >>> > > >>> $ wget http://database.clamav.net/daily.cvd > > >>> --2021-03-05 09:47:46-- http://database.clamav.net/daily.cvd > > >>> Resolving database.clamav.net (database.clamav.net)... > > >>> 104.16.218.84, 104.16.219.84 Connecting to database.clamav.net > > (database.clamav.net)|104.16.218.84|:80... connected. > > >>> HTTP request sent, awaiting response... 403 Forbidden > > >>> 2021-03-05 09:47:48 ERROR 403: Forbidden. > > >>> > > >>> Not sure how I can resolve this. Is this temporary? I been > checking once > > every 4 hours and no change. > > >>> > > >>> Thanks > > >>> > > >>> _______________________________________________ > > >>> > > >>> clamav-users mailing list > > >>> clamav-users@lists.clamav.net > > >>> https://lists.clamav.net/mailman/listinfo/clamav-users > > >>> > > >>> > > >>> Help us build a comprehensive ClamAV guide: > > >>> https://github.com/vrtadmin/clamav-faq > > >>> > > >>> http://www.clamav.net/contact.html#ml > > >> > > >> > > >> _______________________________________________ > > >> > > >> clamav-users mailing list > > >> clamav-users@lists.clamav.net > > >> https://lists.clamav.net/mailman/listinfo/clamav-users > > >> > > >> > > >> Help us build a comprehensive ClamAV guide: > > >> https://github.com/vrtadmin/clamav-faq > > >> > > >> http://www.clamav.net/contact.html#ml > > > > > > > > > _______________________________________________ > > > > clamav-users mailing list > > clamav-users@lists.clamav.net > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
