Jonathan, Thanks for reaching out. We recommend you use all of the Clam AV signatures as such we don't have a smaller version to provide. I spoke with some of the team and the two suggestions recommended that may help youare:
In freshclam.conf, you can set "TestDatabases no" to prevent freshclam from load-testing the updated databases. In clamd.conf, you can set "ConcurrentDatabaseReload no" to force clamd to unload the old databases before loading a new one, so it doesn't have both in memory at the same time. Please let us know if these option help you. Thanks, Brendan ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Jonathan Lee via clamav-users <clamav-users@lists.clamav.net> Sent: Saturday, January 6, 2024 2:56 AM To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> Cc: Jonathan Lee <jonathanlee...@gmail.com> Subject: [clamav-users] ClamAV database and memory comsumption Hello clamAV community, I wanted to email to ask about a custom database option for users that have memory restrictions, I have a max of 4GB and the database of signatures on top of running snort, squid, squidguard, openVPN, WiFi mini pcie, an AP, wpad, custom LEDs that change by way of state checking, watchdog, dns over tls, unbound, authenticated ntp, syslog viewer for external AP with NAS and wireless printer, dhcp server with options enabled for proxy, static MAC addresses, layer 2 ethernet filtering with 2 broadcast domains, autobackup, boot environments, AppID with full database of text rule signatures, Snort subscriber ruleset, backup files, full firewall ACLs guest network and secure network, ssd trimming cron jobs, custom patches it all takes about 25-55 percent of memory, under a load 60 percent, if I enable clamAV it goes to 96 percent and snort crashes and icap crashes. Long story short is there a smaller set of signatures? With snorts appid enabled I can’t run clamAV without it running out of Memory. It took over 4 years of config changes custom options patches with the open source community to get it to work this good, it blocks shows the red https test url screen, it blocks my urls I want blocked. I thought maybe there is a smaller set of definitions to use with a custom approved mirror?? Thanks Jonathan Lee _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
