Another option is to use a centralized scanning server. We've done that for our hosts. That central host has lots of memory and cores and the individual systems don't need nearly as much resources. https://www.libellux.com/clamav/<https://www.libellux.com/clamav/#prerequisites> has some notes about this.
Jon Schewe Principal Software Systems Technologist C: +1 612.263.2718 O: +1 952.545.5720 jon.sch...@rtx.com<mailto:jon.sch...@rtx.com> RTX BBN Technologies 5775 Wayzata Blvd. Suite 630 St. Louis Park, MN 55416 ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Andrew C Aitchison via clamav-users <clamav-users@lists.clamav.net> Sent: Tuesday, June 18, 2024 1:37 AM To: Mikhail Soumar via clamav-users <clamav-users@lists.clamav.net> Cc: Andrew C Aitchison <cla...@aitchison.me.uk> Subject: [External] Re: [clamav-users] Question on ClamAV memory usage with respect to the signature database On Tue, 18 Jun 2024, Mikhail Soumar via clamav-users wrote: > We are a team from Microsoft Azure running ClamAV on small Linux > VMs, and due to business and cost reasons we cannot use larger > VMs. Peak memory usage of ClamAV is between 1.2GB and 1.5GB, which > is unsustainable on our VMs, and we are looking for ways to reduce > this. There are some tips to reduce memory usage in the Docker > section of the documentation (Docker - ClamAV > Documentation<https://urldefense.com/v3/__https://docs.clamav.net/manual/Installing/Docker.html*memory-ram-requirements__;Iw!!MvWE!GGcYKjlXs5_7sgZFQQ_R2x34KYiuNb-IuNvT5lpY14HStd-gWDGefpV5PD3IYP9qx7LGgkVo6tsNrnJHGyK2symMZM4$ > >) > although if I understand correctly the 1.2GB load is unavoidable > even with the suggestions listed on this page. > > We have been told that one possibility is to remove all virus > signatures that are Windows-specific, which would reduce the memory > footprint to about 300 MB. Elsewhere on the ClamAV FAQ I see a few > different ways to add signatures to the database but none about > taking a subset. Would this be something you support or recommend > for our use case? If not, are there alternatives we can consider to > reduce the memory footprint of ClamAV well below 1.2GB? ClamAV has never caught a Linux virus for me, so I don't know whether it makes sense to run ClamAV without the Windows data. Do you have the resources to curate a custom database, bearing in mind that the standard dbs are updated daily ? (freshclam and cvdupdate do work with the cdiff incremental updates, so at least you would not have to remove the same signatures from the database every day.) I don't know how viable this is, but you do not have to run the ClamAV daemon on every VM; you can use a remote daemon and pass files to be scanned with clamdscan. This would also save you more than 10 seconds at startup. How much memory does Microsoft Defender use on Linux ? -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://urldefense.com/v3/__https://lists.clamav.net/mailman/listinfo/clamav-users__;!!MvWE!GGcYKjlXs5_7sgZFQQ_R2x34KYiuNb-IuNvT5lpY14HStd-gWDGefpV5PD3IYP9qx7LGgkVo6tsNrnJHGyK202w9q94$ Help us build a comprehensive ClamAV guide: https://urldefense.com/v3/__https://github.com/Cisco-Talos/clamav-documentation__;!!MvWE!GGcYKjlXs5_7sgZFQQ_R2x34KYiuNb-IuNvT5lpY14HStd-gWDGefpV5PD3IYP9qx7LGgkVo6tsNrnJHGyK2zWGEVjg$ https://urldefense.com/v3/__https://docs.clamav.net/*mailing-lists-and-chat__;Iw!!MvWE!GGcYKjlXs5_7sgZFQQ_R2x34KYiuNb-IuNvT5lpY14HStd-gWDGefpV5PD3IYP9qx7LGgkVo6tsNrnJHGyK2eTrWKAI$
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
