Hi! While doing a few random tests with the OnAccess scanner, I'm
finding huge CPU usage and slowness. This are VMs based on RHEL9, using
Clamav 1.0.7, with two or more vCPUs.
Running 'dd' to create 25 file of 10Mb each, first run using urandom,
second run using zero, I got the below results.
The clamd process is using a single core at full cpu usage. I also tried
using --fdpass, but it didn't help.
Q: Is this supposed to happen? Anything I can fine-tune to improve the
speed? Why there are such differences with/without AV?
Thanks for any comments.
/dev/urandom test:
CMD1: time -p for i in {0..25}; do dd if=/dev/urandom of=rnd.file.$i
bs=10M count=1 oflag=dsync > /dev/null 2>&1;done
CMD2: time -p for i in {0..25} ; do cat rnd.file.$i > /dev/null; done
AV ON:
DD 1.1 [CMD1]
CAT: 76.5 [CMD2]
AV OFF:
DD 1.1 [CMD1]
CAT: 0.4 [CMD2]
/dev/zero test"
CMD1: time -p for i in {0..25}; do dd if=/dev/zero of=rnd.file.$i bs=10M
count=1 oflag=dsync > /dev/null 2>&1;done
CMD2: time -p for i in {0..25} ; do cat rnd.file.$i > /dev/null; done
AV ON:
DD: 2.8 [CMD1]
CAT: 52.8 [CMD2]
AV OFF:
DD: 0.5 [CMD1]
CAT: 0.2 [CMD2]
$ clamconf -n
Checking configuration files in /etc
Config file: clamd.d/scan.conf
------------------------------
LogSyslog = "yes"
LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketGroup = "virusgroup"
LocalSocketMode = "660"
MaxThreads = "20"
ExitOnOOM = "yes"
User = "clamscan"
OnAccessIncludePath = "/opt"
OnAccessExcludeUname = "clamscan"
OnAccessMaxFileSize = "52428800"
OnAccessPrevention = "yes"
OnAccessMaxThreads = "50"
freshclam.conf not found
mail/clamav-milter.conf not found
Software settings
-----------------
Version: 1.0.7
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2
ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav
daily.cvd: version 27423, sigs: 2067201, built on Thu Oct 10 10:56:03 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 16:37:24 2024
Total number of signatures: 8714714
Platform information
--------------------
uname: Linux 5.14.0-427.37.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Sep
25 11:51:41 UTC 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a21a7a708000000020b0401
Build information
-----------------
GNU C: 11.4.1 20231218 (Red Hat 11.4.1-3) (11.4.1)
sizeof(void*) = 8
Engine flevel: 167, dconf: 167
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
