> which operations? I would expect same delays in case clamscan or clamd are loading virus database, although on my system this taker slightly over one minute.
Scanning. Also, my team mentioned that there was an issue in the past where ClamAV's database updates consumed a significant amount of RAM, causing the server to crash. I see in "freshclam.log" that there was already new updates and this not cause the RAM issue. So, maybe this problem is already resolved. >what do you scan and when? I'm using this command: clamdscan --fdpass / Have this whitelist: ExcludePath ^/proc ExcludePath ^/sys ExcludePath ^/run ExcludePath ^/dev ExcludePath ^/snap ExcludePath ^/var/lib ExcludePath ^/var/ossec ExcludePath ^/var/snap ExcludePath \.png$ ExcludePath \.jpeg$ ExcludePath \.bmp$ ExcludePath \.mp3$ ExcludePath \.mp4$ ExcludePath \.log$ 1. use clamd which does not reload database everytime scan is done Do you mean that I need to use clamd instead of clamdscan? 2. avoid repeated scanning of the same content How can I do this? On Wed, Dec 25, 2024 at 2:00 PM <clamav-users-requ...@lists.clamav.net> wrote: > Send clamav-users mailing list submissions to > clamav-users@lists.clamav.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.clamav.net/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > clamav-users-requ...@lists.clamav.net > > You can reach the person managing the list at > clamav-users-ow...@lists.clamav.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > When responding, please don't respond with the entire Digest. Please trim > your response. > Today's Topics: > > 1. Assistance with Optimizing ClamAV for Production Servers > (Adalfarus Theodoric) > 2. Re: Assistance with Optimizing ClamAV for Production Servers > (Matus UHLAR - fantomas) > > > > ---------- Forwarded message ---------- > From: Adalfarus Theodoric <adalfa...@gmail.com> > To: clamav-users@lists.clamav.net > Cc: > Bcc: > Date: Tue, 24 Dec 2024 14:11:14 +0200 > Subject: [clamav-users] Assistance with Optimizing ClamAV for Production > Servers > > Hello all! > > Sorry, if I used the wrong email. > > I hope this message finds you well. I’m new to using ClamAV and am > currently in the process of implementing it on our production servers. > During our testing phase, I encountered a couple of performance-related > issues that I’d like to address with your guidance. > > 1. > > *RAM Usage*: There’s a significant memory usage spike for > approximately 5 minutes during certain operations, although I’m unsure of > the root cause. > 2. > > *High CPU Usage During Scans*: I understand that ClamAV scans are > resource-intensive by design (this is the case even for enterprise AV), but > I’d like to explore ways to reduce their impact. Specifically, I’m > considering reducing scan times by excluding specific folders, though I’m > not entirely sure which folders are safe to whitelist with low risk for the > system. > > My main goal is to prepare a config of ClamAV that prioritizes performance > with low risks in undetecting threats. Could you please advise on the > following? > > - Are there existing best practices, configurations, or builds > designed specifically for optimizing ClamAV’s performance on production > servers? > - Can you recommend approaches to safely whitelist folders or files > without undermining security? > - Are there any specific configuration parameters or tools within > ClamAV that can help mitigate RAM spikes and reduce CPU usage? > > Thank you for your time and support! > > > > ---------- Forwarded message ---------- > From: Matus UHLAR - fantomas <uh...@fantomas.sk> > To: clamav-users@lists.clamav.net > Cc: > Bcc: > Date: Tue, 24 Dec 2024 15:47:26 +0100 > Subject: Re: [clamav-users] Assistance with Optimizing ClamAV for > Production Servers > On 24.12.24 14:11, Adalfarus Theodoric via clamav-users wrote: > >I hope this message finds you well. I’m new to using ClamAV and am > >currently in the process of implementing it on our production servers. > >During our testing phase, I encountered a couple of performance-related > >issues that I’d like to address with your guidance. > > > > 1. > > > > *RAM Usage*: There’s a significant memory usage spike for approximately > > 5 minutes during certain operations, although I’m unsure of the root > cause. > > which operations? I would expect same delays in case clamscan or clamd are > loading virus database, although on my system this taker slightly over one > minute. > > > 2. > > > > *High CPU Usage During Scans*: I understand that ClamAV scans are > > resource-intensive by design (this is the case even for enterprise > AV), but > > I’d like to explore ways to reduce their impact. Specifically, I’m > > considering reducing scan times by excluding specific folders, though > I’m > > not entirely sure which folders are safe to whitelist with low risk > for the > > system. > > what do you scan and when? > > >My main goal is to prepare a config of ClamAV that prioritizes performance > >with low risks in undetecting threats. Could you please advise on the > >following? > > > > - Are there existing best practices, configurations, or builds designed > > specifically for optimizing ClamAV’s performance on production servers? > > - Can you recommend approaches to safely whitelist folders or files > > without undermining security? > > - Are there any specific configuration parameters or tools within > ClamAV > > that can help mitigate RAM spikes and reduce CPU usage? > > > >Thank you for your time and support! > > the best I can think of is: > > 1. use clamd which does not reload database everytime scan is done > 2. avoid repeated scanning of the same content > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Emacs is a complicated operating system without good text editor. > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
