my question is in the subject line, but my goal is to reduce the memory
footprint of clamd. it current takes over 350MB and that's a bit too much.
so, i'm wondering how I can narrow down the signature database to reduce
this memory footprint. specifically, i only care about malware that is
relevan
Daniel,
You might want to look at these two SELinux booleans:
antivirus_can_scan_system
antivirus_use_jit
You can use 'getsebool':
$ getsebool antivirus_can_scan_system
antivirus_can_scan_system --> on
And you can use 'setsebool' to toggle the boolean setting.
Additionally, see man page for c
Is SELinux enabled on that system? If so, I would look to see if SELinux
is blocking.
On 05/04/2016 09:29 AM, Mikko Caldara wrote:
Hello,
I'm trying to configure OnAccess scanning on the whole drive, as read in this
post blog:
http://blog.clamav.net/2016/03/configuring-on-access-scanning-in-c
Mikko,
I suspected as much based on your description.
Use 'ps -efZ | grep clamd' to find out how the clamd process is running.
Check it when you run manually, and check it again when started by
systemd. I suspect you will find a difference. Once you know the
difference, then you can adjust the SE
Remi,
This is just a guess in the dark, but I've often encountered issues like
that (service doesn't work started from systemd, yet works started from
commandline) as a result of some SELinux AVC. Do you have SELinux
enabled? And if so, does your test yield the desired result if you
disable/m
I have to agree on the memory requirements for clamd being high. I
wonder if it would make sense to store the data set of signatures in a
tiered hierarchy, with some of the less used data being on disk until
there's a hit? i don't know enough about the internals and scanning
algorithm used in c
