On Sun, Jul 08, 2012 at 04:40:31PM -0500, Dave Funk wrote: > >On 07/08/2012 12:49 PM, David Kentwood wrote: > >>Hi, > >> > >>I want to setup spamassassin + clamav + postfix. Many internet guides use > >>Amavisd to integrate them together. However, my vps has only 516mb ram so I > >>don't want to install Amavisd unless it's really recommended. So would the > >>setup work well without using Amavisd? Would you recommend using Amavisd? > >> > > One thing to keep in mind are the various factors that influence > memory usage in spamassassin & clamav (and by how much). > > For example (on a SLES-11 x86_64 box) clamd with just the stock ClamAV > rules has a RSS of 155MB, with a number of 3'rd party add in rulesets > (EG Sanesecurity, SecureiteInfo, etc) its RSS is over 500MB. > However the Clam + added rulesets has a hit rate that is 50x~100x higher > than just stock ClamAv rules
I just ditch main.cld which seems pointless, I think it saved something like 40-50MB. If there are actually ever any new "viruses", daily.cld should catch them. With this and most 3rd party sigs, clamd is only 80MB RSS. > spamd's memory size is influenced by added rules and by scanned > message size. As spamd keeps in memory multiple copies of a message > (the raw form, the parsed 'full' form, the "cleaned" normalized > form, etc) its memory > usage grows nonlinearly with message size. EG if you restrict spamd > to only scanning small (< 64KB) messages it might be no more than > 100MB RSS but when you feed it larger messages (say 350KB) it can > easily hit 150MB RSS per instance. I've never seen my amavisd RSS over 100MB (512k msg size). On a 64-bit box it can be something like 1.5x more since Perl likes to spend a whole lot more memory there. But not something to worry usually on a VPS. > So if you limit scanned message size you use less memory but then bloated > spams will slip thru. They won't if you use amavisd. It just truncates messages to the limit and scans that. :-) > Depending upon your mail flow rate you may want to keep multiple > spamd children around. Each child uses up memory but multiple > children help thruput during bursts of incoming messages. You can easily run many children since amavisd or spamd forks are copy-on-writed pretty well. So only extra memory used is the per scan state and file data etc.
