Anyone else having to disable ClamAV to prevent some out of memory condition from occurring every morning at 3AM?
After alot of swapping it usually works itself out after a few hours, but sometimes not requiring manual power cycle
Been occurring for about 6 months so Ive been turning it off
No real changes other than always installing latest release
I have 4GB RAM and 60% utilization prior to the condition
Welcome to the IPFire community.
I don’t use clamav on IPFire itself, however I do keep an eye out on the clamav mailing list. People there have sometimes had memory problems because a new main database update occurs and clamav now installs the new main database while the old one is still running so that scanning can still occur while the new database is checked to ensure it has been downloaded okay. This double download and install into memory requires twice the amount of memory that is usually used and on the clamav mailing list they reckon you need a min 4GB memory but if you are also running IPS on your IPFire then you might be consuming more than 4GB memory.
What messages do you see in the clamav log and in the IPFire messages log for the time period in question?
In the recent clamav versions a new option was added to prevent concurrent database reloads. This does mean that scanning is not occurring during the database download period but significantly reduces the memory requirements.
searching man clamd.conf (carefully as some online man pages are older and don’t have this option listed) gives the following option command
Enable non-blocking (multi-threaded/concurrent) database reloads. This feature will temporarily load a second scanning engine while scanning continues using the first engine. Once loaded, the new engine takes over. The old engine is removed as soon as all scans using the old engine have completed. This feature requires more RAM, so this option is provided in case users are willing to block scans during reload in exchange for lower RAM requirements. Default: yes
You would need to add
ConcurrentDatabaseReload no into your clamd.conf file. Maybe this will help.
Thanks Ill try turning it back on (with that option off in config) and see what happens
Edit: Added to /etc/squidclamav.conf, does not appear to be any clamd.conf that I could find
It won’t work in squidclamav.conf that is a helper program for communication between the web proxy, squid, and clamav. In fact it will probably cause a problem as the option won’t be recognised by squidclamav.
The clamd and freshclam conf files are in
Aha fixed that, should know by tomorrow if this does the trick for memory issue, will report back either way, thanks!
Following up to confirm this is indeed a good fix for my issue.
I can understand why one might not want this to be a default setting, but maybe there could be at least add some kind of web interface option to set it in future builds?
There is no web interface for clamav. If someone who uses clamav is willing to create a web interface they are welcome to do so and submit a patch for it to IPFire. There are detsils in the wiki in the Development section about adding/modifying addons and submitting patches.
What i will do is add a section into the clamav wiki about this option if you are memory constrained and can’t add extra memory to your system.